Trojaner-Board - Polizei Control Department

Hallo Leo,

habe alles nach deiner Beschreibung durchgeführt. Soweit auch alles OK. Beim Neustart ist kurz ein Bluescreen gekommen und er hat im abgesicherten Modus gestartet. Nach weiterem Neustart war wieder alles OK. Beim defogger kam keine Anweisung wegen Re-enable.

Nun werde ich versuchen die Dateien zu posten. Ich hoffe das passt so
LG hubi

Code:

GMER 2.1.18952 - hxxp://www.gmer.net

Rootkit scan 2013-02-18 14:28:37

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200AAJS-00L7A0 rev.01.03E01 298,09GB

Running: 9p2dohwf.exe; Driver: C:\Users\Uwe\AppData\Local\Temp\kxkoypoc.sys
 
 

---- User code sections - GMER 2.1 ----
 

.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000076801465 2 bytes [80, 76]

.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000768014bb 2 bytes [80, 76]

.text   ...                                                                                                                * 2
 

---- Threads - GMER 2.1 ----
 

Thread  C:\Windows\system32\svchost.exe [748:948]                                                                          000007fef8742154

Thread  C:\Windows\System32\svchost.exe [908:1068]                                                                         000007fefb47331c

Thread  C:\Windows\System32\svchost.exe [908:1080]                                                                         000007fefb3da2b0

Thread  C:\Windows\System32\svchost.exe [908:2456]                                                                         000007fefa5088f8

Thread  C:\Windows\System32\svchost.exe [908:2484]                                                                         000007fef1b714a0

Thread  C:\Windows\System32\svchost.exe [908:3844]                                                                         000007fefa2e44e0

Thread  C:\Windows\System32\svchost.exe [908:3924]                                                                         000007feeed43efc

Thread  C:\Windows\System32\svchost.exe [908:3748]                                                                         000007feeed88a4c

Thread  C:\Windows\system32\svchost.exe [1364:1604]                                                                        000007fefaac35c0

Thread  C:\Windows\system32\svchost.exe [1364:2428]                                                                        000007fefaac5600

Thread  C:\Windows\system32\svchost.exe [1364:2792]                                                                        000007fef19a2940

Thread  C:\Windows\system32\svchost.exe [1364:2904]                                                                        000007fef1962888

Thread  C:\Windows\system32\svchost.exe [1364:3048]                                                                        000007fef1962a40

Thread  C:\Windows\system32\taskhost.exe [2080:2184]                                                                       000007fef9381f38
 

---- EOF - GMER 2.1 ----

Und noch die beiden OTL und Extra - Sollte etwas nicht passen - Bitte um kurze Info

DANKE nochmal!!!
hubi

Code:

OTL Extras logfile created on: 18.02.2013 14:52:46 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Uwe\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

 

1,75 Gb Total Physical Memory | 0,73 Gb Available Physical Memory | 41,63% Memory free

3,50 Gb Paging File | 1,94 Gb Available in Paging File | 55,45% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 151,27 Gb Total Space | 94,71 Gb Free Space | 62,61% Space Free | Partition Type: NTFS

Drive D: | 146,72 Gb Total Space | 144,69 Gb Free Space | 98,62% Space Free | Partition Type: NTFS

Drive Z: | 465,76 Gb Total Space | 282,35 Gb Free Space | 60,62% Space Free | Partition Type: NTFS

 

Computer Name: NEBENRECHNER-PC | User Name: Uwe | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-1750272422-2619258354-601561177-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0DD13ED0-AE32-4A44-AB2B-8D9F90AB1AF4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{164E0C04-771A-4987-B7CD-D49CB64DC50D}" = rport=139 | protocol=6 | dir=out | app=system | 

"{1864184E-43BE-4FF5-9469-C6ABBB0A44B3}" = lport=137 | protocol=17 | dir=in | app=system | 

"{1AD8054A-917F-4FEA-93FE-EC9CCCE526A8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{22189416-F6E8-42AC-97B3-15AC396A0211}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{361B74A7-7898-4604-AF4A-11D124F58BD0}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{39B13CD1-F777-4632-B131-49E6C4644323}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{3C0A6C25-EE6F-4F86-86C7-0F4B5F5D52E3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{3DD058FC-6873-4DDE-B8EA-F30A34FB81F8}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{4F86902E-6BCE-4ADF-8F4B-3552AC4388A4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{5E820D8F-87DA-460E-A0D8-2FC8FCD69876}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{6F68C46C-D464-4EA2-9224-F5378DE29FD8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{7393F664-B6A1-4B4F-827A-6DC5E6A98278}" = rport=138 | protocol=17 | dir=out | app=system | 

"{81CD65F5-DAD5-420B-85D6-EF7EB04175C1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{835F8AF5-4CEE-4CA8-9764-983483C0D7EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{88FE9570-D2C8-4C93-B883-9E22462DFD74}" = lport=138 | protocol=17 | dir=in | app=system | 

"{8A01CFC6-4479-4CAF-AC90-23294A95A85C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{9B45E19A-D8A5-42F4-B692-394A2273BAF2}" = lport=445 | protocol=6 | dir=in | app=system | 

"{9D4B9EB1-145A-4498-B346-4A1F95D2310C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{ADA0F1C8-82FC-44DC-990F-7FBE81222D36}" = lport=139 | protocol=6 | dir=in | app=system | 

"{AEEB8296-2F20-4F24-B230-8253BC027AB6}" = rport=445 | protocol=6 | dir=out | app=system | 

"{B6D23D24-2F6F-4EE0-8CCC-DC93C830702A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{B72B833C-79F1-4D56-9412-AD98D54B8F2D}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{BC2A5550-79FF-4F55-A4A8-7376893AEA01}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{C343AB8D-2CBC-4BF7-986F-CCB9B830EC21}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{C36C1316-086E-47B8-9F6E-A5BD24010344}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{CB08BC44-6978-4453-A0C9-A54BDAD7111A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{CD137085-7481-4863-9C4D-A597026360DF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{D9A8646E-0E65-49EB-BDE5-8C663660D3C3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{E05907CC-F700-488C-9C34-F01FB2D55EE0}" = rport=137 | protocol=17 | dir=out | app=system | 

"{F028AC9A-8167-488E-A603-EFB79D50BF16}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01FA0CBC-1493-4B67-98EC-F62AF9992CE6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{1CCEA0FD-B0E4-4748-9399-6198CFECA9B9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{20B199D2-186E-48A3-A674-CC6EFCD26A86}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{226B84D0-EA7A-4BAA-8757-DF54A768CB98}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{285DA5DC-F1A2-4469-9C09-2851DD36F804}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{2EC868E8-4279-42C3-A291-DED420AC5C84}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{5A2AF1DB-E874-4F01-A106-63A9ADBF500F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{643C7BF4-0D49-4165-9B41-CAAC75FE511E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{680EE6C2-6469-4393-A054-A33C435CFD2F}" = protocol=6 | dir=out | app=system | 

"{6A0A1CD9-506D-4027-845B-16ACB90D28B5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{86AF789B-D461-4393-AA73-B205B3759507}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 

"{8792D1C8-4FCB-433F-B7EB-602DEC6FB2C6}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 

"{8E04942C-4532-429B-8B32-FD11F1450C62}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{991831B6-3AB7-4BD0-9288-336802CAEB90}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 

"{A29694CB-FE44-4EBD-927C-5E5D4A39CB6C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{A6A0749C-CD57-42B9-B851-0478157465F7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{B6BCD66F-B04F-456E-91BA-D00B0E99D9F8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{CD536C89-57FA-4CA1-B4E6-0F127380BC91}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{D8FE4B4A-4AC3-4996-B0CB-FACE118DE41D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{E3B70398-DE49-4E02-8040-4796C141ED16}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{E4D55F5C-892E-46C5-A5EE-EFE811C615C0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{E98DCAFF-7CB5-4E38-9B6D-8AD35D06B8CC}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 

"{F5E99DF9-C710-4CFA-82D5-BE182746779A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{FBF82BAB-1B07-4313-899C-E991D84ED288}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{FD118971-E784-4FD2-8837-9364E6E8A8F6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"TCP Query User{0C487E2D-46F7-46DB-B202-C12BE5E34D81}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 

"TCP Query User{1796DB72-E162-4B86-9345-CE7C3D287BEA}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 

"TCP Query User{F2846A78-F104-4646-8B50-209CC79F7865}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 

"UDP Query User{50E663B1-63C7-467B-996E-ED293D8452C4}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 

"UDP Query User{58398BF2-A73C-4AE4-B60C-8A5903F7B9E9}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 

"UDP Query User{85548E49-2C72-43BF-A7D4-366C6EE33F91}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{40BD15A3-E031-5CF1-6994-550A4C059127}" = ATI Catalyst Install Manager

"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{8839BB38-ED2A-983E-9B6F-3D3A0561C812}" = ccc-utility64

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)

"doPDF 7 printer_is1" = doPDF 7.1 printer

"mFiN-PDF_is1" = mFiN-PDF (novaPDF OEM 7.0 printer)

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Redirection Port Monitor" = RedMon - Redirection Port Monitor

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime

"{0473431D-BD96-CF15-20E4-E0D7DC10AD26}" = CCC Help Chinese Standard

"{086A7D8C-0A38-4C7F-819A-620275550D5C}" = Nero Burning ROM Help

"{130FDD98-1B63-81EA-B3D7-1B433D7B618E}" = CCC Help Czech

"{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{2213939A-BE42-6E81-2535-B9D4472913F8}" = CCC Help Portuguese

"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help

"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in

"{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}" = OLYMPUS Digital Camera Updater

"{2F67065F-4996-16ED-0512-8BBBEDB81A5B}" = CCC Help German

"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed

"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode

"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent

"{383994F0-C2A2-60D8-1CC3-66FC2D59A05D}" = CCC Help Finnish

"{3A528452-356F-C893-C35F-E3D80A226E45}" = CCC Help English

"{429FF822-DC94-1235-4520-FFDC91596ED1}" = CCC Help Swedish

"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision

"{48C4479E-F3EE-FD46-5200-AF260F7E87A2}" = Catalyst Control Center Graphics Full New

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1

"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0

"{511A29A9-11EF-21C1-B0A7-F933824D8447}" = CCC Help Turkish

"{55C4E412-C5D9-DD5C-83CD-53B2762E65C4}" = CCC Help Chinese Traditional

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress

"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help

"{5DDDE1AA-42B3-4493-917B-FEAE674A08F8}_is1" = Einkommenssicherung 1.14

"{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help

"{5EC30B43-6501-F465-1505-A2DB41B4113F}" = CCC Help Spanish

"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help

"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner

"{62B6C3FD-E57A-83A0-C2FF-B3E624B17492}" = CCC Help Hungarian

"{63B152B4-4814-E1CA-B781-9B2CD23028BD}" = Catalyst Control Center Graphics Previews Vista

"{65A36920-ADC5-EDE8-9F79-DFC691C9A82E}" = Catalyst Control Center Core Implementation

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7177EE4E-3D1D-4F45-85B5-B93DC758BA0B}" = OLYMPUS Viewer 2

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{76E4856F-F288-3165-30CF-FEEF03D29B52}" = CCC Help Polish

"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{77ED0A78-8C9D-548F-1F0E-75ABC5CF5444}" = CCC Help Danish

"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights

"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help

"{848929E1-76A3-FC37-18C6-62AACF4F3CF7}" = Catalyst Control Center Graphics Full Existing

"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later

"{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = Olympus ib

"{8BEBFC25-802A-7443-87AE-BDFC41527594}" = ccc-core-static

"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{98A67610-A3B5-4098-A423-3708040026D3}" = "Nero SoundTrax Help

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BBF60B1-265F-13E8-70E1-8CC88CCD3115}" = Catalyst Control Center Localization All

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C6EB542-9032-1F26-193E-A21226FBEF32}" = CCC Help Korean

"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap

"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor

"{a4df2198-18ba-4fbc-b9f5-d2f44f592155}" = Nero 9

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime

"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch

"{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help

"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader

"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles

"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center

"{B5DE4A84-7193-A9FE-2C3A-A773E886A53F}" = CCC Help Norwegian

"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit

"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter

"{C13B977D-9658-53BF-3B79-A8BCE058090E}" = Catalyst Control Center InstallProxy

"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax

"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help

"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help

"{CECC39B9-3E8E-823C-FF2F-93868FEAA6DA}" = CCC Help Japanese

"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM

"{D26FC127-8398-4D3C-C9BE-562E4DC81F98}" = CCC Help Thai

"{D4EAE93A-5A9F-46f7-0100-000000000000}" = i-gotU Suite

"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime

"{E09127D3-CF83-BE1F-8F59-8CF0A9E48EC0}" = CCC Help Dutch

"{E215568A-DAD0-6482-5531-6FDBD5FD3112}" = CCC Help French

"{E4A68721-042C-EFED-01C5-DF83E63B8AC5}" = CCC Help Greek

"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help

"{E613E401-A4F2-2C1F-ABF2-A3E5EFDEDA9D}" = Catalyst Control Center Graphics Light

"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer

"{E903279F-5A37-6D67-100B-40A7CC2B6763}" = CCC Help Russian

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget

"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help

"{F86947BA-0A68-8DE2-BDEF-E8822981A5FF}" = CCC Help Italian

"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe SVG Viewer" = Adobe SVG Viewer 3.0

"Avira AntiVir Desktop" = Avira Free Antivirus

"easy2000 Lohnverrechnung_is1" = easy2000 Lohnverrechnung 2013

"FreePDF_XP" = FreePDF (Remove only)

"Google Chrome" = Google Chrome

"GPL Ghostscript 8.71" = GPL Ghostscript 8.71

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager

"InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = Olympus ib

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100

"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"RealPlayer 16.0" = RealPlayer

"ShotOnline" = ShotOnline

"TeamViewer 7" = TeamViewer 7

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1750272422-2619258354-601561177-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 10.09.2012 01:33:28 | Computer Name = Nebenrechner-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files

 (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in  Manifest-

 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion

 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt

 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error - 10.09.2012 09:29:51 | Computer Name = Nebenrechner-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files

 (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in  Manifest-

 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion

 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt

 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error - 11.09.2012 04:03:53 | Computer Name = Nebenrechner-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16448,

 Zeitstempel: 0x4fecf1b7  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,

 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x547b6e0e  ID des fehlerhaften

 Prozesses: 0x1294  Startzeit der fehlerhaften Anwendung: 0x01cd8ff13dc84f88  Pfad der

 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad

 des fehlerhaften Moduls: unknown  Berichtskennung: 3a11cef4-fbe7-11e1-a66b-90e6ba52a220

 

Error - 12.09.2012 06:28:03 | Computer Name = Nebenrechner-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files

 (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in  Manifest-

 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion

 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt

 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error - 13.09.2012 09:31:49 | Computer Name = Nebenrechner-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files

 (x86)\real\realplayer\plugins\rmxrend.dll".  Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 13.09.2012 12:40:13 | Computer Name = Nebenrechner-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files

 (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in  Manifest-

 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion

 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt

 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error - 15.09.2012 04:20:30 | Computer Name = Nebenrechner-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files

 (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in  Manifest-

 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion

 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt

 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error - 15.09.2012 12:55:57 | Computer Name = Nebenrechner-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files

 (x86)\real\realplayer\plugins\rmxrend.dll".  Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 15.09.2012 13:26:31 | Computer Name = Nebenrechner-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files

 (x86)\real\realplayer\plugins\rmxrend.dll".  Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 16.09.2012 04:18:11 | Computer Name = Nebenrechner-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files

 (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in  Manifest-

 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion

 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt

 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

[ System Events ]

Error - 17.02.2013 14:51:03 | Computer Name = Nebenrechner-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 17.02.2013 14:51:03 | Computer Name = Nebenrechner-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 17.02.2013 14:52:51 | Computer Name = Nebenrechner-PC | Source = atikmdag | ID = 52236

Description = CPLIB :: General - Invalid Parameter

 

Error - 17.02.2013 14:52:51 | Computer Name = Nebenrechner-PC | Source = atikmdag | ID = 43029

Description = Display is not active

 

Error - 18.02.2013 02:57:47 | Computer Name = Nebenrechner-PC | Source = atikmdag | ID = 52236

Description = CPLIB :: General - Invalid Parameter

 

Error - 18.02.2013 02:57:47 | Computer Name = Nebenrechner-PC | Source = atikmdag | ID = 43029

Description = Display is not active

 

Error - 18.02.2013 09:40:27 | Computer Name = Nebenrechner-PC | Source = BugCheck | ID = 1001

Description = 

 

Error - 18.02.2013 09:40:21 | Computer Name = Nebenrechner-PC | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   avipbb  avkmgr  discache  spldr  Wanarpv6

 

Error - 18.02.2013 09:42:38 | Computer Name = Nebenrechner-PC | Source = atikmdag | ID = 52236

Description = CPLIB :: General - Invalid Parameter

 

Error - 18.02.2013 09:42:38 | Computer Name = Nebenrechner-PC | Source = atikmdag | ID = 43029

Description = Display is not active

 

 

< End of report >

Code:

OTL logfile created on: 18.02.2013 14:52:46 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Uwe\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

 

1,75 Gb Total Physical Memory | 0,73 Gb Available Physical Memory | 41,63% Memory free

3,50 Gb Paging File | 1,94 Gb Available in Paging File | 55,45% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 151,27 Gb Total Space | 94,71 Gb Free Space | 62,61% Space Free | Partition Type: NTFS

Drive D: | 146,72 Gb Total Space | 144,69 Gb Free Space | 98,62% Space Free | Partition Type: NTFS

Drive Z: | 465,76 Gb Total Space | 282,35 Gb Free Space | 60,62% Space Free | Partition Type: NTFS

 

Computer Name: NEBENRECHNER-PC | User Name: Uwe | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013.02.18 14:51:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Uwe\Desktop\OTL.exe

PRC - [2013.02.12 15:28:54 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2013.02.12 15:28:41 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

PRC - [2013.02.12 15:28:40 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2013.02.12 15:28:40 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2012.12.24 11:36:35 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012.11.29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

PRC - [2012.10.23 10:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

PRC - [2012.07.03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

PRC - [2012.06.20 12:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe

PRC - [2012.02.02 15:14:56 | 000,096,128 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files (x86)\OLYMPUS\ib\olycamdetect.exe

PRC - [2009.09.05 16:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe

PRC - [2009.06.18 14:19:30 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2009.08.05 09:45:04 | 000,106,312 | ---- | M] () -- C:\PROGRA~2\MICROS~1\OFFICE11\OUTLCTL.DLL

MOD - [2003.07.11 01:09:28 | 000,048,192 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\1031\nsextint.dll

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - [2009.08.18 01:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2013.02.12 15:28:54 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2013.02.12 15:28:41 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)

SRV - [2013.02.12 15:28:40 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2013.02.10 09:44:22 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013.01.22 14:02:14 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012.11.29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)

SRV - [2012.10.23 10:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2010.09.29 17:47:00 | 004,032,992 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)

SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.06.18 14:19:30 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012.12.12 14:24:54 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2012.12.12 14:24:54 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.06.23 17:26:40 | 001,290,752 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)

DRV:64bit: - [2010.06.23 15:53:12 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)

DRV:64bit: - [2010.03.10 14:02:18 | 000,102,624 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gpslc64.sys -- (gpslc64)

DRV:64bit: - [2009.09.09 09:13:26 | 000,024,208 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\OlyCamComm.sys -- (OlyCamComm)

DRV:64bit: - [2009.08.18 02:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.04.29 15:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)

DRV:64bit: - [2007.12.24 03:26:20 | 000,094,848 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\magpsc64.sys -- (magpsc64)

DRV:64bit: - [2005.03.29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2004.12.31 07:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-1750272422-2619258354-601561177-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.at/

IE - HKU\S-1-5-21-1750272422-2619258354-601561177-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKU\S-1-5-21-1750272422-2619258354-601561177-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1750272422-2619258354-601561177-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1750272422-2619258354-601561177-1000\..\SearchScopes\{C40E905D-984C-497C-9BA4-008F534B9CD0}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10397&src=kw&q={searchTerms}&locale=de_AT&apn_ptnrs=^ABV&apn_dtid=^YYYYYY^YY^AT&apn_uid=33c7bfae-4105-45ee-a933-0e5469e91b16&apn_sauid=84C8CF26-484B-4ED5-AAE1-5771C3886A4A

IE - HKU\S-1-5-21-1750272422-2619258354-601561177-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Ask.com"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"

FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.6

FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.13.100015

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.15.4.100015

FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10397&locale=de_US&apn_uid=33c7bfae-4105-45ee-a933-0e5469e91b16&apn_ptnrs=^ABV&apn_sauid=84C8CF26-484B-4ED5-AAE1-5771C3886A4A&apn_dtid=^YYYYYY^YY^AT&&q="

 

FF - user.js..browser.search.selectedEngine: "foxsearch"

FF - user.js..browser.search.order.1: "foxsearch"

FF - user.js..browser.search.defaultenginename: "foxsearch"

FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012.12.24 11:37:14 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.22 14:02:14 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.22 14:02:10 | 000,000,000 | ---D | M]

 

[2010.06.23 15:14:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Uwe\AppData\Roaming\mozilla\Extensions

[2013.01.20 15:27:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Uwe\AppData\Roaming\mozilla\Firefox\Profiles\dnm8n9th.default\extensions

[2013.01.20 15:27:11 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\Uwe\AppData\Roaming\mozilla\Firefox\Profiles\dnm8n9th.default\extensions\toolbar@ask.com

[2013.01.20 15:27:09 | 000,266,840 | ---- | M] () (No name found) -- C:\Users\Uwe\AppData\Roaming\mozilla\firefox\profiles\dnm8n9th.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

[2013.02.06 07:46:15 | 000,002,413 | ---- | M] () -- C:\Users\Uwe\AppData\Roaming\mozilla\firefox\profiles\dnm8n9th.default\searchplugins\askcom.xml

[2013.01.22 14:02:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2013.01.22 14:02:14 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.12.24 11:36:41 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll

[2012.11.19 10:17:14 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.11.19 10:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.11.19 10:17:14 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2010.06.24 17:39:36 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src

[2012.11.19 10:17:14 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.11.19 10:17:14 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.11.19 10:17:14 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

CHR - homepage: hxxp://www.google.com

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.122\pdf.dll

CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.122\gears.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.122\gcswf32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Gutscheinmieze-Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll

CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL

CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\Uwe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.

O3 - HKU\S-1-5-21-1750272422-2619258354-601561177-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)

O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [Olympus ib] C:\Program Files (x86)\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.)

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found

O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe (Virtools WebPlayer Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E62C5B4-6E48-4FF5-AD07-8E1FF9C47F04}: NameServer = 213.153.32.129,213.153.32.1

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18:64bit: - Protocol\Filter\text/xml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.02.18 14:51:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Uwe\Desktop\OTL.exe

[2013.02.17 19:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013.02.17 19:14:35 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013.02.17 19:14:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013.02.14 22:21:02 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2013.02.14 22:21:02 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2013.02.14 22:21:00 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013.02.14 22:21:00 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2013.02.14 22:21:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2013.02.14 22:21:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013.02.14 22:21:00 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2013.02.14 22:21:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2013.02.14 22:20:59 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013.02.14 22:20:59 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2013.02.14 22:20:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2013.02.14 22:20:59 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013.02.14 22:20:56 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013.02.14 22:20:56 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013.02.14 22:20:56 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2013.02.14 08:08:25 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2013.02.14 08:08:24 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2013.02.14 08:08:23 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2013.02.14 08:08:14 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2013.02.14 08:08:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2013.02.14 08:08:14 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2013.02.14 08:08:14 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2013.02.14 08:08:14 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2013.02.14 08:08:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2013.02.14 08:08:09 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS

[2013.02.12 10:16:28 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\Programs

[2013.02.05 09:12:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2013.02.05 09:12:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2013.01.22 14:02:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013.01.21 18:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OLYMPUS Digital Kamera Updater

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.02.18 14:51:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Uwe\Desktop\OTL.exe

[2013.02.18 14:51:03 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.02.18 14:51:03 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.02.18 14:51:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013.02.18 14:44:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013.02.18 14:42:56 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013.02.18 14:42:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.02.18 14:42:34 | 1408,634,880 | -HS- | M] () -- C:\hiberfil.sys

[2013.02.18 14:40:17 | 594,525,862 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2013.02.18 13:53:38 | 000,374,784 | ---- | M] () -- C:\Users\Uwe\Desktop\9p2dohwf.exe

[2013.02.18 13:50:33 | 000,000,000 | ---- | M] () -- C:\Users\Uwe\defogger_reenable

[2013.02.18 13:49:17 | 000,050,477 | ---- | M] () -- C:\Users\Uwe\Desktop\Defogger.exe

[2013.02.17 19:14:36 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013.02.16 20:12:42 | 095,023,320 | ---- | M] () -- C:\ProgramData\7280607.pad

[2013.02.16 17:42:26 | 000,002,683 | ---- | M] () -- C:\ProgramData\7280607.js

[2013.02.16 17:42:26 | 000,000,153 | ---- | M] () -- C:\ProgramData\7280607.reg

[2013.02.16 17:42:26 | 000,000,058 | ---- | M] () -- C:\ProgramData\7280607.bat

[2013.02.15 07:51:19 | 000,618,974 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013.02.15 07:51:18 | 001,526,976 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013.02.15 07:51:18 | 000,657,688 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2013.02.15 07:51:18 | 000,131,078 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2013.02.15 07:51:18 | 000,107,294 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013.02.15 07:37:07 | 000,417,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013.02.14 22:24:32 | 001,528,556 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013.02.10 09:44:21 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013.02.10 09:44:21 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013.02.05 09:12:00 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2013.01.31 11:18:54 | 000,000,780 | ---- | M] () -- C:\Users\Uwe\Desktop\easy2000 Lohnverrechnung 2013.lnk

[2013.01.21 18:46:41 | 000,001,115 | ---- | M] () -- C:\Users\Uwe\Desktop\OLYMPUS Digital Kamera Updater.lnk

 
 ========== Files Created - No Company Name ==========

 

[2013.02.18 13:53:38 | 000,374,784 | ---- | C] () -- C:\Users\Uwe\Desktop\9p2dohwf.exe

[2013.02.18 13:50:33 | 000,000,000 | ---- | C] () -- C:\Users\Uwe\defogger_reenable

[2013.02.18 13:48:09 | 000,050,477 | ---- | C] () -- C:\Users\Uwe\Desktop\Defogger.exe

[2013.02.17 19:14:36 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013.02.16 17:42:26 | 000,002,683 | ---- | C] () -- C:\ProgramData\7280607.js

[2013.02.16 17:42:26 | 000,000,153 | ---- | C] () -- C:\ProgramData\7280607.reg

[2013.02.16 17:42:26 | 000,000,058 | ---- | C] () -- C:\ProgramData\7280607.bat

[2013.02.16 17:42:23 | 095,023,320 | ---- | C] () -- C:\ProgramData\7280607.pad

[2013.01.31 11:18:54 | 000,000,780 | ---- | C] () -- C:\Users\Uwe\Desktop\easy2000 Lohnverrechnung 2013.lnk

[2012.11.16 08:16:32 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010.06.29 07:52:37 | 000,000,240 | ---- | C] () -- C:\Users\Uwe\AppData\Roaming\default.rss

[2010.06.24 17:42:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010.06.23 13:43:08 | 000,000,484 | ---- | C] () -- C:\Users\Uwe\AppData\Roaming\Desktop.lnk

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 

< End of report >

Hallo Leo,

hier die Logs:

Code:

OTL logfile created on: 18.02.2013 17:03:46 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Uwe\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

 

1,75 Gb Total Physical Memory | 0,42 Gb Available Physical Memory | 23,80% Memory free

3,50 Gb Paging File | 1,79 Gb Available in Paging File | 51,07% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 151,27 Gb Total Space | 97,47 Gb Free Space | 64,43% Space Free | Partition Type: NTFS

Drive D: | 146,72 Gb Total Space | 144,69 Gb Free Space | 98,62% Space Free | Partition Type: NTFS

Drive Z: | 465,76 Gb Total Space | 282,35 Gb Free Space | 60,62% Space Free | Partition Type: NTFS

 

Computer Name: NEBENRECHNER-PC | User Name: Uwe | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013.02.18 14:51:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Uwe\Desktop\OTL.exe

PRC - [2013.02.12 15:28:54 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2013.02.12 15:28:41 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

PRC - [2013.02.12 15:28:40 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2013.02.12 15:28:40 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2012.12.24 11:36:35 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012.11.29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

PRC - [2012.10.23 10:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

PRC - [2012.02.02 15:14:56 | 000,096,128 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files (x86)\OLYMPUS\ib\olycamdetect.exe

PRC - [2009.09.05 16:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe

PRC - [2009.06.18 14:19:30 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2009.08.05 09:45:04 | 000,106,312 | ---- | M] () -- C:\PROGRA~2\MICROS~1\OFFICE11\OUTLCTL.DLL

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - [2009.08.18 01:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2013.02.12 15:28:54 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2013.02.12 15:28:41 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)

SRV - [2013.02.12 15:28:40 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2013.02.10 09:44:22 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013.01.22 14:02:14 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012.11.29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)

SRV - [2012.10.23 10:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2010.09.29 17:47:00 | 004,032,992 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)

SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.06.18 14:19:30 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012.12.12 14:24:54 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2012.12.12 14:24:54 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.06.23 17:26:40 | 001,290,752 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)

DRV:64bit: - [2010.06.23 15:53:12 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)

DRV:64bit: - [2010.03.10 14:02:18 | 000,102,624 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gpslc64.sys -- (gpslc64)

DRV:64bit: - [2009.09.09 09:13:26 | 000,024,208 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\OlyCamComm.sys -- (OlyCamComm)

DRV:64bit: - [2009.08.18 02:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.04.29 15:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)

DRV:64bit: - [2007.12.24 03:26:20 | 000,094,848 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\magpsc64.sys -- (magpsc64)

DRV:64bit: - [2005.03.29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2004.12.31 07:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-1750272422-2619258354-601561177-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.at/

IE - HKU\S-1-5-21-1750272422-2619258354-601561177-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1750272422-2619258354-601561177-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1750272422-2619258354-601561177-1000\..\SearchScopes\{C40E905D-984C-497C-9BA4-008F534B9CD0}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10397&src=kw&q={searchTerms}&locale=de_AT&apn_ptnrs=^ABV&apn_dtid=^YYYYYY^YY^AT&apn_uid=33c7bfae-4105-45ee-a933-0e5469e91b16&apn_sauid=84C8CF26-484B-4ED5-AAE1-5771C3886A4A

IE - HKU\S-1-5-21-1750272422-2619258354-601561177-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.15.4.100015

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012.12.24 11:37:14 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.22 14:02:14 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.22 14:02:10 | 000,000,000 | ---D | M]

 

[2010.06.23 15:14:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Uwe\AppData\Roaming\mozilla\Extensions

[2013.02.18 16:30:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Uwe\AppData\Roaming\mozilla\Firefox\Profiles\dnm8n9th.default\extensions

[2013.01.20 15:27:09 | 000,266,840 | ---- | M] () (No name found) -- C:\Users\Uwe\AppData\Roaming\mozilla\firefox\profiles\dnm8n9th.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

[2013.01.22 14:02:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

File not found (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DNM8N9TH.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM

[2013.01.22 14:02:14 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.12.24 11:36:41 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll

[2012.11.19 10:17:14 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.11.19 10:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.11.19 10:17:14 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2010.06.24 17:39:36 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src

[2012.11.19 10:17:14 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.11.19 10:17:14 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.11.19 10:17:14 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

CHR - homepage: hxxp://www.google.com

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.122\pdf.dll

CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.122\gears.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.122\gcswf32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Gutscheinmieze-Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll

CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL

CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\Uwe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

 

O1 HOSTS File: ([2013.02.18 16:53:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.

O3 - HKU\S-1-5-21-1750272422-2619258354-601561177-1000\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)

O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [Olympus ib] C:\Program Files (x86)\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.)

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1750272422-2619258354-601561177-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1750272422-2619258354-601561177-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found

O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O13 - gopher Prefix: missing

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe (Virtools WebPlayer Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E62C5B4-6E48-4FF5-AD07-8E1FF9C47F04}: NameServer = 213.153.32.129,213.153.32.1

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18:64bit: - Protocol\Filter\text/xml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.02.18 17:02:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013.02.18 16:56:24 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013.02.18 16:37:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013.02.18 16:37:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013.02.18 16:37:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013.02.18 16:37:09 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013.02.18 16:36:46 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013.02.18 16:34:37 | 005,033,910 | R--- | C] (Swearware) -- C:\Users\Uwe\Desktop\ComboFix.exe

[2013.02.18 14:51:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Uwe\Desktop\OTL.exe

[2013.02.17 19:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013.02.17 19:14:35 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013.02.17 19:14:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013.02.12 10:16:28 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\Programs

[2013.02.05 09:12:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2013.02.05 09:12:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2013.01.22 14:02:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013.01.21 18:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OLYMPUS Digital Kamera Updater

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.02.18 17:07:46 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.02.18 17:07:46 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.02.18 17:02:13 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013.02.18 16:59:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.02.18 16:59:40 | 1408,634,880 | -HS- | M] () -- C:\hiberfil.sys

[2013.02.18 16:53:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013.02.18 16:51:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013.02.18 16:44:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013.02.18 16:34:38 | 005,033,910 | R--- | M] (Swearware) -- C:\Users\Uwe\Desktop\ComboFix.exe

[2013.02.18 16:29:15 | 000,587,671 | ---- | M] () -- C:\Users\Uwe\Desktop\adwcleaner0.exe

[2013.02.18 14:51:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Uwe\Desktop\OTL.exe

[2013.02.18 14:40:17 | 594,525,862 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2013.02.18 13:53:38 | 000,374,784 | ---- | M] () -- C:\Users\Uwe\Desktop\9p2dohwf.exe

[2013.02.18 13:50:33 | 000,000,000 | ---- | M] () -- C:\Users\Uwe\defogger_reenable

[2013.02.18 13:49:17 | 000,050,477 | ---- | M] () -- C:\Users\Uwe\Desktop\Defogger.exe

[2013.02.17 19:14:36 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013.02.15 07:51:19 | 000,618,974 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013.02.15 07:51:18 | 001,526,976 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013.02.15 07:51:18 | 000,657,688 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2013.02.15 07:51:18 | 000,131,078 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2013.02.15 07:51:18 | 000,107,294 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013.02.15 07:37:07 | 000,417,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013.02.14 22:24:32 | 001,528,556 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013.02.05 09:12:00 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2013.01.31 11:18:54 | 000,000,780 | ---- | M] () -- C:\Users\Uwe\Desktop\easy2000 Lohnverrechnung 2013.lnk

[2013.01.21 18:46:41 | 000,001,115 | ---- | M] () -- C:\Users\Uwe\Desktop\OLYMPUS Digital Kamera Updater.lnk

 
 ========== Files Created - No Company Name ==========

 

[2013.02.18 16:37:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013.02.18 16:37:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013.02.18 16:37:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013.02.18 16:37:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013.02.18 16:37:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013.02.18 16:29:15 | 000,587,671 | ---- | C] () -- C:\Users\Uwe\Desktop\adwcleaner0.exe

[2013.02.18 13:53:38 | 000,374,784 | ---- | C] () -- C:\Users\Uwe\Desktop\9p2dohwf.exe

[2013.02.18 13:50:33 | 000,000,000 | ---- | C] () -- C:\Users\Uwe\defogger_reenable

[2013.02.18 13:48:09 | 000,050,477 | ---- | C] () -- C:\Users\Uwe\Desktop\Defogger.exe

[2013.02.17 19:14:36 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013.01.31 11:18:54 | 000,000,780 | ---- | C] () -- C:\Users\Uwe\Desktop\easy2000 Lohnverrechnung 2013.lnk

[2012.11.16 08:16:32 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010.06.29 07:52:37 | 000,000,240 | ---- | C] () -- C:\Users\Uwe\AppData\Roaming\default.rss

[2010.06.24 17:42:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010.06.23 13:43:08 | 000,000,484 | ---- | C] () -- C:\Users\Uwe\AppData\Roaming\Desktop.lnk

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== LOP Check ==========

 

[2010.06.24 14:22:45 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\AMS

[2010.12.27 14:47:03 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Gutscheinmieze

[2012.04.07 12:29:04 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Mobile Action

[2012.04.07 10:30:08 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\MobileAction

[2011.08.10 09:21:24 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Softland

 
 ========== Purity Check ==========

 

 
 

< End of report >

Code:

ComboFix 13-02-18.01 - Uwe 18.02.2013  16:40:47.1.2 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.43.1031.18.1791.879 [GMT 1:00]

ausgeführt von:: c:\users\Uwe\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\7280607.bat

c:\programdata\7280607.js

c:\programdata\7280607.pad

c:\programdata\7280607.reg

c:\windows\SysWow64\ui

c:\windows\SysWow64\ui\BANNER\LOADINGEVENT1.SOR

c:\windows\SysWow64\ui\BANNER\LOADINGEVENT2.SOR

c:\windows\SysWow64\ui\BANNER\LOADINGIMGOPT.SOR

c:\windows\SysWow64\ui\BANNER\NOTICE_BANNER1.SOR

c:\windows\SysWow64\ui\BANNER\NOTICE_BANNER2.SOR

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-01-18 bis 2013-02-18  ))))))))))))))))))))))))))))))

.

.

2013-02-18 15:53 . 2013-02-18 15:53        --------        d-----w-        c:\users\Default\AppData\Local\temp

2013-02-17 18:14 . 2013-02-17 18:14        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2013-02-17 18:14 . 2012-12-14 15:49        24176        ----a-w-        c:\windows\system32\drivers\mbam.sys

2013-02-14 21:22 . 2013-01-09 01:10        996352        ----a-w-        c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-14 21:22 . 2013-01-08 22:01        768000        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-14 21:20 . 2013-01-09 01:53        763424        ----a-w-        c:\program files\Internet Explorer\iexplore.exe

2013-02-14 07:08 . 2013-01-05 05:53        5553512        ----a-w-        c:\windows\system32\ntoskrnl.exe

2013-02-14 07:08 . 2013-01-05 05:00        3967848        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe

2013-02-14 07:08 . 2013-01-05 05:00        3913064        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe

2013-02-14 07:08 . 2013-01-04 03:26        3153408        ----a-w-        c:\windows\system32\win32k.sys

2013-02-14 07:08 . 2013-01-04 05:46        215040        ----a-w-        c:\windows\system32\winsrv.dll

2013-02-14 07:08 . 2013-01-04 04:51        5120        ----a-w-        c:\windows\SysWow64\wow32.dll

2013-02-14 07:08 . 2013-01-04 02:47        25600        ----a-w-        c:\windows\SysWow64\setup16.exe

2013-02-14 07:08 . 2013-01-04 02:47        7680        ----a-w-        c:\windows\SysWow64\instnm.exe

2013-02-14 07:08 . 2013-01-04 02:47        14336        ----a-w-        c:\windows\SysWow64\ntvdm64.dll

2013-02-14 07:08 . 2013-01-04 02:47        2048        ----a-w-        c:\windows\SysWow64\user.exe

2013-02-14 07:08 . 2013-01-03 06:00        1913192        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2013-02-14 07:08 . 2013-01-03 06:00        288088        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS

2013-02-12 09:16 . 2013-02-12 09:16        --------        d-----w-        c:\users\Uwe\AppData\Local\Programs

2013-02-05 08:12 . 2013-02-05 08:12        --------        d-----w-        c:\program files (x86)\Common Files\Skype

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-14 21:26 . 2010-06-23 13:08        70004024        ----a-w-        c:\windows\system32\MRT.exe

2013-02-10 08:44 . 2012-11-19 09:30        697712        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2013-02-10 08:44 . 2011-09-15 14:31        74096        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-04 04:43 . 2013-02-14 07:08        44032        ----a-w-        c:\windows\apppatch\acwow64.dll

2012-12-24 10:36 . 2012-12-24 10:36        499712        ----a-w-        c:\windows\SysWow64\msvcp71.dll

2012-12-24 10:36 . 2012-12-24 10:36        348160        ----a-w-        c:\windows\SysWow64\msvcr71.dll

2012-12-16 17:11 . 2012-12-22 00:58        46080        ----a-w-        c:\windows\system32\atmlib.dll

2012-12-16 14:45 . 2012-12-22 00:58        367616        ----a-w-        c:\windows\system32\atmfd.dll

2012-12-16 14:13 . 2012-12-22 00:58        295424        ----a-w-        c:\windows\SysWow64\atmfd.dll

2012-12-16 14:13 . 2012-12-22 00:58        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll

2012-12-12 13:24 . 2012-11-12 09:16        99912        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2012-12-12 13:24 . 2012-11-12 09:16        129216        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-12-07 13:20 . 2013-01-09 07:38        441856        ----a-w-        c:\windows\system32\Wpc.dll

2012-12-07 13:15 . 2013-01-09 07:38        2746368        ----a-w-        c:\windows\system32\gameux.dll

2012-12-07 12:26 . 2013-01-09 07:38        308736        ----a-w-        c:\windows\SysWow64\Wpc.dll

2012-12-07 12:20 . 2013-01-09 07:38        2576384        ----a-w-        c:\windows\SysWow64\gameux.dll

2012-12-07 11:20 . 2013-01-09 07:38        30720        ----a-w-        c:\windows\system32\usk.rs

2012-12-07 11:20 . 2013-01-09 07:38        43520        ----a-w-        c:\windows\system32\csrr.rs

2012-12-07 11:20 . 2013-01-09 07:38        23552        ----a-w-        c:\windows\system32\oflc.rs

2012-12-07 11:20 . 2013-01-09 07:38        45568        ----a-w-        c:\windows\system32\oflc-nz.rs

2012-12-07 11:20 . 2013-01-09 07:38        44544        ----a-w-        c:\windows\system32\pegibbfc.rs

2012-12-07 11:20 . 2013-01-09 07:38        20480        ----a-w-        c:\windows\system32\pegi-fi.rs

2012-12-07 11:20 . 2013-01-09 07:38        20480        ----a-w-        c:\windows\system32\pegi-pt.rs

2012-12-07 11:19 . 2013-01-09 07:38        20480        ----a-w-        c:\windows\system32\pegi.rs

2012-12-07 11:19 . 2013-01-09 07:38        46592        ----a-w-        c:\windows\system32\fpb.rs

2012-12-07 11:19 . 2013-01-09 07:38        40960        ----a-w-        c:\windows\system32\cob-au.rs

2012-12-07 11:19 . 2013-01-09 07:38        21504        ----a-w-        c:\windows\system32\grb.rs

2012-12-07 11:19 . 2013-01-09 07:38        15360        ----a-w-        c:\windows\system32\djctq.rs

2012-12-07 11:19 . 2013-01-09 07:38        55296        ----a-w-        c:\windows\system32\cero.rs

2012-12-07 11:19 . 2013-01-09 07:38        51712        ----a-w-        c:\windows\system32\esrb.rs

2012-12-07 10:46 . 2013-01-09 07:38        43520        ----a-w-        c:\windows\SysWow64\csrr.rs

2012-12-07 10:46 . 2013-01-09 07:38        30720        ----a-w-        c:\windows\SysWow64\usk.rs

2012-12-07 10:46 . 2013-01-09 07:38        45568        ----a-w-        c:\windows\SysWow64\oflc-nz.rs

2012-12-07 10:46 . 2013-01-09 07:38        44544        ----a-w-        c:\windows\SysWow64\pegibbfc.rs

2012-12-07 10:46 . 2013-01-09 07:38        20480        ----a-w-        c:\windows\SysWow64\pegi-pt.rs

2012-12-07 10:46 . 2013-01-09 07:38        23552        ----a-w-        c:\windows\SysWow64\oflc.rs

2012-12-07 10:46 . 2013-01-09 07:38        20480        ----a-w-        c:\windows\SysWow64\pegi-fi.rs

2012-12-07 10:46 . 2013-01-09 07:38        46592        ----a-w-        c:\windows\SysWow64\fpb.rs

2012-12-07 10:46 . 2013-01-09 07:38        20480        ----a-w-        c:\windows\SysWow64\pegi.rs

2012-12-07 10:46 . 2013-01-09 07:38        21504        ----a-w-        c:\windows\SysWow64\grb.rs

2012-12-07 10:46 . 2013-01-09 07:38        40960        ----a-w-        c:\windows\SysWow64\cob-au.rs

2012-12-07 10:46 . 2013-01-09 07:38        15360        ----a-w-        c:\windows\SysWow64\djctq.rs

2012-12-07 10:46 . 2013-01-09 07:38        55296        ----a-w-        c:\windows\SysWow64\cero.rs

2012-12-07 10:46 . 2013-01-09 07:38        51712        ----a-w-        c:\windows\SysWow64\esrb.rs

2012-11-30 05:45 . 2013-01-09 07:38        362496        ----a-w-        c:\windows\system32\wow64win.dll

2012-11-30 05:45 . 2013-01-09 07:38        243200        ----a-w-        c:\windows\system32\wow64.dll

2012-11-30 05:45 . 2013-01-09 07:38        13312        ----a-w-        c:\windows\system32\wow64cpu.dll

2012-11-30 05:43 . 2013-01-09 07:38        16384        ----a-w-        c:\windows\system32\ntvdm64.dll

2012-11-30 05:41 . 2013-01-09 07:38        424448        ----a-w-        c:\windows\system32\KernelBase.dll

2012-11-30 05:41 . 2013-01-09 07:38        1161216        ----a-w-        c:\windows\system32\kernel32.dll

2012-11-30 05:38 . 2013-01-09 07:38        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 07:38        6144        ---ha-w-        c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 07:38        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 07:38        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 07:38        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 07:38        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 07:38        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 07:38        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 07:38        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 07:38        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 07:38        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 07:38        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 07:38        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 07:38        5120        ---ha-w-        c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 07:38        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 07:38        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 07:38        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 07:38        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 07:38        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 07:38        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 07:38        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 07:38        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 07:38        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 07:38        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 07:38        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 07:38        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 07:38        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 07:38        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-11-30 04:53 . 2013-01-09 07:38        274944        ----a-w-        c:\windows\SysWow64\KernelBase.dll

2012-11-30 04:45 . 2013-01-09 07:38        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 07:38        4608        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 07:38        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 07:38        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 07:38        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 07:38        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 07:38        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 07:38        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 07:38        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 07:38        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 07:38        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 07:38        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 07:38        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 07:38        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 07:38        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 07:38        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 07:38        5120        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 07:38        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 07:38        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 07:38        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 07:38        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2009-09-05 385024]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-25 98304]

"Olympus ib"="c:\program files (x86)\Olympus\ib\olycamdetect.exe" [2012-02-02 96128]

"MDS_Menu"="c:\program files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2011-08-30 223104]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-02-12 385248]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-12-24 295072]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="userinit.exe"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]

R3 dump_wmimmc;dump_wmimmc;c:\users\Uwe\ShotOnline\GameGuard\dump_wmimmc.sys [x]

R3 gpslc64;gpslc64;c:\windows\system32\Drivers\gpslc64.sys [2010-03-10 102624]

R3 magpsc64;magpsc64;c:\windows\system32\Drivers\magpsc64.sys [2007-12-24 94848]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\DRIVERS\OlyCamComm.sys [2009-09-09 24208]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-23 1255736]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-12 86752]

S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-02-12 565472]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]

S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-10-23 2848168]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-06-23 1290752]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-01-31 06:46        1607120        ----a-w-        c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe

.

Inhalt des "geplante Tasks" Ordners

.

2013-02-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-19 08:44]

.

2013-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-08 10:20]

.

2013-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-08 10:20]

.

.

--------- X64 Entries -----------

.

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://www.google.at/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll

TCP: Interfaces\{5E62C5B4-6E48-4FF5-AD07-8E1FF9C47F04}: NameServer = 213.153.32.129,213.153.32.1

FF - ProfilePath - c:\users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\dnm8n9th.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/

FF - ExtSQL: 2012-12-24 11:37; {34712C68-7391-4c47-94F3-8F88D49AD632}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2013-02-18  16:56:22

ComboFix-quarantined-files.txt  2013-02-18 15:56

.

Vor Suchlauf: 8 Verzeichnis(se), 101.589.282.816 Bytes frei

Nach Suchlauf: 11 Verzeichnis(se), 104.567.672.832 Bytes frei

.

- - End Of File - - 0EFC382186809002346B5F0F7C10B05D

Code:

# AdwCleaner v2.112 - Datei am 18/02/2013 um 16:30:07 erstellt

# Aktualisiert am 10/02/2013 von Xplode

# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)

# Benutzer : Uwe - NEBENRECHNER-PC

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\Uwe\Desktop\adwcleaner0.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Datei Gelöscht : C:\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\dnm8n9th.default\searchplugins\Askcom.xml

Ordner Gelöscht : C:\Program Files (x86)\Ask.com

Ordner Gelöscht : C:\Users\Uwe\AppData\Local\APN

Ordner Gelöscht : C:\Users\Uwe\AppData\Local\AskToolbar

Ordner Gelöscht : C:\Users\Uwe\AppData\Local\Temp\AskSearch

Ordner Gelöscht : C:\Users\Uwe\AppData\LocalLow\AskToolbar

Ordner Gelöscht : C:\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\dnm8n9th.default\extensions\toolbar@ask.com

Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gelöscht : HKCU\Software\APN

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar

Schlüssel Gelöscht : HKCU\Software\Ask.com

Schlüssel Gelöscht : HKCU\Software\AskToolbar

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Schlüssel Gelöscht : HKLM\Software\APN

Schlüssel Gelöscht : HKLM\Software\AskToolbar

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16464
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Mozilla Firefox v18.0 (de)
 

Datei : C:\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\dnm8n9th.default\prefs.js
 

C:\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\dnm8n9th.default\user.js ... Gelöscht !
 

Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");

Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");

Gelöscht : user_pref("browser.search.order.1", "Ask.com");

Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");

Gelöscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");

Gelöscht : user_pref("extensions.asktb.OOBEVersion", "2");

Gelöscht : user_pref("extensions.asktb.apn_dbr", "ie_9.0.8112.16421");

Gelöscht : user_pref("extensions.asktb.autofill-text-highlight-enabled", true);

Gelöscht : user_pref("extensions.asktb.cbid", "^ABV");

Gelöscht : user_pref("extensions.asktb.config-updated", false);

Gelöscht : user_pref("extensions.asktb.cr-o", "APN10397");

Gelöscht : user_pref("extensions.asktb.crumb", "2012.08.08+23.51.07-toolbar007iad-AT-U2FsemJ1cmcsQXVzdHJpYQ%3D%[...]

Gelöscht : user_pref("extensions.asktb.de_DF", "");

Gelöscht : user_pref("extensions.asktb.de_US", "");

Gelöscht : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://avira.ask.com/web?q={query}&o={o}&l={[...]

Gelöscht : user_pref("extensions.asktb.domain", "avira-int.ask.com");

Gelöscht : user_pref("extensions.asktb.domainName", "avira-int.ask.com");

Gelöscht : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^AT");

Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.finduny.com?client=mozilla-firefox[...]

Gelöscht : user_pref("extensions.asktb.first-restart-after-config-update", true);

Gelöscht : user_pref("extensions.asktb.fresh-install", false);

Gelöscht : user_pref("extensions.asktb.guid", "33c7bfae-4105-45ee-a933-0e5469e91b16");

Gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]

Gelöscht : user_pref("extensions.asktb.if", "first");

Gelöscht : user_pref("extensions.asktb.l", "dis");

Gelöscht : user_pref("extensions.asktb.last-config-req", "1360133175093");

Gelöscht : user_pref("extensions.asktb.last-search-timestamp", "1353423716525");

Gelöscht : user_pref("extensions.asktb.locale", "de_US");

Gelöscht : user_pref("extensions.asktb.localePref", true);

Gelöscht : user_pref("extensions.asktb.location", "Salzburg,Austria");

Gelöscht : user_pref("extensions.asktb.new-tab-opt-out", true);

Gelöscht : user_pref("extensions.asktb.notification-shown", true);

Gelöscht : user_pref("extensions.asktb.o", "APN10397");

Gelöscht : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);

Gelöscht : user_pref("extensions.asktb.qsrc", "2871");

Gelöscht : user_pref("extensions.asktb.r", "4");

Gelöscht : user_pref("extensions.asktb.sa", "YES");

Gelöscht : user_pref("extensions.asktb.saguid", "84C8CF26-484B-4ED5-AAE1-5771C3886A4A");

Gelöscht : user_pref("extensions.asktb.save-searches", false);

Gelöscht : user_pref("extensions.asktb.search-suggestions-enabled", true);

Gelöscht : user_pref("extensions.asktb.silent-upgrade", true);

Gelöscht : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);

Gelöscht : user_pref("extensions.asktb.socialmini-native-on", true);

Gelöscht : user_pref("extensions.asktb.themeid", "");

Gelöscht : user_pref("extensions.asktb.timeinstalled", "09.08.2012 08:52:17");

Gelöscht : user_pref("extensions.asktb.to", "");

Gelöscht : user_pref("extensions.asktb.v", "3.15.13.100015");

Gelöscht : user_pref("extensions.asktb.version", "5.15.13.33021");

Gelöscht : user_pref("extensions.enabledAddons", "%7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.6,toolbar%40ask.[...]

Gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10397&loc[...]
 

-\\ Google Chrome v24.0.1312.57
 

Datei : C:\Users\Uwe\AppData\Local\Google\Chrome\User Data\Default\Preferences
 

[OK] Die Datei ist sauber.
 

*************************
 

AdwCleaner[S1].txt - [8357 octets] - [18/02/2013 16:30:07]
 

########## EOF - C:\AdwCleaner[S1].txt - [8417 octets] ##########

Hoffe ich habe keine Fehler gemacht.

Viele Grüße
hubi