Trojaner-Board - Trojaner oder ............????

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Trojaner oder ............???? (https://www.trojaner-board.de/126035-trojaner.html)

Trojaner oder ............????

hallo mitteinander

bin nun ganz neu bei euch und habe gleich ein problem .

da ich ein totaler laie bin redet bitte verständlich , habe keine ahnung von computer sprache .

habe gestern ein update von java gemacht und nun habe ich diese probleme .

- wenn ich seiten aufmache wird sie nach ca. 5-10s grau und ich kann nichts bedienen .

- nun habe ich auch noch unten rechts so ein blödes zeichen drauf wo innen die zahl 1 aufleichtet .

bitte helft mir , bin am verzweifeln , da ich über 10.000 fotos und viele daten drauf habe die ich brauche .

vielen dan im vorraus

mfg manfred

hi
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg
Textbox.

Code:

activex

netsvcs

msconfig

%SYSTEMDRIVE%\*.

%PROGRAMFILES%\*.exe

%LOCALAPPDATA%\*.exe

%systemroot%\*. /mp /s

C:\Windows\system32\*.tsp

/md5start

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

explorer.exe

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\*.dll /lockedfiles

%USERPROFILE%\*.*

%USERPROFILE%\Local Settings\Temp\*.exe

%USERPROFILE%\Local Settings\Temp\*.dll

%USERPROFILE%\Application Data\*.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

danke für deine schnelle antwort .

aber leider wenig verstanden

-Kopiere nun den Inhalt in die
Textbox. -------------was ist das ???????

-Klicke nun bitte auf den Quick Scan Button.------------wo ist das ?????????

sorry , aber ich bin wirklich laie . sorry

OTL Logfile:

Code:

OTL logfile created on: 23.10.2012 23:33:10 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\manfred\Desktop

 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,93 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 49,33% Memory free

5,85 Gb Paging File | 3,84 Gb Available in Paging File | 65,63% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 297,99 Gb Total Space | 222,71 Gb Free Space | 74,74% Space Free | Partition Type: NTFS

Drive F: | 24,63 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: MANFRED-LAPTOP | User Name: manfred | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\manfred\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - C:\Programme\Globe Broadband\Globe Broadband.exe ()

PRC - C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)

PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)

PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)

PRC - C:\Programme\PC Connectivity Solution\Transports\NclToBTSrv.exe (Nokia)

PRC - C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)

PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)

PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)

PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.)

PRC - C:\Programme\USB Disk Security\USBGuard.exe (Zbshareware Lab)

PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.)

PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)

PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)

PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)

PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)

PRC - C:\Programme\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)

PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)

PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\libcef.dll ()

MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.WinForms.dll ()

MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll ()

MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()

MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()

MOD - C:\Programme\Globe Broadband\Globe Broadband.exe ()

MOD - C:\Programme\Nokia\Nokia Suite\ssoengine.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\securestorage.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\qjson.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QxtCore.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QxtWeb.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\NService.dll ()

MOD - C:\Windows\System32\IccLibDll.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\phonon4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtXmlPatterns4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtXml4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtWebKit4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtSql4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtScript4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtOpenGL4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtNetwork4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtMultimediaKit1.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtGui4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtDeclarative4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtCore4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qjpeg4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qico4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qgif4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\OviShareLib.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\Maps Service API.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\CommonUpdateChecker.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\mediaservice\dsengine.dll ()

MOD - C:\Programme\Yahoo!\Messenger\yui.dll ()

MOD - C:\Programme\WinRAR\RarExt.dll ()

MOD - C:\Programme\Globe Broadband\NDISAPI.dll ()

MOD - C:\Programme\Globe Broadband\DeviceMgrUIPlugin.dll ()

MOD - C:\Programme\Globe Broadband\DeviceMgrPlugin.dll ()

MOD - C:\Programme\Globe Broadband\atcomm.dll ()

MOD - C:\Programme\Globe Broadband\SMSPlugin.dll ()

MOD - C:\Programme\Globe Broadband\DetectDev.dll ()

MOD - C:\Programme\Globe Broadband\LocaleMgrPlugin.dll ()

MOD - C:\Programme\Globe Broadband\FileManager.dll ()

MOD - C:\Programme\Globe Broadband\DialUpPlugin.dll ()

MOD - C:\Programme\Globe Broadband\CallPlugin.dll ()

MOD - C:\Programme\Globe Broadband\XCodec.dll ()

MOD - C:\Programme\Globe Broadband\DeviceOperate.dll ()

MOD - C:\Programme\Globe Broadband\ConfigFilePlugin.dll ()

MOD - C:\Programme\Globe Broadband\NotifyServicePlugin.dll ()

MOD - C:\Programme\Globe Broadband\isaputrace.dll ()

MOD - C:\Programme\Globe Broadband\NetInfoPlugin.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7f457271e765b5d72f081942b829469c\System.Data.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll ()

MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)

SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (YahooAUService) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)

DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)

DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)

DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)

DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)

DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)

DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)

DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)

DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)

DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)

DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)

DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)

DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)

DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)

DRV - (L1C) -- C:\Windows\System32\drivers\L1C60x86.sys (Atheros Communications, Inc.)

DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)

DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)

DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)

DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)

DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)

DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)

DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)

DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)

DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)

DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)

DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)

DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)

DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation)

DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)

DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)

DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3B 91 5D E6 D0 EB CC 01  [binary data]

IE - HKCU\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledAddons: {C3949AC2-4B17-43ee-B4F1-D26B9D42404D}:15.0.5

FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.2

FF - prefs.js..extensions.enabledAddons: printedit@DW-dev:8.8

FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121012015120

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\manfred\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\manfred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\manfred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.02.19 17:39:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.03 15:40:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.07 21:47:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.07 21:47:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.03.14 22:28:06 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.07 21:47:27 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.07 21:47:21 | 000,000,000 | ---D | M]

 

[2012.02.15 17:30:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\Extensions

[2012.10.16 00:44:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions

[2012.10.11 22:35:48 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

[2012.08.22 20:10:25 | 000,000,000 | ---D | M] (Avanquest App'-Anwendungsleiste Community Toolbar) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}

[2012.10.16 00:44:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2012.05.20 10:56:27 | 000,009,693 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\java@flyordie.com.xpi

[2012.09.26 21:15:19 | 000,027,267 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\map@quickmaps.me.xpi

[2012.10.16 00:44:42 | 000,089,559 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\printedit@DW-dev.xpi

[2012.07.29 22:14:44 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012.02.18 21:03:48 | 000,000,933 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\11-suche.xml

[2012.02.18 21:03:49 | 000,002,419 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\englische-ergebnisse.xml

[2012.02.18 21:03:48 | 000,010,525 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\gmx-suche.xml

[2012.02.18 21:03:49 | 000,002,457 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\lastminute.xml

[2012.02.18 21:03:48 | 000,005,508 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\webde-suche.xml

[2012.09.07 21:47:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.07.03 15:40:31 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT

[2012.09.07 21:47:27 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.07.03 15:40:07 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

[2011.07.12 05:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

[2012.08.25 10:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.08.25 10:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.08.25 10:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.08.25 10:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.08.25 10:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.08.25 10:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - homepage: Google

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},

CHR - homepage: Google

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: Facebook Desktop (Enabled) = C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\manfred\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - Extension: Counter Strike (Flash-Version) = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcbegflbljflchoahmigblmabofoinkh\1.0.1_0\

CHR - Extension: avast! WebRep = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1203_0\

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

CHR - Extension: Plants vs Zombies = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\

 

O1 HOSTS File: ([2009.06.11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O2 - BHO: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Program Files\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Avanquest App'-Anwendungsleiste Toolbar) - {1D8566BD-F06F-4029-A3BE-BA80AF5A09F3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [TaskTray]  File not found

O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)

O4 - HKLM..\Run: [USB Antivirus] C:\Programme\USB Disk Security\USBGuard.exe (Zbshareware Lab)

O4 - HKCU..\Run: []  File not found

O4 - HKCU..\Run: [Facebook Update] C:\Users\manfred\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)

O4 - Startup: C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)

O4 - Startup: C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21F0735F-35A1-4812-B527-E0E99412945B}: NameServer = 10.198.220.124 202.126.40.5

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CAE6AB4-F441-49C1-8BC4-17A07A1B4578}: NameServer = 10.68.80.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1F44AEA-9C2D-4102-A3D6-B26516F71AFF}: DhcpNameServer = 124.106.7.2 124.106.5.2

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012.06.26 22:57:06 | 000,284,654 | ---- | M] () - C:\auto verkaufsschild.PNG -- [ NTFS ]

O32 - AutoRun File - [2009.06.11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]

O32 - AutoRun File - [2008.06.17 10:13:46 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{751940b0-5bb9-11e1-a9b3-e839df2c34d5}\Shell - "" = AutoRun

O33 - MountPoints2\{751940b0-5bb9-11e1-a9b3-e839df2c34d5}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{75466f3a-5add-11e1-a4e4-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{75466f3a-5add-11e1-a4e4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{75466f86-5add-11e1-a4e4-e839df2c34d5}\Shell - "" = AutoRun

O33 - MountPoints2\{75466f86-5add-11e1-a4e4-e839df2c34d5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.10.23 23:28:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\manfred\Desktop\OTL.exe

[2012.10.22 10:52:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2012.10.22 10:52:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2012.10.22 10:52:57 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll

[2012.10.20 23:01:44 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\Neuer Ordner

[2012.10.18 12:52:06 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\Kai-werkzeug

[2012.10.18 12:51:10 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\Kai-baja

[2012.10.18 12:41:10 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\Kai-honda

[2012.10.16 21:00:32 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\FB

[2012.10.04 12:25:34 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\tausch

[2012.09.27 10:40:52 | 000,000,000 | ---D | C] -- C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.10.23 23:45:46 | 000,001,284 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk

[2012.10.23 23:28:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\manfred\Desktop\OTL.exe

[2012.10.23 23:26:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job

[2012.10.23 23:21:13 | 000,131,064 | ---- | M] () -- C:\Users\manfred\Desktop\2.PNG

[2012.10.23 23:20:24 | 000,107,823 | ---- | M] () -- C:\Users\manfred\Desktop\1.PNG

[2012.10.23 22:57:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.10.23 22:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.10.23 22:39:04 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job

[2012.10.23 22:39:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job

[2012.10.23 22:30:16 | 000,158,675 | ---- | M] () -- C:\Users\manfred\Desktop\sd.PNG

[2012.10.23 19:17:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.10.23 16:15:47 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.10.23 16:15:47 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.10.23 16:10:48 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.10.23 16:10:29 | 2357,612,544 | -HS- | M] () -- C:\hiberfil.sys

[2012.10.22 20:18:06 | 000,139,603 | ---- | M] () -- C:\Users\manfred\Desktop\fff.PNG

[2012.10.22 14:58:45 | 000,187,929 | ---- | M] () -- C:\Users\manfred\Desktop\Unbenanntcdsx.PNG

[2012.10.22 14:57:19 | 000,172,824 | ---- | M] () -- C:\Users\manfred\Desktop\cdfr.PNG

[2012.10.22 11:26:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job

[2012.10.20 14:53:33 | 000,012,493 | ---- | M] () -- C:\ght.PNG

[2012.10.19 22:33:11 | 000,000,049 | ---- | M] () -- C:\Users\manfred\Desktop\Blue-Book.URL

[2012.10.19 18:44:23 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.10.19 18:44:23 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.10.19 18:44:23 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.10.19 18:44:23 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.10.16 15:57:43 | 000,302,642 | ---- | M] () -- C:\Users\manfred\Desktop\Unbenanntse.PNG

[2012.10.14 19:14:39 | 000,000,078 | ---- | M] () -- C:\Users\manfred\Desktop\httpwww.germanexpatinthephilippines.b....URL

[2012.10.14 12:44:13 | 000,180,864 | ---- | M] () -- C:\Users\manfred\Desktop\fd.PNG

[2012.10.12 13:11:30 | 000,000,087 | ---- | M] () -- C:\Users\manfred\Desktop\Antworten auf Fragen von mt6215.URL

[2012.10.11 22:42:26 | 000,000,095 | ---- | M] () -- C:\CallYa Sprach- und Smartphone-Tarife.URL

[2012.10.11 21:08:48 | 000,000,061 | ---- | M] () -- C:\httpwww.lidl.dedeClassic-Tarif.URL

[2012.10.11 21:08:42 | 000,000,063 | ---- | M] () -- C:\httpwww.lidl.dedeInternet-Stick1.URL

[2012.10.11 20:55:29 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012.10.11 20:55:29 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012.10.11 20:27:55 | 000,002,459 | ---- | M] () -- C:\Users\manfred\Desktop\Google Chrome.lnk

[2012.10.10 20:39:59 | 000,000,078 | ---- | M] () -- C:\Sternzeichen deutsch - englisch.URL

[2012.10.10 19:35:18 | 000,000,076 | ---- | M] () -- C:\Users\manfred\Desktop\Barbie Games - Fun Games for Girls, Free - Dress-Up & Makeover, Arcade, Sports, Puzzle Game.URL

[2012.10.10 13:46:58 | 000,000,078 | ---- | M] () -- C:\Users\manfred\Desktop\Dolls of the World - ChinaJeu.URL

[2012.10.09 15:56:10 | 000,045,056 | ---- | M] (Northern Codeworks) -- C:\Windows\NCUNINST.EXE

[2012.10.03 08:24:35 | 000,278,066 | ---- | M] () -- C:\am,,lk.PNG

[2012.10.03 08:20:55 | 000,026,876 | ---- | M] () -- C:\gg.PNG

[2012.10.03 08:02:01 | 000,000,145 | ---- | M] () -- C:\Citizen GN-4-S, WR100,Wasserdicht 100m,Verschraubtes Gehäuse. in Altona - Bahrenfeld Accessoires & Schmuck eBay Kleinanzeige.URL

[2012.10.02 23:09:54 | 000,054,649 | ---- | M] () -- C:\s1.PNG

[2012.10.02 23:02:46 | 000,086,347 | ---- | M] () -- C:\s.PNG

[2012.09.24 23:16:36 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll

[2012.09.24 23:08:27 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2012.09.24 23:07:57 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe

 
 ========== Files Created - No Company Name ==========

 

[2012.10.23 23:21:13 | 000,131,064 | ---- | C] () -- C:\Users\manfred\Desktop\2.PNG

[2012.10.23 23:20:24 | 000,107,823 | ---- | C] () -- C:\Users\manfred\Desktop\1.PNG

[2012.10.23 22:30:16 | 000,158,675 | ---- | C] () -- C:\Users\manfred\Desktop\sd.PNG

[2012.10.22 20:18:06 | 000,139,603 | ---- | C] () -- C:\Users\manfred\Desktop\fff.PNG

[2012.10.22 14:58:45 | 000,187,929 | ---- | C] () -- C:\Users\manfred\Desktop\Unbenanntcdsx.PNG

[2012.10.22 14:57:18 | 000,172,824 | ---- | C] () -- C:\Users\manfred\Desktop\cdfr.PNG

[2012.10.20 14:53:33 | 000,012,493 | ---- | C] () -- C:\ght.PNG

[2012.10.19 22:33:11 | 000,000,049 | ---- | C] () -- C:\Users\manfred\Desktop\Blue-Book.URL

[2012.10.16 15:57:43 | 000,302,642 | ---- | C] () -- C:\Users\manfred\Desktop\Unbenanntse.PNG

[2012.10.14 19:14:39 | 000,000,078 | ---- | C] () -- C:\Users\manfred\Desktop\httpwww.germanexpatinthephilippines.b....URL

[2012.10.14 12:44:13 | 000,180,864 | ---- | C] () -- C:\Users\manfred\Desktop\fd.PNG

[2012.10.12 13:11:30 | 000,000,087 | ---- | C] () -- C:\Users\manfred\Desktop\Antworten auf Fragen von mt6215.URL

[2012.10.11 22:42:26 | 000,000,095 | ---- | C] () -- C:\CallYa Sprach- und Smartphone-Tarife.URL

[2012.10.11 21:08:48 | 000,000,061 | ---- | C] () -- C:\httpwww.lidl.dedeClassic-Tarif.URL

[2012.10.11 21:08:42 | 000,000,063 | ---- | C] () -- C:\httpwww.lidl.dedeInternet-Stick1.URL

[2012.10.10 20:39:59 | 000,000,078 | ---- | C] () -- C:\Sternzeichen deutsch - englisch.URL

[2012.10.10 19:35:18 | 000,000,076 | ---- | C] () -- C:\Users\manfred\Desktop\Barbie Games - Fun Games for Girls, Free - Dress-Up & Makeover, Arcade, Sports, Puzzle Game.URL

[2012.10.10 13:46:58 | 000,000,078 | ---- | C] () -- C:\Users\manfred\Desktop\Dolls of the World - ChinaJeu.URL

[2012.10.03 08:24:35 | 000,278,066 | ---- | C] () -- C:\am,,lk.PNG

[2012.10.03 08:20:55 | 000,026,876 | ---- | C] () -- C:\gg.PNG

[2012.10.03 08:02:01 | 000,000,145 | ---- | C] () -- C:\Citizen GN-4-S, WR100,Wasserdicht 100m,Verschraubtes Gehäuse. in Altona - Bahrenfeld Accessoires & Schmuck eBay Kleinanzeige.URL

[2012.10.02 23:09:54 | 000,054,649 | ---- | C] () -- C:\s1.PNG

[2012.10.02 23:02:46 | 000,086,347 | ---- | C] () -- C:\s.PNG

[2012.02.19 12:31:33 | 000,021,504 | ---- | C] () -- C:\Users\manfred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.02.15 18:58:11 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2012.02.15 18:58:10 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2012.02.15 18:58:07 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2012.02.15 18:58:07 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2012.02.15 18:58:07 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2012.02.15 18:37:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

[2012.01.11 05:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin

[2012.01.11 05:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin

[2012.01.11 05:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin

[2012.01.11 04:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll

[2012.01.11 04:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

[2012.01.11 04:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 09:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 09:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== Files - Unicode (All) ==========

[2012.07.01 11:32:34 | 000,000,084 | ---- | M] ()(C:\????????/???? ??? ???? - YouTube.URL) -- C:\幸せになりたいね／大島優子 フォト ムービー - YouTube.URL

[2012.07.01 11:32:34 | 000,000,084 | ---- | C] ()(C:\????????/???? ??? ???? - YouTube.URL) -- C:\幸せになりたいね／大島優子 フォト ムービー - YouTube.URL

[2012.03.28 18:14:06 | 000,000,091 | ---- | M] ()(C:\? What If We Fall in Love ? - YouTube.URL) -- C:\♥ What If We Fall in Love ♥ - YouTube.URL

[2012.03.28 18:14:06 | 000,000,091 | ---- | C] ()(C:\? What If We Fall in Love ? - YouTube.URL) -- C:\♥ What If We Fall in Love ♥ - YouTube.URL
 

< End of report >

--- --- ---

OTL Logfile:

Code:

OTL logfile created on: 23.10.2012 23:33:10 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\manfred\Desktop

 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,93 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 49,33% Memory free

5,85 Gb Paging File | 3,84 Gb Available in Paging File | 65,63% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 297,99 Gb Total Space | 222,71 Gb Free Space | 74,74% Space Free | Partition Type: NTFS

Drive F: | 24,63 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: MANFRED-LAPTOP | User Name: manfred | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\manfred\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - C:\Programme\Globe Broadband\Globe Broadband.exe ()

PRC - C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)

PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)

PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)

PRC - C:\Programme\PC Connectivity Solution\Transports\NclToBTSrv.exe (Nokia)

PRC - C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)

PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)

PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)

PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.)

PRC - C:\Programme\USB Disk Security\USBGuard.exe (Zbshareware Lab)

PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.)

PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)

PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)

PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)

PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)

PRC - C:\Programme\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)

PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)

PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\libcef.dll ()

MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.WinForms.dll ()

MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll ()

MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()

MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()

MOD - C:\Programme\Globe Broadband\Globe Broadband.exe ()

MOD - C:\Programme\Nokia\Nokia Suite\ssoengine.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\securestorage.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\qjson.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QxtCore.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QxtWeb.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\NService.dll ()

MOD - C:\Windows\System32\IccLibDll.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\phonon4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtXmlPatterns4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtXml4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtWebKit4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtSql4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtScript4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtOpenGL4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtNetwork4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtMultimediaKit1.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtGui4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtDeclarative4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtCore4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qjpeg4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qico4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qgif4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\OviShareLib.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\Maps Service API.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\CommonUpdateChecker.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\mediaservice\dsengine.dll ()

MOD - C:\Programme\Yahoo!\Messenger\yui.dll ()

MOD - C:\Programme\WinRAR\RarExt.dll ()

MOD - C:\Programme\Globe Broadband\NDISAPI.dll ()

MOD - C:\Programme\Globe Broadband\DeviceMgrUIPlugin.dll ()

MOD - C:\Programme\Globe Broadband\DeviceMgrPlugin.dll ()

MOD - C:\Programme\Globe Broadband\atcomm.dll ()

MOD - C:\Programme\Globe Broadband\SMSPlugin.dll ()

MOD - C:\Programme\Globe Broadband\DetectDev.dll ()

MOD - C:\Programme\Globe Broadband\LocaleMgrPlugin.dll ()

MOD - C:\Programme\Globe Broadband\FileManager.dll ()

MOD - C:\Programme\Globe Broadband\DialUpPlugin.dll ()

MOD - C:\Programme\Globe Broadband\CallPlugin.dll ()

MOD - C:\Programme\Globe Broadband\XCodec.dll ()

MOD - C:\Programme\Globe Broadband\DeviceOperate.dll ()

MOD - C:\Programme\Globe Broadband\ConfigFilePlugin.dll ()

MOD - C:\Programme\Globe Broadband\NotifyServicePlugin.dll ()

MOD - C:\Programme\Globe Broadband\isaputrace.dll ()

MOD - C:\Programme\Globe Broadband\NetInfoPlugin.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7f457271e765b5d72f081942b829469c\System.Data.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll ()

MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)

SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (YahooAUService) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)

DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)

DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)

DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)

DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)

DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)

DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)

DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)

DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)

DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)

DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)

DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)

DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)

DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)

DRV - (L1C) -- C:\Windows\System32\drivers\L1C60x86.sys (Atheros Communications, Inc.)

DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)

DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)

DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)

DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)

DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)

DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)

DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)

DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)

DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)

DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)

DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)

DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)

DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation)

DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)

DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)

DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3B 91 5D E6 D0 EB CC 01  [binary data]

IE - HKCU\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledAddons: {C3949AC2-4B17-43ee-B4F1-D26B9D42404D}:15.0.5

FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.2

FF - prefs.js..extensions.enabledAddons: printedit@DW-dev:8.8

FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121012015120

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\manfred\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\manfred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\manfred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.02.19 17:39:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.03 15:40:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.07 21:47:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.07 21:47:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.03.14 22:28:06 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.07 21:47:27 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.07 21:47:21 | 000,000,000 | ---D | M]

 

[2012.02.15 17:30:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\Extensions

[2012.10.16 00:44:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions

[2012.10.11 22:35:48 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

[2012.08.22 20:10:25 | 000,000,000 | ---D | M] (Avanquest App'-Anwendungsleiste Community Toolbar) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}

[2012.10.16 00:44:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2012.05.20 10:56:27 | 000,009,693 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\java@flyordie.com.xpi

[2012.09.26 21:15:19 | 000,027,267 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\map@quickmaps.me.xpi

[2012.10.16 00:44:42 | 000,089,559 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\printedit@DW-dev.xpi

[2012.07.29 22:14:44 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012.02.18 21:03:48 | 000,000,933 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\11-suche.xml

[2012.02.18 21:03:49 | 000,002,419 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\englische-ergebnisse.xml

[2012.02.18 21:03:48 | 000,010,525 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\gmx-suche.xml

[2012.02.18 21:03:49 | 000,002,457 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\lastminute.xml

[2012.02.18 21:03:48 | 000,005,508 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\webde-suche.xml

[2012.09.07 21:47:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.07.03 15:40:31 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT

[2012.09.07 21:47:27 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.07.03 15:40:07 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

[2011.07.12 05:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

[2012.08.25 10:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.08.25 10:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.08.25 10:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.08.25 10:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.08.25 10:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.08.25 10:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - homepage: Google

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},

CHR - homepage: Google

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: Facebook Desktop (Enabled) = C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\manfred\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - Extension: Counter Strike (Flash-Version) = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcbegflbljflchoahmigblmabofoinkh\1.0.1_0\

CHR - Extension: avast! WebRep = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1203_0\

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

CHR - Extension: Plants vs Zombies = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\

 

O1 HOSTS File: ([2009.06.11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O2 - BHO: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Program Files\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Avanquest App'-Anwendungsleiste Toolbar) - {1D8566BD-F06F-4029-A3BE-BA80AF5A09F3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [TaskTray]  File not found

O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)

O4 - HKLM..\Run: [USB Antivirus] C:\Programme\USB Disk Security\USBGuard.exe (Zbshareware Lab)

O4 - HKCU..\Run: []  File not found

O4 - HKCU..\Run: [Facebook Update] C:\Users\manfred\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)

O4 - Startup: C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)

O4 - Startup: C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21F0735F-35A1-4812-B527-E0E99412945B}: NameServer = 10.198.220.124 202.126.40.5

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CAE6AB4-F441-49C1-8BC4-17A07A1B4578}: NameServer = 10.68.80.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1F44AEA-9C2D-4102-A3D6-B26516F71AFF}: DhcpNameServer = 124.106.7.2 124.106.5.2

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012.06.26 22:57:06 | 000,284,654 | ---- | M] () - C:\auto verkaufsschild.PNG -- [ NTFS ]

O32 - AutoRun File - [2009.06.11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]

O32 - AutoRun File - [2008.06.17 10:13:46 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{751940b0-5bb9-11e1-a9b3-e839df2c34d5}\Shell - "" = AutoRun

O33 - MountPoints2\{751940b0-5bb9-11e1-a9b3-e839df2c34d5}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{75466f3a-5add-11e1-a4e4-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{75466f3a-5add-11e1-a4e4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{75466f86-5add-11e1-a4e4-e839df2c34d5}\Shell - "" = AutoRun

O33 - MountPoints2\{75466f86-5add-11e1-a4e4-e839df2c34d5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.10.23 23:28:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\manfred\Desktop\OTL.exe

[2012.10.22 10:52:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2012.10.22 10:52:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2012.10.22 10:52:57 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll

[2012.10.20 23:01:44 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\Neuer Ordner

[2012.10.18 12:52:06 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\Kai-werkzeug

[2012.10.18 12:51:10 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\Kai-baja

[2012.10.18 12:41:10 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\Kai-honda

[2012.10.16 21:00:32 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\FB

[2012.10.04 12:25:34 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\tausch

[2012.09.27 10:40:52 | 000,000,000 | ---D | C] -- C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.10.23 23:45:46 | 000,001,284 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk

[2012.10.23 23:28:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\manfred\Desktop\OTL.exe

[2012.10.23 23:26:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job

[2012.10.23 23:21:13 | 000,131,064 | ---- | M] () -- C:\Users\manfred\Desktop\2.PNG

[2012.10.23 23:20:24 | 000,107,823 | ---- | M] () -- C:\Users\manfred\Desktop\1.PNG

[2012.10.23 22:57:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.10.23 22:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.10.23 22:39:04 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job

[2012.10.23 22:39:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job

[2012.10.23 22:30:16 | 000,158,675 | ---- | M] () -- C:\Users\manfred\Desktop\sd.PNG

[2012.10.23 19:17:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.10.23 16:15:47 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.10.23 16:15:47 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.10.23 16:10:48 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.10.23 16:10:29 | 2357,612,544 | -HS- | M] () -- C:\hiberfil.sys

[2012.10.22 20:18:06 | 000,139,603 | ---- | M] () -- C:\Users\manfred\Desktop\fff.PNG

[2012.10.22 14:58:45 | 000,187,929 | ---- | M] () -- C:\Users\manfred\Desktop\Unbenanntcdsx.PNG

[2012.10.22 14:57:19 | 000,172,824 | ---- | M] () -- C:\Users\manfred\Desktop\cdfr.PNG

[2012.10.22 11:26:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job

[2012.10.20 14:53:33 | 000,012,493 | ---- | M] () -- C:\ght.PNG

[2012.10.19 22:33:11 | 000,000,049 | ---- | M] () -- C:\Users\manfred\Desktop\Blue-Book.URL

[2012.10.19 18:44:23 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.10.19 18:44:23 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.10.19 18:44:23 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.10.19 18:44:23 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.10.16 15:57:43 | 000,302,642 | ---- | M] () -- C:\Users\manfred\Desktop\Unbenanntse.PNG

[2012.10.14 19:14:39 | 000,000,078 | ---- | M] () -- C:\Users\manfred\Desktop\httpwww.germanexpatinthephilippines.b....URL

[2012.10.14 12:44:13 | 000,180,864 | ---- | M] () -- C:\Users\manfred\Desktop\fd.PNG

[2012.10.12 13:11:30 | 000,000,087 | ---- | M] () -- C:\Users\manfred\Desktop\Antworten auf Fragen von mt6215.URL

[2012.10.11 22:42:26 | 000,000,095 | ---- | M] () -- C:\CallYa Sprach- und Smartphone-Tarife.URL

[2012.10.11 21:08:48 | 000,000,061 | ---- | M] () -- C:\httpwww.lidl.dedeClassic-Tarif.URL

[2012.10.11 21:08:42 | 000,000,063 | ---- | M] () -- C:\httpwww.lidl.dedeInternet-Stick1.URL

[2012.10.11 20:55:29 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012.10.11 20:55:29 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012.10.11 20:27:55 | 000,002,459 | ---- | M] () -- C:\Users\manfred\Desktop\Google Chrome.lnk

[2012.10.10 20:39:59 | 000,000,078 | ---- | M] () -- C:\Sternzeichen deutsch - englisch.URL

[2012.10.10 19:35:18 | 000,000,076 | ---- | M] () -- C:\Users\manfred\Desktop\Barbie Games - Fun Games for Girls, Free - Dress-Up & Makeover, Arcade, Sports, Puzzle Game.URL

[2012.10.10 13:46:58 | 000,000,078 | ---- | M] () -- C:\Users\manfred\Desktop\Dolls of the World - ChinaJeu.URL

[2012.10.09 15:56:10 | 000,045,056 | ---- | M] (Northern Codeworks) -- C:\Windows\NCUNINST.EXE

[2012.10.03 08:24:35 | 000,278,066 | ---- | M] () -- C:\am,,lk.PNG

[2012.10.03 08:20:55 | 000,026,876 | ---- | M] () -- C:\gg.PNG

[2012.10.03 08:02:01 | 000,000,145 | ---- | M] () -- C:\Citizen GN-4-S, WR100,Wasserdicht 100m,Verschraubtes Gehäuse. in Altona - Bahrenfeld Accessoires & Schmuck eBay Kleinanzeige.URL

[2012.10.02 23:09:54 | 000,054,649 | ---- | M] () -- C:\s1.PNG

[2012.10.02 23:02:46 | 000,086,347 | ---- | M] () -- C:\s.PNG

[2012.09.24 23:16:36 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll

[2012.09.24 23:08:27 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2012.09.24 23:07:57 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe

 
 ========== Files Created - No Company Name ==========

 

[2012.10.23 23:21:13 | 000,131,064 | ---- | C] () -- C:\Users\manfred\Desktop\2.PNG

[2012.10.23 23:20:24 | 000,107,823 | ---- | C] () -- C:\Users\manfred\Desktop\1.PNG

[2012.10.23 22:30:16 | 000,158,675 | ---- | C] () -- C:\Users\manfred\Desktop\sd.PNG

[2012.10.22 20:18:06 | 000,139,603 | ---- | C] () -- C:\Users\manfred\Desktop\fff.PNG

[2012.10.22 14:58:45 | 000,187,929 | ---- | C] () -- C:\Users\manfred\Desktop\Unbenanntcdsx.PNG

[2012.10.22 14:57:18 | 000,172,824 | ---- | C] () -- C:\Users\manfred\Desktop\cdfr.PNG

[2012.10.20 14:53:33 | 000,012,493 | ---- | C] () -- C:\ght.PNG

[2012.10.19 22:33:11 | 000,000,049 | ---- | C] () -- C:\Users\manfred\Desktop\Blue-Book.URL

[2012.10.16 15:57:43 | 000,302,642 | ---- | C] () -- C:\Users\manfred\Desktop\Unbenanntse.PNG

[2012.10.14 19:14:39 | 000,000,078 | ---- | C] () -- C:\Users\manfred\Desktop\httpwww.germanexpatinthephilippines.b....URL

[2012.10.14 12:44:13 | 000,180,864 | ---- | C] () -- C:\Users\manfred\Desktop\fd.PNG

[2012.10.12 13:11:30 | 000,000,087 | ---- | C] () -- C:\Users\manfred\Desktop\Antworten auf Fragen von mt6215.URL

[2012.10.11 22:42:26 | 000,000,095 | ---- | C] () -- C:\CallYa Sprach- und Smartphone-Tarife.URL

[2012.10.11 21:08:48 | 000,000,061 | ---- | C] () -- C:\httpwww.lidl.dedeClassic-Tarif.URL

[2012.10.11 21:08:42 | 000,000,063 | ---- | C] () -- C:\httpwww.lidl.dedeInternet-Stick1.URL

[2012.10.10 20:39:59 | 000,000,078 | ---- | C] () -- C:\Sternzeichen deutsch - englisch.URL

[2012.10.10 19:35:18 | 000,000,076 | ---- | C] () -- C:\Users\manfred\Desktop\Barbie Games - Fun Games for Girls, Free - Dress-Up & Makeover, Arcade, Sports, Puzzle Game.URL

[2012.10.10 13:46:58 | 000,000,078 | ---- | C] () -- C:\Users\manfred\Desktop\Dolls of the World - ChinaJeu.URL

[2012.10.03 08:24:35 | 000,278,066 | ---- | C] () -- C:\am,,lk.PNG

[2012.10.03 08:20:55 | 000,026,876 | ---- | C] () -- C:\gg.PNG

[2012.10.03 08:02:01 | 000,000,145 | ---- | C] () -- C:\Citizen GN-4-S, WR100,Wasserdicht 100m,Verschraubtes Gehäuse. in Altona - Bahrenfeld Accessoires & Schmuck eBay Kleinanzeige.URL

[2012.10.02 23:09:54 | 000,054,649 | ---- | C] () -- C:\s1.PNG

[2012.10.02 23:02:46 | 000,086,347 | ---- | C] () -- C:\s.PNG

[2012.02.19 12:31:33 | 000,021,504 | ---- | C] () -- C:\Users\manfred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.02.15 18:58:11 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2012.02.15 18:58:10 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2012.02.15 18:58:07 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2012.02.15 18:58:07 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2012.02.15 18:58:07 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2012.02.15 18:37:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

[2012.01.11 05:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin

[2012.01.11 05:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin

[2012.01.11 05:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin

[2012.01.11 04:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll

[2012.01.11 04:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

[2012.01.11 04:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 09:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 09:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== Files - Unicode (All) ==========

[2012.07.01 11:32:34 | 000,000,084 | ---- | M] ()(C:\????????/???? ??? ???? - YouTube.URL) -- C:\幸せになりたいね／大島優子 フォト ムービー - YouTube.URL

[2012.07.01 11:32:34 | 000,000,084 | ---- | C] ()(C:\????????/???? ??? ???? - YouTube.URL) -- C:\幸せになりたいね／大島優子 フォト ムービー - YouTube.URL

[2012.03.28 18:14:06 | 000,000,091 | ---- | M] ()(C:\? What If We Fall in Love ? - YouTube.URL) -- C:\♥ What If We Fall in Love ♥ - YouTube.URL

[2012.03.28 18:14:06 | 000,000,091 | ---- | C] ()(C:\? What If We Fall in Love ? - YouTube.URL) -- C:\♥ What If We Fall in Love ♥ - YouTube.URL
 

< End of report >

--- --- ---

ist das richtig ?

ist das was ihr braucht ?

ist das richtig ?

ist das was ihr braucht ?

kann jemand helfen , wer weis was ich habe .

otl hat eine box, dort den text einkopieren, bitte noch mal und dann scannen

hallo

ich finde auf der seite von OTL nichts von einer box .

sorry ich habe echt keine ahnung .

habe nun auf scan gedrückt und ist nun vertig nun ging eine seite auf wo daten stehen .

soll ich nun die daten hier einfügen ?

bitte habt etwas verständnis das ich nicht ganz durchsehe .:headbang:

Zitat:

Zitat von markusg (Beitrag 944783)

otl hatt eine box, dort den text einkopieren, bitte noch mal und dann scannen

verstehe ich nicht ! was soll ich noch mal und dan scannen ??
das --------- und dann scannen----------- verstehe ich nicht .
ich habe nur gescannt und dann kopiert . :killpc::headbang::headbang:

vieleicht verstehe ich da was falsch , aber ich verstehe es nicht , sorry

OTL Logfile:

Code:

OTL Extras logfile created on: 28.10.2012 17:44:09 - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\manfred\Desktop

 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,93 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 63,40% Memory free

5,85 Gb Paging File | 4,52 Gb Available in Paging File | 77,22% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 297,99 Gb Total Space | 221,36 Gb Free Space | 74,28% Space Free | Partition Type: NTFS

Drive F: | 24,63 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: MANFRED-LAPTOP | User Name: manfred | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{2C1FE3E7-D1DD-4B49-AC3B-54F99DD727FD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{2DB60A46-7F39-4117-B730-092A95268100}" = rport=138 | protocol=17 | dir=out | app=system | 

"{30EDF6BE-E24B-4343-B021-8DEB6BDA6E4C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{31E08B30-1789-480D-8BDE-44B7870E38B7}" = lport=137 | protocol=17 | dir=in | app=system | 

"{638DE2BB-514E-4FF2-8958-2BADFEF0C149}" = lport=445 | protocol=6 | dir=in | app=system | 

"{85BACC20-BC31-4946-875F-8020EC4AA4C1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{93479A70-BE2C-454D-8A8F-6574F4E4DCE3}" = rport=137 | protocol=17 | dir=out | app=system | 

"{A3FBD9BF-4E92-4881-8FF5-0E0743FDD50A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{A6808EBE-09F6-4B4C-9002-AE2B579BCE3A}" = lport=139 | protocol=6 | dir=in | app=system | 

"{B9F825C4-9C14-4284-AABD-2859F9990095}" = lport=138 | protocol=17 | dir=in | app=system | 

"{BFE05BF0-126F-47B9-A4CA-3D108D436FA5}" = rport=445 | protocol=6 | dir=out | app=system | 

"{F9B39352-094A-4224-90BD-0AFD3BFABF8B}" = rport=139 | protocol=6 | dir=out | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{19E1543E-80B7-4443-A9FF-76D0804919D7}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe | 

"{25F903B1-D27D-4C46-B419-7E4734106273}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{285C5D39-B54E-42CF-B8BB-E80CDF35CB51}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 

"{3F0AC9F6-0901-4A21-8677-AE1E465813D3}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 

"{44DFB270-8F47-4D2B-9CF5-361D73EFA82D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{5DB401C8-8C79-4AD7-8C5A-6582D8193FF7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{65516601-ABE0-4902-95EE-C02FA53DF1E0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{6F65A6CF-6751-4592-B64B-0DD831B1833A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 

"{8E0030B5-9B46-4436-A0E9-E8D8678D2018}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 

"{A5D50297-759A-43CF-9ABD-0F9BA65677F1}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 

"{ACC1DFBC-CA68-4E54-BED9-5AF61BC59F9B}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 

"{AE0C55FA-7046-4F8C-9FC1-A1CCE387C8C5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{B3277B74-F9A5-4F72-A21E-83FBC624557C}" = dir=in | app=c:\users\manfred\appdata\local\facebook\video\skype\facebookvideocalling.exe | 

"{CBBE68BD-44CD-4B89-A60D-0F4A2AD36D75}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver

"{17D26CDD-B87C-412B-92F0-2D5DD4313522}" = Facebook Messenger 2.1.4651.0

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31

"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth

"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component

"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver

"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch

"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86

"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

"{DFD30824-6BD0-34E1-ABE8-308AD3CBB9A0}" = Google Talk Plugin

"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Avanquest_App'-Anwendungsleiste Toolbar" = Avanquest App'-Anwendungsleiste Toolbar

"avast" = avast! Free Antivirus

"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition

"Globe Broadband" = Globe Broadband

"GOM Player" = GOM Player

"IrfanView" = IrfanView (remove only)

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.8.0

"LingoPad_is1" = LingoPad 2.6 (Build 360)

"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Nokia Suite" = Nokia Suite

"Orbit_is1" = Orbit Downloader

"RealPlayer 15.0" = RealPlayer

"TeamViewer 7" = TeamViewer 7

"USB Disk Security_is1" = USB Disk Security

"uTorrent" = µTorrent

"VLC media player" = VLC media player 1.1.11

"Winamp" = Winamp

"WinRAR archiver" = WinRAR 4.01 (32-bit)

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Software Update" = Yahoo! Software Update

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"Winamp Detect" = Winamp Erkennungs-Plug-in

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 15.07.2012 01:39:05 | Computer Name = manfred-laptop | Source = Google Update | ID = 20

Description = 

 

Error - 15.07.2012 04:39:05 | Computer Name = manfred-laptop | Source = Google Update | ID = 20

Description = 

 

Error - 15.07.2012 22:07:13 | Computer Name = manfred-laptop | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7600.16415,

 Zeitstempel: 0x4a98ae4b  Name des fehlerhaften Moduls: hxmedpltfm.dll, Version: 15.0.5.109,

 Zeitstempel: 0x4fe36f3b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001ca71  ID des fehlerhaften

 Prozesses: 0x178  Startzeit der fehlerhaften Anwendung: 0x01cd62f65b2b7b6c  Pfad der

 fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmplayer.exe  Pfad 

des fehlerhaften Moduls: c:\program files\real\realplayer\common\hxmedpltfm.dll  Berichtskennung:

 f528b2f9-ceea-11e1-802b-c80aa9f28303

 

Error - 15.07.2012 22:22:15 | Computer Name = manfred-laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 17.07.2012 01:39:05 | Computer Name = manfred-laptop | Source = Google Update | ID = 20

Description = 

 

Error - 17.07.2012 04:39:05 | Computer Name = manfred-laptop | Source = Google Update | ID = 20

Description = 

 

Error - 17.07.2012 07:39:05 | Computer Name = manfred-laptop | Source = Google Update | ID = 20

Description = 

 

Error - 18.07.2012 01:39:05 | Computer Name = manfred-laptop | Source = Google Update | ID = 20

Description = 

 

Error - 18.07.2012 04:39:05 | Computer Name = manfred-laptop | Source = Google Update | ID = 20

Description = 

 

Error - 20.07.2012 04:39:05 | Computer Name = manfred-laptop | Source = Google Update | ID = 20

Description = 

 

[ System Events ]

Error - 28.05.2012 13:00:20 | Computer Name = manfred-laptop | Source = Service Control Manager | ID = 7000

Description = Der Dienst "IPsec-Richtlinien-Agent" wurde aufgrund folgenden Fehlers

 nicht gestartet:   %%1069

 

Error - 28.05.2012 13:00:20 | Computer Name = manfred-laptop | Source = Service Control Manager | ID = 7038

Description = Der Dienst "PolicyAgent" konnte sich nicht als "NT Authority\NetworkService"

 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1352    Vergewissern

 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft

 Management Console (MMC).

 

Error - 28.05.2012 13:00:20 | Computer Name = manfred-laptop | Source = Service Control Manager | ID = 7000

Description = Der Dienst "IPsec-Richtlinien-Agent" wurde aufgrund folgenden Fehlers

 nicht gestartet:   %%1069

 

Error - 28.05.2012 13:00:20 | Computer Name = manfred-laptop | Source = Service Control Manager | ID = 7038

Description = Der Dienst "PolicyAgent" konnte sich nicht als "NT Authority\NetworkService"

 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1352    Vergewissern

 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft

 Management Console (MMC).

 

Error - 28.05.2012 13:00:20 | Computer Name = manfred-laptop | Source = Service Control Manager | ID = 7000

Description = Der Dienst "IPsec-Richtlinien-Agent" wurde aufgrund folgenden Fehlers

 nicht gestartet:   %%1069

 

Error - 28.05.2012 13:00:20 | Computer Name = manfred-laptop | Source = Service Control Manager | ID = 7038

Description = Der Dienst "PolicyAgent" konnte sich nicht als "NT Authority\NetworkService"

 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1352    Vergewissern

 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft

 Management Console (MMC).

 

Error - 28.05.2012 13:00:20 | Computer Name = manfred-laptop | Source = Service Control Manager | ID = 7000

Description = Der Dienst "IPsec-Richtlinien-Agent" wurde aufgrund folgenden Fehlers

 nicht gestartet:   %%1069

 

Error - 28.05.2012 13:00:20 | Computer Name = manfred-laptop | Source = Service Control Manager | ID = 7038

Description = Der Dienst "PolicyAgent" konnte sich nicht als "NT Authority\NetworkService"

 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1352    Vergewissern

 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft

 Management Console (MMC).

 

Error - 28.05.2012 13:00:20 | Computer Name = manfred-laptop | Source = Service Control Manager | ID = 7000

Description = Der Dienst "IPsec-Richtlinien-Agent" wurde aufgrund folgenden Fehlers

 nicht gestartet:   %%1069

 

Error - 28.05.2012 13:07:48 | Computer Name = manfred-laptop | Source = BugCheck | ID = 1001

Description = 

 

 

< End of report >

--- --- ---
OTL Logfile:

Code:

OTL logfile created on: 28.10.2012 17:44:09 - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\manfred\Desktop

 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,93 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 63,40% Memory free

5,85 Gb Paging File | 4,52 Gb Available in Paging File | 77,22% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 297,99 Gb Total Space | 221,36 Gb Free Space | 74,28% Space Free | Partition Type: NTFS

Drive F: | 24,63 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: MANFRED-LAPTOP | User Name: manfred | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\manfred\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)

PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - C:\Programme\Globe Broadband\Globe Broadband.exe ()

PRC - C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)

PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)

PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)

PRC - C:\Programme\PC Connectivity Solution\Transports\NclToBTSrv.exe (Nokia)

PRC - C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)

PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)

PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)

PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.)

PRC - C:\Programme\USB Disk Security\USBGuard.exe (Zbshareware Lab)

PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.)

PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)

PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)

PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)

PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)

PRC - C:\Programme\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)

PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)

PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\libcef.dll ()

MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.WinForms.dll ()

MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll ()

MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()

MOD - C:\Programme\Globe Broadband\Globe Broadband.exe ()

MOD - C:\Programme\Nokia\Nokia Suite\ssoengine.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\securestorage.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\qjson.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QxtCore.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QxtWeb.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\NService.dll ()

MOD - C:\Windows\System32\IccLibDll.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\phonon4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtXmlPatterns4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtXml4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtWebKit4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtSql4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtScript4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtOpenGL4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtNetwork4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtMultimediaKit1.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtGui4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtDeclarative4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtCore4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qjpeg4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qico4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qgif4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\OviShareLib.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\Maps Service API.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\CommonUpdateChecker.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\mediaservice\dsengine.dll ()

MOD - C:\Programme\Yahoo!\Messenger\yui.dll ()

MOD - C:\Programme\WinRAR\RarExt.dll ()

MOD - C:\Programme\Globe Broadband\NDISAPI.dll ()

MOD - C:\Programme\Globe Broadband\DeviceMgrUIPlugin.dll ()

MOD - C:\Programme\Globe Broadband\DeviceMgrPlugin.dll ()

MOD - C:\Programme\Globe Broadband\atcomm.dll ()

MOD - C:\Programme\Globe Broadband\SMSPlugin.dll ()

MOD - C:\Programme\Globe Broadband\DetectDev.dll ()

MOD - C:\Programme\Globe Broadband\LocaleMgrPlugin.dll ()

MOD - C:\Programme\Globe Broadband\FileManager.dll ()

MOD - C:\Programme\Globe Broadband\DialUpPlugin.dll ()

MOD - C:\Programme\Globe Broadband\CallPlugin.dll ()

MOD - C:\Programme\Globe Broadband\XCodec.dll ()

MOD - C:\Programme\Globe Broadband\DeviceOperate.dll ()

MOD - C:\Programme\Globe Broadband\ConfigFilePlugin.dll ()

MOD - C:\Programme\Globe Broadband\NotifyServicePlugin.dll ()

MOD - C:\Programme\Globe Broadband\isaputrace.dll ()

MOD - C:\Programme\Globe Broadband\NetInfoPlugin.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7f457271e765b5d72f081942b829469c\System.Data.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll ()

MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)

SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (YahooAUService) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)

DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)

DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)

DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)

DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)

DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)

DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)

DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)

DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)

DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)

DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)

DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)

DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)

DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)

DRV - (L1C) -- C:\Windows\System32\drivers\L1C60x86.sys (Atheros Communications, Inc.)

DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)

DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)

DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)

DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)

DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)

DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)

DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)

DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)

DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)

DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)

DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)

DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)

DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation)

DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)

DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)

DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3B 91 5D E6 D0 EB CC 01  [binary data]

IE - HKCU\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledAddons: {C3949AC2-4B17-43ee-B4F1-D26B9D42404D}:15.0.5

FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.2

FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121012015120

FF - prefs.js..extensions.enabledAddons: printedit@DW-dev:8.9

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\manfred\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\manfred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\manfred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.02.19 17:39:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.03 15:40:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 22:32:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 22:32:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.03.14 22:28:06 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 22:32:12 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 22:32:10 | 000,000,000 | ---D | M]

 

[2012.02.15 17:30:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\Extensions

[2012.10.28 01:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions

[2012.10.11 22:35:48 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

[2012.08.22 20:10:25 | 000,000,000 | ---D | M] (Avanquest App'-Anwendungsleiste Community Toolbar) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}

[2012.10.16 00:44:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2012.05.20 10:56:27 | 000,009,693 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\java@flyordie.com.xpi

[2012.09.26 21:15:19 | 000,027,267 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\map@quickmaps.me.xpi

[2012.10.28 01:46:01 | 000,091,555 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\printedit@DW-dev.xpi

[2012.07.29 22:14:44 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012.02.18 21:03:48 | 000,000,933 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\11-suche.xml

[2012.02.18 21:03:49 | 000,002,419 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\englische-ergebnisse.xml

[2012.02.18 21:03:48 | 000,010,525 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\gmx-suche.xml

[2012.02.18 21:03:49 | 000,002,457 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\lastminute.xml

[2012.02.18 21:03:48 | 000,005,508 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\webde-suche.xml

[2012.10.27 22:32:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.07.03 15:40:31 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT

[2012.10.27 22:32:12 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.07.03 15:40:07 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

[2011.07.12 05:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

[2012.08.25 10:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.08.25 10:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.08.25 10:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.08.25 10:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.08.25 10:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.08.25 10:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - homepage: hxxp://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},

CHR - homepage: hxxp://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: Facebook Desktop (Enabled) = C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\manfred\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - Extension: Counter Strike (Flash-Version) = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcbegflbljflchoahmigblmabofoinkh\1.0.1_0\

CHR - Extension: avast! WebRep = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1203_0\

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

CHR - Extension: Plants vs Zombies = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\

 

O1 HOSTS File: ([2009.06.11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O2 - BHO: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Program Files\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Avanquest App'-Anwendungsleiste Toolbar) - {1D8566BD-F06F-4029-A3BE-BA80AF5A09F3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [TaskTray]  File not found

O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)

O4 - HKLM..\Run: [USB Antivirus] C:\Programme\USB Disk Security\USBGuard.exe (Zbshareware Lab)

O4 - HKCU..\Run: []  File not found

O4 - HKCU..\Run: [Facebook Update] C:\Users\manfred\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)

O4 - Startup: C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)

O4 - Startup: C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21F0735F-35A1-4812-B527-E0E99412945B}: NameServer = 10.198.220.124 202.126.40.5

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CAE6AB4-F441-49C1-8BC4-17A07A1B4578}: NameServer = 10.68.80.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1F44AEA-9C2D-4102-A3D6-B26516F71AFF}: DhcpNameServer = 124.106.7.2 124.106.5.2

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012.06.26 22:57:06 | 000,284,654 | ---- | M] () - C:\auto verkaufsschild.PNG -- [ NTFS ]

O32 - AutoRun File - [2009.06.11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]

O32 - AutoRun File - [2008.06.17 10:13:46 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{751940b0-5bb9-11e1-a9b3-e839df2c34d5}\Shell - "" = AutoRun

O33 - MountPoints2\{751940b0-5bb9-11e1-a9b3-e839df2c34d5}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{75466f3a-5add-11e1-a4e4-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{75466f3a-5add-11e1-a4e4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{75466f86-5add-11e1-a4e4-e839df2c34d5}\Shell - "" = AutoRun

O33 - MountPoints2\{75466f86-5add-11e1-a4e4-e839df2c34d5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 60 Days ==========

 

[2012.10.27 22:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2012.10.23 23:28:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\manfred\Desktop\OTL.exe

[2012.10.22 10:52:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2012.10.22 10:52:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2012.10.22 10:52:57 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll

[2012.10.20 23:01:44 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\Neuer Ordner

[2012.10.04 12:25:34 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\tausch

[2012.09.27 10:40:52 | 000,000,000 | ---D | C] -- C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook

[2012.09.18 10:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012.09.10 17:52:30 | 000,000,000 | ---D | C] -- C:\Global karten

[2012.09.06 21:32:07 | 000,000,000 | R--D | C] -- C:\Users\manfred\Desktop\Schulbücher

[2012.09.06 20:56:14 | 000,000,000 | ---D | C] -- C:\ebay 2 handys gekauft

[2012.09.06 20:51:34 | 000,000,000 | ---D | C] -- C:\Alu Koffer schloss

[2012.09.05 23:24:42 | 000,000,000 | ---D | C] -- C:\silke schicken

[2012.09.04 18:54:40 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\BDO

[2012.09.02 21:47:55 | 000,000,000 | ---D | C] -- C:\elter schicken

 
 ========== Files - Modified Within 60 Days ==========

 

[2012.10.28 17:57:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.10.28 17:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.10.28 17:26:02 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job

[2012.10.28 16:39:14 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job

[2012.10.28 11:47:06 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.10.28 11:47:06 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.10.28 11:40:44 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.10.28 11:40:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.10.28 11:40:17 | 2357,612,544 | -HS- | M] () -- C:\hiberfil.sys

[2012.10.27 22:39:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job

[2012.10.27 20:00:54 | 000,001,284 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk

[2012.10.26 22:01:49 | 000,000,068 | ---- | M] () -- C:\Users\manfred\Desktop\001-Voyager - 725-26 - Endgame Part 1 - YouTube.URL

[2012.10.26 20:57:23 | 000,008,943 | ---- | M] () -- C:\Users\manfred\Desktop\11.PNG

[2012.10.26 19:27:37 | 000,405,354 | ---- | M] () -- C:\wvb,,mn (2).PNG

[2012.10.26 19:27:04 | 000,198,964 | ---- | M] () -- C:\wvb,,mn (1).PNG

[2012.10.26 14:55:53 | 000,000,150 | ---- | M] () -- C:\Users\manfred\Desktop\Neues Betriebssystem im Handel Microsoft lockt Windows 8-Kunden zum Start mit Kampfpreis - Computer - FOCUS Online - Nachric.URL

[2012.10.26 00:59:31 | 000,097,410 | ---- | M] () -- C:\Users\manfred\Desktop\1...PNG

[2012.10.24 11:26:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job

[2012.10.24 10:06:25 | 000,000,075 | ---- | M] () -- C:\Users\manfred\Desktop\Trojaner oder ............ - Trojaner-Board.URL

[2012.10.24 00:47:14 | 000,198,915 | ---- | M] () -- C:\Users\manfred\Desktop\cf.PNG

[2012.10.23 23:28:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\manfred\Desktop\OTL.exe

[2012.10.23 23:21:13 | 000,131,064 | ---- | M] () -- C:\Users\manfred\Desktop\2.PNG

[2012.10.23 23:20:24 | 000,107,823 | ---- | M] () -- C:\Users\manfred\Desktop\1.PNG

[2012.10.23 22:30:16 | 000,158,675 | ---- | M] () -- C:\sdbgh.PNG

[2012.10.22 20:18:06 | 000,139,603 | ---- | M] () -- C:\Users\manfred\Desktop\fff.PNG

[2012.10.22 14:58:45 | 000,187,929 | ---- | M] () -- C:\Users\manfred\Desktop\Unbenanntcdsx.PNG

[2012.10.22 14:57:19 | 000,172,824 | ---- | M] () -- C:\Users\manfred\Desktop\cdfr.PNG

[2012.10.20 14:53:33 | 000,012,493 | ---- | M] () -- C:\ght.PNG

[2012.10.19 22:33:11 | 000,000,049 | ---- | M] () -- C:\Users\manfred\Desktop\Blue-Book.URL

[2012.10.19 18:44:23 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.10.19 18:44:23 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.10.19 18:44:23 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.10.19 18:44:23 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.10.16 15:57:43 | 000,302,642 | ---- | M] () -- C:\Users\manfred\Desktop\Unbenanntse.PNG

[2012.10.12 13:11:30 | 000,000,087 | ---- | M] () -- C:\Users\manfred\Desktop\Antworten auf Fragen von mt6215.URL

[2012.10.11 22:42:26 | 000,000,095 | ---- | M] () -- C:\CallYa Sprach- und Smartphone-Tarife.URL

[2012.10.11 21:08:48 | 000,000,061 | ---- | M] () -- C:\httpwww.lidl.dedeClassic-Tarif.URL

[2012.10.11 21:08:42 | 000,000,063 | ---- | M] () -- C:\httpwww.lidl.dedeInternet-Stick1.URL

[2012.10.11 20:55:29 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012.10.11 20:55:29 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012.10.11 20:27:55 | 000,002,459 | ---- | M] () -- C:\Users\manfred\Desktop\Google Chrome.lnk

[2012.10.10 20:39:59 | 000,000,078 | ---- | M] () -- C:\Sternzeichen deutsch - englisch.URL

[2012.10.10 19:35:18 | 000,000,076 | ---- | M] () -- C:\Users\manfred\Desktop\Barbie Games - Fun Games for Girls, Free - Dress-Up & Makeover, Arcade, Sports, Puzzle Game.URL

[2012.10.09 15:56:10 | 000,045,056 | ---- | M] (Northern Codeworks) -- C:\Windows\NCUNINST.EXE

[2012.10.03 08:24:35 | 000,278,066 | ---- | M] () -- C:\am,,lk.PNG

[2012.10.03 08:20:55 | 000,026,876 | ---- | M] () -- C:\gg.PNG

[2012.10.03 08:02:01 | 000,000,145 | ---- | M] () -- C:\Citizen GN-4-S, WR100,Wasserdicht 100m,Verschraubtes Gehäuse. in Altona - Bahrenfeld Accessoires & Schmuck eBay Kleinanzeige.URL

[2012.10.02 23:09:54 | 000,054,649 | ---- | M] () -- C:\s1.PNG

[2012.10.02 23:02:46 | 000,086,347 | ---- | M] () -- C:\s.PNG

[2012.09.24 23:16:36 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll

[2012.09.24 23:08:27 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2012.09.24 23:07:57 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2012.09.22 16:17:21 | 000,869,154 | ---- | M] () -- C:\12.PNG

[2012.09.18 19:57:04 | 174,755,821 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012.09.18 15:36:08 | 000,000,055 | ---- | M] () -- C:\Flüge Fluege Philippinen Thailand Asien Australien.URL

[2012.09.18 10:24:00 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll

[2012.09.18 10:24:00 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll

[2012.09.16 21:24:58 | 000,021,504 | ---- | M] () -- C:\Users\manfred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.09.16 12:28:09 | 000,000,084 | ---- | M] () -- C:\Terra X - Faszination Erde - Philippinen - Inseln zwischen den Weltenwww.youtube.comTerra X - Faszination Erde - Philippinen.URL

[2012.09.14 20:14:24 | 000,000,066 | ---- | M] () -- C:\Users\manfred\Desktop\FreeTranslation Translate English English to Spanish Translation.URL

[2012.09.13 23:10:16 | 000,000,059 | ---- | M] () -- C:\Users\manfred\Desktop\PROMT - ein kostenloser Text - und Webseiten - Übersetzer - Englisch, Deutsch, Französisch, Spanisch, Portugiesisch (Brasili.URL

[2012.09.05 22:35:18 | 000,000,050 | ---- | M] () -- C:\Users\manfred\Desktop\Stadt Heilbronn.URL

[2012.08.30 23:20:10 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

 
 ========== Files Created - No Company Name ==========

 

[2012.10.26 22:01:49 | 000,000,068 | ---- | C] () -- C:\Users\manfred\Desktop\001-Voyager - 725-26 - Endgame Part 1 - YouTube.URL

[2012.10.26 20:57:22 | 000,008,943 | ---- | C] () -- C:\Users\manfred\Desktop\11.PNG

[2012.10.26 19:27:37 | 000,405,354 | ---- | C] () -- C:\wvb,,mn (2).PNG

[2012.10.26 19:27:04 | 000,198,964 | ---- | C] () -- C:\wvb,,mn (1).PNG

[2012.10.26 14:55:53 | 000,000,150 | ---- | C] () -- C:\Users\manfred\Desktop\Neues Betriebssystem im Handel Microsoft lockt Windows 8-Kunden zum Start mit Kampfpreis - Computer - FOCUS Online - Nachric.URL

[2012.10.26 00:59:31 | 000,097,410 | ---- | C] () -- C:\Users\manfred\Desktop\1...PNG

[2012.10.24 10:06:25 | 000,000,075 | ---- | C] () -- C:\Users\manfred\Desktop\Trojaner oder ............ - Trojaner-Board.URL

[2012.10.24 00:47:14 | 000,198,915 | ---- | C] () -- C:\Users\manfred\Desktop\cf.PNG

[2012.10.23 23:21:13 | 000,131,064 | ---- | C] () -- C:\Users\manfred\Desktop\2.PNG

[2012.10.23 23:20:24 | 000,107,823 | ---- | C] () -- C:\Users\manfred\Desktop\1.PNG

[2012.10.23 22:30:16 | 000,158,675 | ---- | C] () -- C:\sdbgh.PNG

[2012.10.22 20:18:06 | 000,139,603 | ---- | C] () -- C:\Users\manfred\Desktop\fff.PNG

[2012.10.22 14:58:45 | 000,187,929 | ---- | C] () -- C:\Users\manfred\Desktop\Unbenanntcdsx.PNG

[2012.10.22 14:57:18 | 000,172,824 | ---- | C] () -- C:\Users\manfred\Desktop\cdfr.PNG

[2012.10.20 14:53:33 | 000,012,493 | ---- | C] () -- C:\ght.PNG

[2012.10.19 22:33:11 | 000,000,049 | ---- | C] () -- C:\Users\manfred\Desktop\Blue-Book.URL

[2012.10.16 15:57:43 | 000,302,642 | ---- | C] () -- C:\Users\manfred\Desktop\Unbenanntse.PNG

[2012.10.12 13:11:30 | 000,000,087 | ---- | C] () -- C:\Users\manfred\Desktop\Antworten auf Fragen von mt6215.URL

[2012.10.11 22:42:26 | 000,000,095 | ---- | C] () -- C:\CallYa Sprach- und Smartphone-Tarife.URL

[2012.10.11 21:08:48 | 000,000,061 | ---- | C] () -- C:\httpwww.lidl.dedeClassic-Tarif.URL

[2012.10.11 21:08:42 | 000,000,063 | ---- | C] () -- C:\httpwww.lidl.dedeInternet-Stick1.URL

[2012.10.10 20:39:59 | 000,000,078 | ---- | C] () -- C:\Sternzeichen deutsch - englisch.URL

[2012.10.10 19:35:18 | 000,000,076 | ---- | C] () -- C:\Users\manfred\Desktop\Barbie Games - Fun Games for Girls, Free - Dress-Up & Makeover, Arcade, Sports, Puzzle Game.URL

[2012.10.03 08:24:35 | 000,278,066 | ---- | C] () -- C:\am,,lk.PNG

[2012.10.03 08:20:55 | 000,026,876 | ---- | C] () -- C:\gg.PNG

[2012.10.03 08:02:01 | 000,000,145 | ---- | C] () -- C:\Citizen GN-4-S, WR100,Wasserdicht 100m,Verschraubtes Gehäuse. in Altona - Bahrenfeld Accessoires & Schmuck eBay Kleinanzeige.URL

[2012.10.02 23:09:54 | 000,054,649 | ---- | C] () -- C:\s1.PNG

[2012.10.02 23:02:46 | 000,086,347 | ---- | C] () -- C:\s.PNG

[2012.09.22 16:17:21 | 000,869,154 | ---- | C] () -- C:\12.PNG

[2012.09.18 15:36:08 | 000,000,055 | ---- | C] () -- C:\Flüge Fluege Philippinen Thailand Asien Australien.URL

[2012.09.16 12:28:09 | 000,000,084 | ---- | C] () -- C:\Terra X - Faszination Erde - Philippinen - Inseln zwischen den Weltenwww.youtube.comTerra X - Faszination Erde - Philippinen.URL

[2012.09.14 20:14:24 | 000,000,066 | ---- | C] () -- C:\Users\manfred\Desktop\FreeTranslation Translate English English to Spanish Translation.URL

[2012.09.13 23:10:16 | 000,000,059 | ---- | C] () -- C:\Users\manfred\Desktop\PROMT - ein kostenloser Text - und Webseiten - Übersetzer - Englisch, Deutsch, Französisch, Spanisch, Portugiesisch (Brasili.URL

[2012.09.05 22:35:18 | 000,000,050 | ---- | C] () -- C:\Users\manfred\Desktop\Stadt Heilbronn.URL

[2012.09.01 18:28:56 | 000,017,862 | ---- | C] () -- C:\Unbe-adpost.PNG

[2012.09.01 18:28:56 | 000,007,443 | ---- | C] () -- C:\Unbenannt olx.PNG

[2012.09.01 18:28:27 | 000,083,971 | ---- | C] () -- C:\lichtspiel.jpg

[2012.09.01 18:28:13 | 000,026,685 | ---- | C] () -- C:\email = mt.phil62@yahoo.com.PNG

[2012.09.01 18:28:07 | 000,069,263 | ---- | C] () -- C:\ddddddddddddddddddd.PNG

[2012.09.01 18:28:07 | 000,031,374 | ---- | C] () -- C:\email = gerber_ulrich@yahoo.com.PNG

[2012.09.01 18:28:07 | 000,023,064 | ---- | C] () -- C:\ebay dat.PNG

[2012.09.01 18:28:07 | 000,021,980 | ---- | C] () -- C:\email=pauloate@yahoo.com.PNG

[2012.08.30 23:20:10 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.02.19 12:31:33 | 000,021,504 | ---- | C] () -- C:\Users\manfred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.02.15 18:58:11 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2012.02.15 18:58:10 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2012.02.15 18:58:07 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2012.02.15 18:58:07 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2012.02.15 18:58:07 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2012.02.15 18:37:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

[2012.01.11 05:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin

[2012.01.11 05:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin

[2012.01.11 05:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin

[2012.01.11 04:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll

[2012.01.11 04:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

[2012.01.11 04:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 09:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 09:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== Files - Unicode (All) ==========

[2012.07.01 11:32:34 | 000,000,084 | ---- | M] ()(C:\????????/???? ??? ???? - YouTube.URL) -- C:\幸せになりたいね／大島優子 フォト ムービー - YouTube.URL

[2012.07.01 11:32:34 | 000,000,084 | ---- | C] ()(C:\????????/???? ??? ???? - YouTube.URL) -- C:\幸せになりたいね／大島優子 フォト ムービー - YouTube.URL

[2012.03.28 18:14:06 | 000,000,091 | ---- | M] ()(C:\? What If We Fall in Love ? - YouTube.URL) -- C:\♥ What If We Fall in Love ♥ - YouTube.URL

[2012.03.28 18:14:06 | 000,000,091 | ---- | C] ()(C:\? What If We Fall in Love ? - YouTube.URL) -- C:\♥ What If We Fall in Love ♥ - YouTube.URL
 

< End of report >

--- --- ---

habe nun nochmal gescant .

ist das nun richtig ???:killpc::killpc:

du sollst im otl programm in das eingabefeld den text aus der codebox reinkopieren und dann auf quick scan klicken

OTL Logfile:
OTL Logfile:

Code:

OTL logfile created on: 30.10.2012 05:02:47 - Run 10

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\manfred\Desktop

 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,93 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 54,22% Memory free

5,85 Gb Paging File | 4,35 Gb Available in Paging File | 74,37% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 297,99 Gb Total Space | 221,27 Gb Free Space | 74,25% Space Free | Partition Type: NTFS

Drive F: | 24,63 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: MANFRED-LAPTOP | User Name: manfred | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\manfred\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)

PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - C:\Programme\Globe Broadband\Globe Broadband.exe ()

PRC - C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)

PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)

PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)

PRC - C:\Programme\PC Connectivity Solution\Transports\NclToBTSrv.exe (Nokia)

PRC - C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)

PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)

PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)

PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.)

PRC - C:\Programme\USB Disk Security\USBGuard.exe (Zbshareware Lab)

PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.)

PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)

PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)

PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)

PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)

PRC - C:\Programme\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)

PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)

PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\libcef.dll ()

MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.WinForms.dll ()

MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll ()

MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()

MOD - C:\Programme\Globe Broadband\Globe Broadband.exe ()

MOD - C:\Programme\Nokia\Nokia Suite\ssoengine.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\securestorage.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\qjson.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QxtCore.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QxtWeb.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\NService.dll ()

MOD - C:\Windows\System32\IccLibDll.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\phonon4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtXmlPatterns4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtXml4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtWebKit4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtSql4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtScript4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtOpenGL4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtNetwork4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtMultimediaKit1.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtGui4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtDeclarative4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\QtCore4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qjpeg4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qico4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qgif4.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\OviShareLib.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\Maps Service API.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\CommonUpdateChecker.dll ()

MOD - C:\Programme\Nokia\Nokia Suite\mediaservice\dsengine.dll ()

MOD - C:\Programme\Yahoo!\Messenger\yui.dll ()

MOD - C:\Programme\WinRAR\RarExt.dll ()

MOD - C:\Programme\Globe Broadband\NDISAPI.dll ()

MOD - C:\Programme\Globe Broadband\DeviceMgrUIPlugin.dll ()

MOD - C:\Programme\Globe Broadband\DeviceMgrPlugin.dll ()

MOD - C:\Programme\Globe Broadband\atcomm.dll ()

MOD - C:\Programme\Globe Broadband\SMSPlugin.dll ()

MOD - C:\Programme\Globe Broadband\DetectDev.dll ()

MOD - C:\Programme\Globe Broadband\LocaleMgrPlugin.dll ()

MOD - C:\Programme\Globe Broadband\FileManager.dll ()

MOD - C:\Programme\Globe Broadband\DialUpPlugin.dll ()

MOD - C:\Programme\Globe Broadband\CallPlugin.dll ()

MOD - C:\Programme\Globe Broadband\XCodec.dll ()

MOD - C:\Programme\Globe Broadband\DeviceOperate.dll ()

MOD - C:\Programme\Globe Broadband\ConfigFilePlugin.dll ()

MOD - C:\Programme\Globe Broadband\NotifyServicePlugin.dll ()

MOD - C:\Programme\Globe Broadband\isaputrace.dll ()

MOD - C:\Programme\Globe Broadband\NetInfoPlugin.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7f457271e765b5d72f081942b829469c\System.Data.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll ()

MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)

SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (YahooAUService) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)

DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)

DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)

DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)

DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)

DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)

DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)

DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)

DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)

DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)

DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)

DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)

DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)

DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)

DRV - (L1C) -- C:\Windows\System32\drivers\L1C60x86.sys (Atheros Communications, Inc.)

DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)

DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)

DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)

DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)

DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)

DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)

DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)

DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)

DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)

DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)

DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)

DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)

DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation)

DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)

DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)

DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3B 91 5D E6 D0 EB CC 01  [binary data]

IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledAddons: {C3949AC2-4B17-43ee-B4F1-D26B9D42404D}:15.0.5

FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.2

FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121012015120

FF - prefs.js..extensions.enabledAddons: printedit@DW-dev:8.9

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\manfred\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\manfred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\manfred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.02.19 17:39:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.03 15:40:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 22:32:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 22:32:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.03.14 22:28:06 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 22:32:12 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 22:32:10 | 000,000,000 | ---D | M]

 

[2012.02.15 17:30:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\Extensions

[2012.10.28 01:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions

[2012.10.11 22:35:48 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

[2012.08.22 20:10:25 | 000,000,000 | ---D | M] (Avanquest App'-Anwendungsleiste Community Toolbar) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}

[2012.10.16 00:44:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2012.05.20 10:56:27 | 000,009,693 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\java@flyordie.com.xpi

[2012.09.26 21:15:19 | 000,027,267 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\map@quickmaps.me.xpi

[2012.10.28 01:46:01 | 000,091,555 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\printedit@DW-dev.xpi

[2012.07.29 22:14:44 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012.02.18 21:03:48 | 000,000,933 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\11-suche.xml

[2012.02.18 21:03:49 | 000,002,419 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\englische-ergebnisse.xml

[2012.02.18 21:03:48 | 000,010,525 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\gmx-suche.xml

[2012.02.18 21:03:49 | 000,002,457 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\lastminute.xml

[2012.02.18 21:03:48 | 000,005,508 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\webde-suche.xml

[2012.10.27 22:32:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.07.03 15:40:31 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT

[2012.10.27 22:32:12 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.07.03 15:40:07 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

[2011.07.12 05:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

[2012.08.25 10:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.08.25 10:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.08.25 10:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.08.25 10:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.08.25 10:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.08.25 10:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - homepage: hxxp://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},

CHR - homepage: hxxp://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: Facebook Desktop (Enabled) = C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\manfred\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - Extension: Counter Strike (Flash-Version) = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcbegflbljflchoahmigblmabofoinkh\1.0.1_0\

CHR - Extension: avast! WebRep = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1203_0\

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

CHR - Extension: Plants vs Zombies = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\

 

O1 HOSTS File: ([2009.06.11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O2 - BHO: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Program Files\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O3 - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\..\Toolbar\WebBrowser: (Avanquest App'-Anwendungsleiste Toolbar) - {1D8566BD-F06F-4029-A3BE-BA80AF5A09F3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [TaskTray]  File not found

O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)

O4 - HKLM..\Run: [USB Antivirus] C:\Programme\USB Disk Security\USBGuard.exe (Zbshareware Lab)

O4 - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000..\Run: []  File not found

O4 - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000..\Run: [Facebook Update] C:\Users\manfred\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - Startup: C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)

O4 - Startup: C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CAE6AB4-F441-49C1-8BC4-17A07A1B4578}: NameServer = 10.68.80.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1F44AEA-9C2D-4102-A3D6-B26516F71AFF}: DhcpNameServer = 124.106.7.2 124.106.5.2

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012.06.26 22:57:06 | 000,284,654 | ---- | M] () - C:\auto verkaufsschild.PNG -- [ NTFS ]

O32 - AutoRun File - [2009.06.11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]

O32 - AutoRun File - [2008.06.17 10:13:46 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{751940b0-5bb9-11e1-a9b3-e839df2c34d5}\Shell - "" = AutoRun

O33 - MountPoints2\{751940b0-5bb9-11e1-a9b3-e839df2c34d5}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{75466f3a-5add-11e1-a4e4-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{75466f3a-5add-11e1-a4e4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{75466f86-5add-11e1-a4e4-e839df2c34d5}\Shell - "" = AutoRun

O33 - MountPoints2\{75466f86-5add-11e1-a4e4-e839df2c34d5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.10.27 22:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2012.10.23 23:28:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\manfred\Desktop\OTL.exe

[2012.10.20 23:01:44 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\Neuer Ordner

[2012.10.04 12:25:34 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\tausch

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.10.30 04:57:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.10.30 04:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.10.30 04:39:05 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job

[2012.10.30 04:26:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job

[2012.10.29 22:39:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job

[2012.10.29 19:39:16 | 000,001,284 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk

[2012.10.29 14:44:08 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.10.29 14:44:08 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.10.29 14:39:11 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.10.29 14:38:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.10.29 14:38:52 | 2357,612,544 | -HS- | M] () -- C:\hiberfil.sys

[2012.10.26 20:57:23 | 000,008,943 | ---- | M] () -- C:\Users\manfred\Desktop\11.PNG

[2012.10.26 19:27:37 | 000,405,354 | ---- | M] () -- C:\wvb,,mn (2).PNG

[2012.10.26 19:27:04 | 000,198,964 | ---- | M] () -- C:\wvb,,mn (1).PNG

[2012.10.26 14:55:53 | 000,000,150 | ---- | M] () -- C:\Users\manfred\Desktop\Neues Betriebssystem im Handel Microsoft lockt Windows 8-Kunden zum Start mit Kampfpreis - Computer - FOCUS Online - Nachric.URL

[2012.10.26 00:59:31 | 000,097,410 | ---- | M] () -- C:\Users\manfred\Desktop\1...PNG

[2012.10.24 11:26:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job

[2012.10.24 10:06:25 | 000,000,075 | ---- | M] () -- C:\Users\manfred\Desktop\Trojaner oder ............ - Trojaner-Board.URL

[2012.10.23 23:28:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\manfred\Desktop\OTL.exe

[2012.10.23 23:21:13 | 000,131,064 | ---- | M] () -- C:\Users\manfred\Desktop\2.PNG

[2012.10.23 23:20:24 | 000,107,823 | ---- | M] () -- C:\Users\manfred\Desktop\1.PNG

[2012.10.23 22:30:16 | 000,158,675 | ---- | M] () -- C:\sdbgh.PNG

[2012.10.22 20:18:06 | 000,139,603 | ---- | M] () -- C:\Users\manfred\Desktop\fff.PNG

[2012.10.22 14:58:45 | 000,187,929 | ---- | M] () -- C:\Users\manfred\Desktop\Unbenanntcdsx.PNG

[2012.10.22 14:57:19 | 000,172,824 | ---- | M] () -- C:\Users\manfred\Desktop\cdfr.PNG

[2012.10.20 14:53:33 | 000,012,493 | ---- | M] () -- C:\ght.PNG

[2012.10.19 22:33:11 | 000,000,049 | ---- | M] () -- C:\Users\manfred\Desktop\Blue-Book.URL

[2012.10.19 18:44:23 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.10.19 18:44:23 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.10.19 18:44:23 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.10.19 18:44:23 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.10.16 15:57:43 | 000,302,642 | ---- | M] () -- C:\Users\manfred\Desktop\Unbenanntse.PNG

[2012.10.12 13:11:30 | 000,000,087 | ---- | M] () -- C:\Users\manfred\Desktop\Antworten auf Fragen von mt6215.URL

[2012.10.11 22:42:26 | 000,000,095 | ---- | M] () -- C:\CallYa Sprach- und Smartphone-Tarife.URL

[2012.10.11 21:08:48 | 000,000,061 | ---- | M] () -- C:\httpwww.lidl.dedeClassic-Tarif.URL

[2012.10.11 21:08:42 | 000,000,063 | ---- | M] () -- C:\httpwww.lidl.dedeInternet-Stick1.URL

[2012.10.11 20:27:55 | 000,002,459 | ---- | M] () -- C:\Users\manfred\Desktop\Google Chrome.lnk

[2012.10.10 20:39:59 | 000,000,078 | ---- | M] () -- C:\Sternzeichen deutsch - englisch.URL

[2012.10.10 19:35:18 | 000,000,076 | ---- | M] () -- C:\Users\manfred\Desktop\Barbie Games - Fun Games for Girls, Free - Dress-Up & Makeover, Arcade, Sports, Puzzle Game.URL

[2012.10.09 15:56:10 | 000,045,056 | ---- | M] (Northern Codeworks) -- C:\Windows\NCUNINST.EXE

[2012.10.03 08:24:35 | 000,278,066 | ---- | M] () -- C:\am,,lk.PNG

[2012.10.03 08:20:55 | 000,026,876 | ---- | M] () -- C:\gg.PNG

[2012.10.03 08:02:01 | 000,000,145 | ---- | M] () -- C:\Citizen GN-4-S, WR100,Wasserdicht 100m,Verschraubtes Gehäuse. in Altona - Bahrenfeld Accessoires & Schmuck eBay Kleinanzeige.URL

[2012.10.02 23:09:54 | 000,054,649 | ---- | M] () -- C:\s1.PNG

[2012.10.02 23:02:46 | 000,086,347 | ---- | M] () -- C:\s.PNG

 
 ========== Files Created - No Company Name ==========

 

[2012.10.26 20:57:22 | 000,008,943 | ---- | C] () -- C:\Users\manfred\Desktop\11.PNG

[2012.10.26 19:27:37 | 000,405,354 | ---- | C] () -- C:\wvb,,mn (2).PNG

[2012.10.26 19:27:04 | 000,198,964 | ---- | C] () -- C:\wvb,,mn (1).PNG

[2012.10.26 14:55:53 | 000,000,150 | ---- | C] () -- C:\Users\manfred\Desktop\Neues Betriebssystem im Handel Microsoft lockt Windows 8-Kunden zum Start mit Kampfpreis - Computer - FOCUS Online - Nachric.URL

[2012.10.26 00:59:31 | 000,097,410 | ---- | C] () -- C:\Users\manfred\Desktop\1...PNG

[2012.10.24 10:06:25 | 000,000,075 | ---- | C] () -- C:\Users\manfred\Desktop\Trojaner oder ............ - Trojaner-Board.URL

[2012.10.23 23:21:13 | 000,131,064 | ---- | C] () -- C:\Users\manfred\Desktop\2.PNG

[2012.10.23 23:20:24 | 000,107,823 | ---- | C] () -- C:\Users\manfred\Desktop\1.PNG

[2012.10.23 22:30:16 | 000,158,675 | ---- | C] () -- C:\sdbgh.PNG

[2012.10.22 20:18:06 | 000,139,603 | ---- | C] () -- C:\Users\manfred\Desktop\fff.PNG

[2012.10.22 14:58:45 | 000,187,929 | ---- | C] () -- C:\Users\manfred\Desktop\Unbenanntcdsx.PNG

[2012.10.22 14:57:18 | 000,172,824 | ---- | C] () -- C:\Users\manfred\Desktop\cdfr.PNG

[2012.10.20 14:53:33 | 000,012,493 | ---- | C] () -- C:\ght.PNG

[2012.10.19 22:33:11 | 000,000,049 | ---- | C] () -- C:\Users\manfred\Desktop\Blue-Book.URL

[2012.10.16 15:57:43 | 000,302,642 | ---- | C] () -- C:\Users\manfred\Desktop\Unbenanntse.PNG

[2012.10.12 13:11:30 | 000,000,087 | ---- | C] () -- C:\Users\manfred\Desktop\Antworten auf Fragen von mt6215.URL

[2012.10.11 22:42:26 | 000,000,095 | ---- | C] () -- C:\CallYa Sprach- und Smartphone-Tarife.URL

[2012.10.11 21:08:48 | 000,000,061 | ---- | C] () -- C:\httpwww.lidl.dedeClassic-Tarif.URL

[2012.10.11 21:08:42 | 000,000,063 | ---- | C] () -- C:\httpwww.lidl.dedeInternet-Stick1.URL

[2012.10.10 20:39:59 | 000,000,078 | ---- | C] () -- C:\Sternzeichen deutsch - englisch.URL

[2012.10.10 19:35:18 | 000,000,076 | ---- | C] () -- C:\Users\manfred\Desktop\Barbie Games - Fun Games for Girls, Free - Dress-Up & Makeover, Arcade, Sports, Puzzle Game.URL

[2012.10.03 08:24:35 | 000,278,066 | ---- | C] () -- C:\am,,lk.PNG

[2012.10.03 08:20:55 | 000,026,876 | ---- | C] () -- C:\gg.PNG

[2012.10.03 08:02:01 | 000,000,145 | ---- | C] () -- C:\Citizen GN-4-S, WR100,Wasserdicht 100m,Verschraubtes Gehäuse. in Altona - Bahrenfeld Accessoires & Schmuck eBay Kleinanzeige.URL

[2012.10.02 23:09:54 | 000,054,649 | ---- | C] () -- C:\s1.PNG

[2012.10.02 23:02:46 | 000,086,347 | ---- | C] () -- C:\s.PNG

[2012.02.19 12:31:33 | 000,021,504 | ---- | C] () -- C:\Users\manfred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.02.15 18:58:11 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2012.02.15 18:58:10 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2012.02.15 18:58:07 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2012.02.15 18:58:07 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2012.02.15 18:58:07 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2012.02.15 18:37:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

[2012.01.11 05:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin

[2012.01.11 05:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin

[2012.01.11 05:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin

[2012.01.11 04:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll

[2012.01.11 04:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

[2012.01.11 04:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 09:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 09:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2012.02.21 01:07:20 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Farm Mania

[2012.02.15 18:51:53 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\GrabPro

[2012.03.14 00:22:22 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\IrfanView

[2012.05.11 11:11:08 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Lingo4u

[2012.03.14 22:31:14 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Nokia

[2012.04.20 19:43:51 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\OpenOffice.org

[2012.06.19 13:02:13 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Orbit

[2012.03.30 16:41:06 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\PC Suite

[2012.02.15 18:52:00 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\ProgSense

[2012.07.29 00:11:35 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Toshiba

[2012.03.21 23:37:37 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\uTorrent

[2012.09.13 18:27:08 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Wildfire

[2012.03.16 15:41:59 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\WinBatch

[2012.02.22 08:52:59 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Windows SideBar

[2012.02.15 16:53:29 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Zbshareware Lab

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < OTL logfile created on: 30.10.2012 04:37:55 - Run 9 >

[2009.07.14 12:53:46 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2009.07.14 12:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT

[2012.02.19 11:33:05 | 000,001,096 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

[2012.02.19 11:33:06 | 000,001,100 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

[2012.02.29 01:03:23 | 000,001,124 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job

[2012.02.29 01:03:24 | 000,001,146 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job

[2012.04.13 10:50:10 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

[2012.05.17 21:09:41 | 000,001,076 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job

[2012.05.17 21:09:42 | 000,001,128 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job

 
 < OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\manfred\Desktop >

 
 <  Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation >

 
 < Internet Explorer (Version = 8.0.7600.16385) >

 
 < Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy >

 
 <   >

 
 < 2,93 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 54,25% Memory free >

 
 < 5,85 Gb Paging File | 4,36 Gb Available in Paging File | 74,46% Paging File free >

 
 < Paging file location(s): ?:\pagefile.sys [binary data] >

 
 <   >

 
 < %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files >

 
 < Drive C: | 297,99 Gb Total Space | 221,29 Gb Free Space | 74,26% Space Free | Partition Type: NTFS >

 
 < Drive F: | 24,63 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS >

 
 <   >

 
 < Computer Name: MANFRED-LAPTOP | User Name: manfred | Logged in as Administrator. >

 
 < Boot Mode: Normal | Scan Mode: All users >

 
 < Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days >

 
 <   >

 
 < ========== Processes (SafeList) ========== >

Invalid Switch: color]

 
 <   >

 
 < PRC - C:\Users\manfred\Desktop\OTL.exe (OldTimer Tools) >

 
 < PRC - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook) >

 
 < PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) >

 
 < PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) >

 
 < PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) >

 
 < PRC - C:\Programme\Globe Broadband\Globe Broadband.exe () >

 
 < PRC - C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) >

 
 < PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) >

 
 < PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) >

 
 < PRC - C:\Programme\PC Connectivity Solution\Transports\NclToBTSrv.exe (Nokia) >

 
 < PRC - C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia) >

 
 < PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) >

 
 < PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) >

 
 < PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) >

 
 < PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) >

 
 < PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) >

 
 < PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.) >

 
 < PRC - C:\Programme\USB Disk Security\USBGuard.exe (Zbshareware Lab) >

 
 < PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.) >

 
 < PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) >

 
 < PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) >

 
 < PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) >

 
 < PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) >

 
 < PRC - C:\Programme\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) >

 
 < PRC - C:\Windows\explorer.exe (Microsoft Corporation) >

 
 < PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) >

 
 < PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) >

 
 < PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) >

 
 < PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.) >

 
 < PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) >

 
 <   >

 
 <   >

 
 < ========== Modules (No Company Name) ========== >

Invalid Switch: color]

 
 <   >

 
 < MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\libcef.dll () >

 
 < MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.WinForms.dll () >

 
 < MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll () >

 
 < MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () >

 
 < MOD - C:\Programme\Globe Broadband\Globe Broadband.exe () >

 
 < MOD - C:\Programme\Nokia\Nokia Suite\ssoengine.dll () >

 
 < MOD - C:\Programme\Nokia\Nokia Suite\securestorage.dll () >

 
 < MOD - C:\Programme\Nokia\Nokia Suite\qjson.dll () >

 
 < MOD - C:\Programme\Nokia\Nokia Suite\QxtCore.dll () >

 
 < MOD - C:\Programme\Nokia\Nokia Suite\QxtWeb.dll () >

 
 < MOD - C:\Programme\Nokia\Nokia Suite\NService.dll () >

 
 < MOD - C:\Windows\System32\IccLibDll.dll () >

 
 < MOD - C:\Programme\Nokia\Nokia Suite\phonon4.dll () >

 
 < MOD - C:\Programme\Nokia\Nokia Suite\QtXmlPatterns4.dll () >

 
 < MOD - C:\Programme\Nokia\Nokia Suite\QtXml4.dll () >

 
 < MOD - C:\Programme\Nokia\Nokia Suite\QtWebKit4.dll () >

 
 < MOD - C:\Programme\Nokia\Nokia Suite\QtSql4.dll () >

 
 < MOD - C:\Programme\Nokia\Nokia Suite\QtScript4.dll () >

 
 < MOD - C:\Programme\Nokia\Nokia Suite\QtOpenGL4.dll () >

 
 < MOD - C:\Programme\Nokia\Nokia Suite\QtNetwork4.dll () >

 
 < MOD - C:\Programme\Nokia\Nokia Suite\QtMultimediaKit1.dll () >

 
 < MOD - C:\Programme\Nokia\Nokia Suite\QtGui4.dll () >

 
 < MOD - C:\Programme\Nokia\Nokia Suite\QtDeclarative4.dll () >

 
 < MOD - C:\Programme\Nokia\Nokia Suite\QtCore4.dll () >

 
 < MOD - C:\Programme\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll () >

 
 < MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qjpeg4.dll () >

 
 < MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qico4.dll () >

 
 < MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qgif4.dll () >

 
 < MOD - C:\Programme\Nokia\Nokia Suite\OviShareLib.dll () >

 
 < MOD - C:\Programme\Nokia\Nokia Suite\Maps Service API.dll () >

 
 < MOD - C:\Programme\Nokia\Nokia Suite\CommonUpdateChecker.dll () >

 
 < MOD - C:\Programme\Nokia\Nokia Suite\mediaservice\dsengine.dll () >

 
 < MOD - C:\Programme\Yahoo!\Messenger\yui.dll () >

 
 < MOD - C:\Programme\WinRAR\RarExt.dll () >

 
 < MOD - C:\Programme\Globe Broadband\NDISAPI.dll () >

 
 < MOD - C:\Programme\Globe Broadband\DeviceMgrUIPlugin.dll () >

 
 < MOD - C:\Programme\Globe Broadband\DeviceMgrPlugin.dll () >

 
 < MOD - C:\Programme\Globe Broadband\atcomm.dll () >

 
 < MOD - C:\Programme\Globe Broadband\SMSPlugin.dll () >

 
 < MOD - C:\Programme\Globe Broadband\DetectDev.dll () >

 
 < MOD - C:\Programme\Globe Broadband\LocaleMgrPlugin.dll () >

 
 < MOD - C:\Programme\Globe Broadband\FileManager.dll () >

 
 < MOD - C:\Programme\Globe Broadband\DialUpPlugin.dll () >

 
 < MOD - C:\Programme\Globe Broadband\CallPlugin.dll () >

 
 < MOD - C:\Programme\Globe Broadband\XCodec.dll () >

 
 < MOD - C:\Programme\Globe Broadband\DeviceOperate.dll () >

 
 < MOD - C:\Programme\Globe Broadband\ConfigFilePlugin.dll () >

 
 < MOD - C:\Programme\Globe Broadband\NotifyServicePlugin.dll () >

 
 < MOD - C:\Programme\Globe Broadband\isaputrace.dll () >

 
 < MOD - C:\Programme\Globe Broadband\NetInfoPlugin.dll () >

 
 < MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () >

 
 < MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () >

 
 < MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll () >

 
 < MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7f457271e765b5d72f081942b829469c\System.Data.ni.dll () >

 
 < MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll () >

 
 < MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll () >

 
 < MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll () >

 
 < MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll () >

 
 < MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll () >

 
 < MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll () >

 
 < MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () >

 
 <   >

 
 <   >

 
 < ========== Services (SafeList) ========== >

Invalid Switch: color]

 
 <   >

 
 < SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) >

 
 < SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) >

 
 < SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) >

 
 < SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) >

 
 < SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) >

 
 < SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) >

 
 < SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) >

 
 < SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) >

 
 < SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) >

 
 < SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) >

 
 < SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) >

 
 < SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) >

 
 < SRV - (YahooAUService) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) >

 
 <   >

 
 <   >

 
 < ========== Driver Services (SafeList) ========== >

Invalid Switch: color]

 
 <   >

 
 < DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) >

 
 < DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) >

 
 < DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) >

 
 < DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) >

 
 < DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia) >

 
 < DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) >

 
 < DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia) >

 
 < DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) >

 
 < DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) >

 
 < DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) >

 
 < DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) >

 
 < DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) >

 
 < DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) >

 
 < DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) >

 
 < DRV - (L1C) -- C:\Windows\System32\drivers\L1C60x86.sys (Atheros Communications, Inc.) >

 
 < DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) >

 
 < DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) >

 
 < DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) >

 
 < DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) >

 
 < DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) >

 
 < DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation) >

 
 < DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation) >

 
 < DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) >

 
 < DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) >

 
 < DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) >

 
 < DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) >

 
 < DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) >

 
 < DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) >

 
 < DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) >

 
 < DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) >

 
 < DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) >

 
 < DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) >

 
 < DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) >

 
 < DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation) >

 
 < DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) >

 
 < DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) >

 
 < DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation) >

 
 <   >

 
 <   >

 
 < ========== Standard Registry (SafeList) ========== >

Invalid Switch: color]

 
 <   >

 
 <   >

 
 < ========== Internet Explorer ========== >

Invalid Switch: color]

 
 <   >

 
 < IE - HKLM\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.) >

 
 < IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} >

 
 < IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC >

 
 <   >

 
 <   >

 
 < IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 >

 
 <   >

 
 < IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 >

 
 <   >

 
 <   >

 
 <   >

 
 < IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ >

Invalid Switch: 

 
 < IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp >

Invalid Switch: ?ocid=iehp

 
 < IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de >

 
 < IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3B 91 5D E6 D0 EB CC 01  [binary data] >

 
 < IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.) >

 
 < IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} >

 
 < IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC >

 
 < IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 >

 
 <   >

 
 < ========== FireFox ========== >

Invalid Switch: color]

 
 <   >

 
 < FF - prefs.js..extensions.enabledAddons: {C3949AC2-4B17-43ee-B4F1-D26B9D42404D}:15.0.5 >

 
 < FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.2 >

 
 < FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121012015120 >

 
 < FF - prefs.js..extensions.enabledAddons: printedit@DW-dev:8.9 >

 
 <   >

 
 <   >

 
 < FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () >

Invalid Switch: FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

 
 < FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) >

Invalid Switch: ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)

 
 < FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) >

Invalid Switch: GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

 
 < FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) >

Invalid Switch: DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

 
 < FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) >

Invalid Switch: JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

 
 < FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) >

Invalid Switch: YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

 
 < FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) >

Invalid Switch: NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

 
 < FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) >

Invalid Switch: nppl3260;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

 
 < FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) >

Invalid Switch: nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

 
 < FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) >

Invalid Switch: nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

 
 < FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) >

Invalid Switch: nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

 
 < FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) >

Invalid Switch: nprpplugin;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

 
 < FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) >

Invalid Switch: Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

 
 < FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) >

Invalid Switch: Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

 
 < FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) >

 
 < FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\manfred\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) >

Invalid Switch: Facebook Video Calling Plugin: C:\Users\manfred\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

 
 < FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) >

Invalid Switch: GoogleTalkPlugin: C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

 
 < FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () >

Invalid Switch: O3DPlugin: C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

 
 < FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\manfred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) >

Invalid Switch: Google Update;version=3: C:\Users\manfred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

 
 < FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\manfred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) >

Invalid Switch: Google Update;version=9: C:\Users\manfred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

 
 < FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.) >

Invalid Switch: fbDesktopPlugin: C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)

 
 <   >

 
 < FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.02.19 17:39:44 | 000,000,000 | ---D | M] >

 
 < FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.03 15:40:31 | 000,000,000 | ---D | M] >

 
 < FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 22:32:12 | 000,000,000 | ---D | M] >

 
 < FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 22:32:10 | 000,000,000 | ---D | M] >

 
 < FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.03.14 22:28:06 | 000,000,000 | ---D | M] >

 
 < FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 22:32:12 | 000,000,000 | ---D | M] >

 
 < FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 22:32:10 | 000,000,000 | ---D | M] >

 
 <   >

 
 < [2012.02.15 17:30:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\Extensions >

 
 < [2012.10.28 01:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions >

 
 < [2012.10.11 22:35:48 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} >

 
 < [2012.08.22 20:10:25 | 000,000,000 | ---D | M] (Avanquest App'-Anwendungsleiste Community Toolbar) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3} >

 
 < [2012.10.16 00:44:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} >

 
 < [2012.05.20 10:56:27 | 000,009,693 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\java@flyordie.com.xpi >

 
 < [2012.09.26 21:15:19 | 000,027,267 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\map@quickmaps.me.xpi >

 
 < [2012.10.28 01:46:01 | 000,091,555 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\printedit@DW-dev.xpi >

 
 < [2012.07.29 22:14:44 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi >

 
 < [2012.02.18 21:03:48 | 000,000,933 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\11-suche.xml >

 
 < [2012.02.18 21:03:49 | 000,002,419 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\englische-ergebnisse.xml >

 
 < [2012.02.18 21:03:48 | 000,010,525 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\gmx-suche.xml >

 
 < [2012.02.18 21:03:49 | 000,002,457 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\lastminute.xml >

 
 < [2012.02.18 21:03:48 | 000,005,508 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\webde-suche.xml >

 
 < [2012.10.27 22:32:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions >

 
 < [2012.07.03 15:40:31 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT >

 
 < [2012.10.27 22:32:12 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll >

 
 < [2012.07.03 15:40:07 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll >

 
 < [2011.07.12 05:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll >

 
 < [2012.08.25 10:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml >

 
 < [2012.08.25 10:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml >

 
 < [2012.08.25 10:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml >

 
 < [2012.08.25 10:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml >

 
 < [2012.08.25 10:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml >

 
 < [2012.08.25 10:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml >

 
 <   >

 
 < ========== Chrome  ========== >

Invalid Switch: color]

 
 <   >

 
 < CHR - homepage: hxxp://www.google.com/ >

Invalid Switch: 

 
 < CHR - default_search_provider: Google (Enabled) >

 
 < CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} >

 
 < CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, >

 
 < CHR - homepage: hxxp://www.google.com/ >

Invalid Switch: 

 
 < CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer >

 
 < CHR - plugin: Native Client (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll >

 
 < CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll >

 
 < CHR - plugin: Shockwave Flash (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll >

 
 < CHR - plugin: Shockwave Flash (Disabled) = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll >

 
 < CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll >

 
 < CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll >

 
 < CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll >

 
 < CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll >

 
 < CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll >

 
 < CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll >

 
 < CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll >

 
 < CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll >

 
 < CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll >

 
 < CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll >

 
 < CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll >

 
 < CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll >

 
 < CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll >

 
 < CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll >

 
 < CHR - plugin: Facebook Desktop (Enabled) = C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll >

 
 < CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\manfred\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll >

 
 < CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll >

 
 < CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll >

 
 < CHR - Extension: Counter Strike (Flash-Version) = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcbegflbljflchoahmigblmabofoinkh\1.0.1_0\ >

 
 < CHR - Extension: avast! WebRep = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1203_0\ >

 
 < CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ >

 
 < CHR - Extension: Plants vs Zombies = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\ >

 
 <   >

 
 < O1 HOSTS File: ([2009.06.11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts >

 
 < O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) >

 
 < O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) >

 
 < O2 - BHO: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Program Files\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.) >

 
 < O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) >

 
 < O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) >

 
 < O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) >

 
 < O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) >

 
 < O3 - HKLM\..\Toolbar: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.) >

 
 < O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) >

 
 < O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () >

 
 < O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) >

 
 < O3 - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\..\Toolbar\WebBrowser: (Avanquest App'-Anwendungsleiste Toolbar) - {1D8566BD-F06F-4029-A3BE-BA80AF5A09F3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.) >

 
 < O3 - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () >

 
 < O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) >

 
 < O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) >

 
 < O4 - HKLM..\Run: [TaskTray]  File not found >

 
 < O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) >

 
 < O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) >

 
 < O4 - HKLM..\Run: [USB Antivirus] C:\Programme\USB Disk Security\USBGuard.exe (Zbshareware Lab) >

 
 < O4 - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000..\Run: []  File not found >

 
 < O4 - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000..\Run: [Facebook Update] C:\Users\manfred\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) >

 
 < O4 - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) >

 
 < O4 - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) >

 
 < O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) >

 
 < O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) >

 
 < O4 - Startup: C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook) >

 
 < O4 - Startup: C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () >

 
 < O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 >

 
 < O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 >

 
 < O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) >

 
 < O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) >

 
 < O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) >

 
 < O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) >

 
 < O13 - gopher Prefix: missing >

 
 < O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) >

Invalid Switch: jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)

 
 < O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) >

Invalid Switch: jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

 
 < O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) >

Invalid Switch: jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

 
 < O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) >

Invalid Switch: jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)

 
 < O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CAE6AB4-F441-49C1-8BC4-17A07A1B4578}: NameServer = 10.68.80.1 >

 
 < O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1F44AEA-9C2D-4102-A3D6-B26516F71AFF}: DhcpNameServer = 124.106.7.2 124.106.5.2 >

 
 < O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) >

 
 < O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) >

 
 < O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) >

 
 < O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) >

 
 < O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. >

 
 < O32 - HKLM CDRom: AutoRun - 1 >

 
 < O32 - AutoRun File - [2012.06.26 22:57:06 | 000,284,654 | ---- | M] () - C:\auto verkaufsschild.PNG -- [ NTFS ] >

 
 < O32 - AutoRun File - [2009.06.11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] >

 
 < O32 - AutoRun File - [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ] >

 
 < O32 - AutoRun File - [2008.06.17 10:13:46 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] >

 
 < O33 - MountPoints2\{751940b0-5bb9-11e1-a9b3-e839df2c34d5}\Shell - "" = AutoRun >

 
 < O33 - MountPoints2\{751940b0-5bb9-11e1-a9b3-e839df2c34d5}\Shell\AutoRun\command - "" = E:\AutoRun.exe >

 
 < O33 - MountPoints2\{75466f3a-5add-11e1-a4e4-806e6f6e6963}\Shell - "" = AutoRun >

 
 < O33 - MountPoints2\{75466f3a-5add-11e1-a4e4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe >

 
 < O33 - MountPoints2\{75466f86-5add-11e1-a4e4-e839df2c34d5}\Shell - "" = AutoRun >

 
 < O33 - MountPoints2\{75466f86-5add-11e1-a4e4-e839df2c34d5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) >

 
 < O33 - MountPoints2\E\Shell - "" = AutoRun >

 
 < O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe >

 
 < O33 - MountPoints2\F\Shell - "" = AutoRun >

 
 < O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) >

 
 < O34 - HKLM BootExecute: (autocheck autochk *) >

 
 < O35 - HKLM\..comfile [open] -- "%1" %* >

 
 < O35 - HKLM\..exefile [open] -- "%1" %* >

 
 < O37 - HKLM\...com [@ = comfile] -- "%1" %* >

 
 < O37 - HKLM\...exe [@ = exefile] -- "%1" %* >

 
 < O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) >

 
 < O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) >

 
 < O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) >

 
 <   >

 
 < ========== Files/Folders - Created Within 30 Days ========== >

Invalid Switch: color]

 
 <   >

 
 < [2012.10.27 22:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox >

 
 < [2012.10.23 23:28:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\manfred\Desktop\OTL.exe >

 
 < [2012.10.22 10:52:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe >

 
 < [2012.10.22 10:52:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe >

 
 < [2012.10.22 10:52:57 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll >

 
 < [2012.10.20 23:01:44 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\Neuer Ordner >

 
 < [2012.10.04 12:25:34 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\tausch >

 
 <   >

 
 < ========== Files - Modified Within 30 Days ========== >

Invalid Switch: color]

 
 <   >

 
 < [2012.10.30 04:39:05 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job >

 
 < [2012.10.30 04:26:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job >

 
 < [2012.10.30 03:57:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job >

 
 < [2012.10.30 03:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job >

 
 < [2012.10.29 22:39:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job >

 
 < [2012.10.29 19:39:16 | 000,001,284 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk >

 
 < [2012.10.29 14:44:08 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 >

 
 < [2012.10.29 14:44:08 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 >

 
 < [2012.10.29 14:39:11 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job >

 
 < [2012.10.29 14:38:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat >

 
 < [2012.10.29 14:38:52 | 2357,612,544 | -HS- | M] () -- C:\hiberfil.sys >

 
 < [2012.10.26 20:57:23 | 000,008,943 | ---- | M] () -- C:\Users\manfred\Desktop\11.PNG >

 
 < [2012.10.26 19:27:37 | 000,405,354 | ---- | M] () -- C:\wvb,,mn (2).PNG >

 
 < [2012.10.26 19:27:04 | 000,198,964 | ---- | M] () -- C:\wvb,,mn (1).PNG >

 
 < [2012.10.26 14:55:53 | 000,000,150 | ---- | M] () -- C:\Users\manfred\Desktop\Neues Betriebssystem im Handel Microsoft lockt Windows 8-Kunden zum Start mit Kampfpreis - Computer - FOCUS Online - Nachric.URL >

 
 < [2012.10.26 00:59:31 | 000,097,410 | ---- | M] () -- C:\Users\manfred\Desktop\1...PNG >

 
 < [2012.10.24 11:26:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job >

 
 < [2012.10.24 10:06:25 | 000,000,075 | ---- | M] () -- C:\Users\manfred\Desktop\Trojaner oder ............ - Trojaner-Board.URL >

 
 < [2012.10.23 23:28:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\manfred\Desktop\OTL.exe >

 
 < [2012.10.23 23:21:13 | 000,131,064 | ---- | M] () -- C:\Users\manfred\Desktop\2.PNG >

 
 < [2012.10.23 23:20:24 | 000,107,823 | ---- | M] () -- C:\Users\manfred\Desktop\1.PNG >

 
 < [2012.10.23 22:30:16 | 000,158,675 | ---- | M] () -- C:\sdbgh.PNG >

 
 < [2012.10.22 20:18:06 | 000,139,603 | ---- | M] () -- C:\Users\manfred\Desktop\fff.PNG >

 
 < [2012.10.22 14:58:45 | 000,187,929 | ---- | M] () -- C:\Users\manfred\Desktop\Unbenanntcdsx.PNG >

 
 < [2012.10.22 14:57:19 | 000,172,824 | ---- | M] () -- C:\Users\manfred\Desktop\cdfr.PNG >

 
 < [2012.10.20 14:53:33 | 000,012,493 | ---- | M] () -- C:\ght.PNG >

 
 < [2012.10.19 22:33:11 | 000,000,049 | ---- | M] () -- C:\Users\manfred\Desktop\Blue-Book.URL >

 
 < [2012.10.19 18:44:23 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat >

 
 < [2012.10.19 18:44:23 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat >

 
 < [2012.10.19 18:44:23 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat >

 
 < [2012.10.19 18:44:23 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat >

 
 < [2012.10.16 15:57:43 | 000,302,642 | ---- | M] () -- C:\Users\manfred\Desktop\Unbenanntse.PNG >

 
 < [2012.10.12 13:11:30 | 000,000,087 | ---- | M] () -- C:\Users\manfred\Desktop\Antworten auf Fragen von mt6215.URL >

 
 < [2012.10.11 22:42:26 | 000,000,095 | ---- | M] () -- C:\CallYa Sprach- und Smartphone-Tarife.URL >

 
 < [2012.10.11 21:08:48 | 000,000,061 | ---- | M] () -- C:\httpwww.lidl.dedeClassic-Tarif.URL >

 
 < [2012.10.11 21:08:42 | 000,000,063 | ---- | M] () -- C:\httpwww.lidl.dedeInternet-Stick1.URL >

 
 < [2012.10.11 20:55:29 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe >

 
 < [2012.10.11 20:55:29 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl >

 
 < [2012.10.11 20:27:55 | 000,002,459 | ---- | M] () -- C:\Users\manfred\Desktop\Google Chrome.lnk >

 
 < [2012.10.10 20:39:59 | 000,000,078 | ---- | M] () -- C:\Sternzeichen deutsch - englisch.URL >

 
 < [2012.10.10 19:35:18 | 000,000,076 | ---- | M] () -- C:\Users\manfred\Desktop\Barbie Games - Fun Games for Girls, Free - Dress-Up & Makeover, Arcade, Sports, Puzzle Game.URL >

 
 < [2012.10.09 15:56:10 | 000,045,056 | ---- | M] (Northern Codeworks) -- C:\Windows\NCUNINST.EXE >

 
 < [2012.10.03 08:24:35 | 000,278,066 | ---- | M] () -- C:\am,,lk.PNG >

 
 < [2012.10.03 08:20:55 | 000,026,876 | ---- | M] () -- C:\gg.PNG >

 
 < [2012.10.03 08:02:01 | 000,000,145 | ---- | M] () -- C:\Citizen GN-4-S, WR100,Wasserdicht 100m,Verschraubtes Gehäuse. in Altona - Bahrenfeld Accessoires & Schmuck eBay Kleinanzeige.URL >

 
 < [2012.10.02 23:09:54 | 000,054,649 | ---- | M] () -- C:\s1.PNG >

 
 < [2012.10.02 23:02:46 | 000,086,347 | ---- | M] () -- C:\s.PNG >

 
 <   >

 
 < ========== Files Created - No Company Name ========== >

Invalid Switch: color]

 
 <   >

 
 < [2012.10.26 20:57:22 | 000,008,943 | ---- | C] () -- C:\Users\manfred\Desktop\11.PNG >

 
 < [2012.10.26 19:27:37 | 000,405,354 | ---- | C] () -- C:\wvb,,mn (2).PNG >

 
 < [2012.10.26 19:27:04 | 000,198,964 | ---- | C] () -- C:\wvb,,mn (1).PNG >

 
 < [2012.10.26 14:55:53 | 000,000,150 | ---- | C] () -- C:\Users\manfred\Desktop\Neues Betriebssystem im Handel Microsoft lockt Windows 8-Kunden zum Start mit Kampfpreis - Computer - FOCUS Online - Nachric.URL >

 
 < [2012.10.26 00:59:31 | 000,097,410 | ---- | C] () -- C:\Users\manfred\Desktop\1...PNG >

 
 < [2012.10.24 10:06:25 | 000,000,075 | ---- | C] () -- C:\Users\manfred\Desktop\Trojaner oder ............ - Trojaner-Board.URL >

 
 < [2012.10.23 23:21:13 | 000,131,064 | ---- | C] () -- C:\Users\manfred\Desktop\2.PNG >

 
 < [2012.10.23 23:20:24 | 000,107,823 | ---- | C] () -- C:\Users\manfred\Desktop\1.PNG >

 
 < [2012.10.23 22:30:16 | 000,158,675 | ---- | C] () -- C:\sdbgh.PNG >

 
 < [2012.10.22 20:18:06 | 000,139,603 | ---- | C] () -- C:\Users\manfred\Desktop\fff.PNG >

 
 < [2012.10.22 14:58:45 | 000,187,929 | ---- | C] () -- C:\Users\manfred\Desktop\Unbenanntcdsx.PNG >

 
 < [2012.10.22 14:57:18 | 000,172,824 | ---- | C] () -- C:\Users\manfred\Desktop\cdfr.PNG >

 
 < [2012.10.20 14:53:33 | 000,012,493 | ---- | C] () -- C:\ght.PNG >

 
 < [2012.10.19 22:33:11 | 000,000,049 | ---- | C] () -- C:\Users\manfred\Desktop\Blue-Book.URL >

 
 < [2012.10.16 15:57:43 | 000,302,642 | ---- | C] () -- C:\Users\manfred\Desktop\Unbenanntse.PNG >

 
 < [2012.10.12 13:11:30 | 000,000,087 | ---- | C] () -- C:\Users\manfred\Desktop\Antworten auf Fragen von mt6215.URL >

 
 < [2012.10.11 22:42:26 | 000,000,095 | ---- | C] () -- C:\CallYa Sprach- und Smartphone-Tarife.URL >

 
 < [2012.10.11 21:08:48 | 000,000,061 | ---- | C] () -- C:\httpwww.lidl.dedeClassic-Tarif.URL >

 
 < [2012.10.11 21:08:42 | 000,000,063 | ---- | C] () -- C:\httpwww.lidl.dedeInternet-Stick1.URL >

 
 < [2012.10.10 20:39:59 | 000,000,078 | ---- | C] () -- C:\Sternzeichen deutsch - englisch.URL >

 
 < [2012.10.10 19:35:18 | 000,000,076 | ---- | C] () -- C:\Users\manfred\Desktop\Barbie Games - Fun Games for Girls, Free - Dress-Up & Makeover, Arcade, Sports, Puzzle Game.URL >

 
 < [2012.10.03 08:24:35 | 000,278,066 | ---- | C] () -- C:\am,,lk.PNG >

 
 < [2012.10.03 08:20:55 | 000,026,876 | ---- | C] () -- C:\gg.PNG >

 
 < [2012.10.03 08:02:01 | 000,000,145 | ---- | C] () -- C:\Citizen GN-4-S, WR100,Wasserdicht 100m,Verschraubtes Gehäuse. in Altona - Bahrenfeld Accessoires & Schmuck eBay Kleinanzeige.URL >

 
 < [2012.10.02 23:09:54 | 000,054,649 | ---- | C] () -- C:\s1.PNG >

 
 < [2012.10.02 23:02:46 | 000,086,347 | ---- | C] () -- C:\s.PNG >

 
 < [2012.02.19 12:31:33 | 000,021,504 | ---- | C] () -- C:\Users\manfred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini >

 
 < [2012.02.15 18:58:11 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll >

 
 < [2012.02.15 18:58:10 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini >

 
 < [2012.02.15 18:58:07 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll >

 
 < [2012.02.15 18:58:07 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll >

 
 < [2012.02.15 18:58:07 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll >

 
 < [2012.02.15 18:37:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config >

 
 < [2012.01.11 05:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin >

 
 < [2012.01.11 05:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin >

 
 < [2012.01.11 05:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin >

 
 < [2012.01.11 04:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll >

 
 < [2012.01.11 04:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll >

 
 < [2012.01.11 04:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll >

 
 <   >

 
 < ========== ZeroAccess Check ========== >

Invalid Switch: color]

 
 <   >

 
 < [2009.07.14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini >

 
 <   >

 
 < [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] >

 
 <   >

 
 < [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] >

 
 <   >

 
 < [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] >

 
 < "" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 09:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) >

 
 < "ThreadingModel" = Apartment >

 
 <   >

 
 < [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] >

 
 < "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 09:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) >

 
 < "ThreadingModel" = Free >

 
 <   >

 
 < [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] >

 
 < "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) >

 
 < "ThreadingModel" = Both >

 
 <   >

 
 < ========== LOP Check ========== >

Invalid Switch: color]

 
 <   >

 
 < [2012.02.21 01:07:20 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Farm Mania >

 
 < [2012.02.15 18:51:53 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\GrabPro >

 
 < [2012.03.14 00:22:22 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\IrfanView >

 
 < [2012.05.11 11:11:08 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Lingo4u >

 
 < [2012.03.14 22:31:14 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Nokia >

 
 < [2012.04.20 19:43:51 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\OpenOffice.org >

 
 < [2012.06.19 13:02:13 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Orbit >

 
 < [2012.03.30 16:41:06 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\PC Suite >

 
 < [2012.02.15 18:52:00 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\ProgSense >

 
 < [2012.07.29 00:11:35 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Toshiba >

 
 < [2012.03.21 23:37:37 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\uTorrent >

 
 < [2012.09.13 18:27:08 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Wildfire >

 
 < [2012.03.16 15:41:59 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\WinBatch >

 
 < [2012.02.22 08:52:59 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Windows SideBar >

 
 < [2012.02.15 16:53:29 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Zbshareware Lab >

 
 <   >

 
 < ========== Purity Check ========== >

Invalid Switch: color]

 
 <   >

 
 <   >

 
 <   >

 
 < ========== Files - Unicode (All) ========== >

Invalid Switch: color]

 
 < [2012.07.01 11:32:34 | 000,000,084 | ---- | M] ()(C:\????????/???? ??? ???? - YouTube.URL) -- C:\幸せになりたいね／大島優子 フォト ムービー - YouTube.URL >

Invalid Switch: ???? ??? ???? - YouTube.URL) -- C:\幸せになりたいね／大島優子 フォト ムービー - YouTube.URL

 
 < [2012.07.01 11:32:34 | 000,000,084 | ---- | C] ()(C:\????????/???? ??? ???? - YouTube.URL) -- C:\幸せになりたいね／大島優子 フォト ムービー - YouTube.URL >

Invalid Switch: ???? ??? ???? - YouTube.URL) -- C:\幸せになりたいね／大島優子 フォト ムービー - YouTube.URL

 
 < [2012.03.28 18:14:06 | 000,000,091 | ---- | M] ()(C:\? What If We Fall in Love ? - YouTube.URL) -- C:\♥ What If We Fall in Love ♥ - YouTube.URL >

 
 < [2012.03.28 18:14:06 | 000,000,091 | ---- | C] ()(C:\? What If We Fall in Love ? - YouTube.URL) -- C:\♥ What If We Fall in Love ♥ - YouTube.URL >

 
 <  >

 
 < < End of report >

--- --- ---

--- --- ---
>

========== Files - Unicode (All) ==========
[2012.07.01 11:32:34 | 000,000,084 | ---- | M] ()(C:\????????/???? ??? ???? - YouTube.URL) -- C:\幸せになりたいね／大島優子フォトムービー - YouTube.URL
[2012.07.01 11:32:34 | 000,000,084 | ---- | C] ()(C:\????????/???? ??? ???? - YouTube.URL) -- C:\幸せになりたいね／大島優子フォトムービー - YouTube.URL
[2012.03.28 18:14:06 | 000,000,091 | ---- | M] ()(C:\? What If We Fall in Love ? - YouTube.URL) -- C:\♥ What If We Fall in Love ♥ - YouTube.URL
[2012.03.28 18:14:06 | 000,000,091 | ---- | C] ()(C:\? What If We Fall in Love ? - YouTube.URL) -- C:\♥ What If We Fall in Love ♥ - YouTube.URL

< End of report >

ich hoffe das es nun richtig ist ,

habe gescant und dann kopiert und den text im eingabefeld bei OTL eingefügt ,dann auf --Quick Scan gedrückt - nun scant er nochmal . dann ging wieder eine seite auf . diesen text habe ich nun hier eingefügt .

mfg manfred

habe ich wieder was falsch gemacht ??:headbang:

nein nein, alles io

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

danke für die antwort

aber nun das problem : ich habe avast free

ich war nun auf der seite von avast und sehe da nichts zum ausschalten des programms .
wie geht das ??

mfg manfred

Combofix Logfile:

Code:

ComboFix 12-10-31.03 - manfred 01.11.2012  13:08:45.1.4 - x86

Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.2998.1800 [GMT 8:00]

ausgeführt von:: c:\users\manfred\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\manfred\AppData\Roaming\Microsoft\Windows\Recent\Baby i miss you - Chris Norman - with lyricswww.youtube.comno copyright intended.URL

c:\users\manfred\AppData\Roaming\Microsoft\Windows\Recent\God Will Make a Waywww.youtube.comDon Moen's popular song God Will Make a Way with lyrics.URL

c:\windows\system32\DEBUG.log

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-10-01 bis 2012-11-01  ))))))))))))))))))))))))))))))

.

.

2012-11-01 05:14 . 2012-11-01 05:14        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-11-01 03:55 . 2012-11-01 03:55        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{E467866C-414B-428B-BE74-4B64C718CC08}\offreg.dll

2012-10-22 02:52 . 2012-09-24 15:16        93672        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-11 12:55 . 2012-04-13 02:50        696760        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2012-10-11 12:55 . 2012-02-15 10:56        73656        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-09 07:56 . 2012-02-22 11:02        45056        ----a-w-        c:\windows\NCUNINST.EXE

2012-09-18 02:24 . 2012-05-20 02:48        821736        ----a-w-        c:\windows\system32\npDeployJava1.dll

2012-09-18 02:24 . 2012-02-15 10:57        746984        ----a-w-        c:\windows\system32\deployJava1.dll

2012-10-27 14:32 . 2012-10-27 14:32        261600        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{1d8566bd-f06f-4029-a3be-ba80af5a09f3}"= "c:\program files\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}]

2011-05-09 09:49        176936        ----a-w-        c:\program files\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{1d8566bd-f06f-4029-a3be-ba80af5a09f3}"= "c:\program files\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{1D8566BD-F06F-4029-A3BE-BA80AF5A09F3}"= "c:\program files\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-07-04 12:43        122512        ----a-w-        c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-01-03 6497592]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"Facebook Update"="c:\users\manfred\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-13 138096]

"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-02-01 1083264]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2010-11-09 824224]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 142616]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 177432]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 177944]

"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-07-03 296096]

"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

c:\users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Facebook Messenger.lnk - c:\users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe [2012-9-25 247728]

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-12-14 2749856]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]

R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]

R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]

S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

Inhalt des "geplante Tasks" Ordners

.

2012-11-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 12:55]

.

2012-10-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job

- c:\users\manfred\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-28 14:34]

.

2012-10-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job

- c:\users\manfred\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-28 14:34]

.

2012-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-19 03:32]

.

2012-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-19 03:32]

.

2012-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job

- c:\users\manfred\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-17 08:40]

.

2012-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job

- c:\users\manfred\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-17 08:40]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/

IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202

TCP: Interfaces\{21F0735F-35A1-4812-B527-E0E99412945B}: NameServer = 10.198.220.124 202.126.40.5

TCP: Interfaces\{5CAE6AB4-F441-49C1-8BC4-17A07A1B4578}: NameServer = 10.68.80.1

FF - ProfilePath - c:\users\manfred\AppData\Roaming\Mozilla\Firefox\Profiles\3til95lj.default\

FF - ExtSQL: 2012-09-27 20:04; {1018e4d6-728f-4b20-ad56-37578a4de76b}; c:\users\manfred\AppData\Roaming\Mozilla\Firefox\Profiles\3til95lj.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extensions.BabylonToolbar_i.babTrack, affID=66756

FF - user.js: extensions.BabylonToolbar_i.babExt - 

FF - user.js: extensions.BabylonToolbar_i.srcExt - def

FF - user.js: extensions.BabylonToolbar_i.id - d8f1fe63000000000000000000000000

FF - user.js: extensions.BabylonToolbar_i.hardId - d8f1fe63000000000000000000000000

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15444

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.176:11

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babclient

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - std

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKLM-Run-TaskTray - (no file)

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2012-11-01  13:16:13

ComboFix-quarantined-files.txt  2012-11-01 05:16

.

Vor Suchlauf: 26 Verzeichnis(se), 239.976.271.872 Bytes frei

Nach Suchlauf: 30 Verzeichnis(se), 240.920.682.496 Bytes frei

.

- - End Of File - - F0D04BAF03088B1875E6A2F52495E161

--- --- ---

ein neustart wurde nicht gemacht

malwarebytes:
Downloade Dir bitte Malwarebytes

Installiere
das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche
nach Aktualisierung
Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet
ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste
das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.02.09

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
manfred :: MANFRED-LAPTOP [Administrator]

Schutz: Aktiviert

03.11.2012 01:52:04
mbam-log-2012-11-03 (01-52-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 347742
Laufzeit: 1 Stunde(n), 37 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)