|
Word Datei verschlüsselt oder kann Sie nicht öffnen Hallo, ich hoffe Ihr könnt mir helfen. Wenn ich eine Word Datei öffnen möchte kommt folgende Meldung: File is encrypted This file can be decrypted using the program DirtyDecrypt.exe Press CTRL+ALT+D to run DirtyDecrypt.exe If DirtyDecrypt.exe not opened сheck the paths: C:\Program Files\Dirty\DirtyDecrypt.exe C:\Program Files (x86)\Dirty\DirtyDecrypt.exe C:\Users\[YOUR USER]\AppData\Roaming\Dirty\DirtyDecrypt.exe C:\Documents and Settings\[YOUR USER]\Application Data\Dirty\DirtyDecrypt.exe C:\Documents and Settings\[YOUR USER]\Local Settings\Application Data\Dirty\DirtyDecrypt.exe |
es kann sein das nicht nur deine word dateien verschlüsselt sind sondern auch bilder und so :( http://www.trojaner-board.de/69886-a...-beachten.html arbeite diese anleitung bitte ab und poste die logfiles hier im Thread mfg HardStylerx3 |
ich bin leider Anfänger Bilder sind auch weg |
arbeite bitte die anleitungen ab und poste die logfiles hier im thread es ist alles sehr gut erklärt :) der link steht ja oben :) |
TL logfile created on: 18.05.2013 15:16:31 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Herrmann\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 51,70% Memory free 6,21 Gb Paging File | 4,54 Gb Available in Paging File | 73,13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 574,59 Gb Total Space | 428,58 Gb Free Space | 74,59% Space Free | Partition Type: NTFS Drive D: | 21,56 Gb Total Space | 8,66 Gb Free Space | 40,18% Space Free | Partition Type: FAT32 Computer Name: HERRMANN-PC | User Name: Herrmann | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.23 16:38:02 | 001,226,928 | ---- | M] (AVG Secure Search) -- C:\Programme\AVG SafeGuard toolbar\vprot.exe PRC - [2013.05.23 16:38:01 | 001,015,984 | ---- | M] (AVG Secure Search) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe PRC - [2013.05.23 14:17:34 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.145\GoogleCrashHandler.exe PRC - [2013.05.18 15:03:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Herrmann\Downloads\OTL.exe PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2013.05.01 17:50:00 | 000,685,936 | R--- | M] (WinZip Computing, S.L.) -- C:\Programme\WinZip\WZQKPICK32.EXE PRC - [2013.03.04 11:23:28 | 000,101,552 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee\SiteAdvisor\McSACore.exe PRC - [2013.02.08 15:55:20 | 001,644,680 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe PRC - [2012.09.12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\NisSrv.exe PRC - [2012.09.12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2012.09.12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Programme\program\soffice.exe PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Programme\program\soffice.bin PRC - [2012.06.18 17:27:10 | 000,018,432 | ---- | M] () -- C:\Users\Herrmann\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE PRC - [2011.05.16 11:22:26 | 000,326,504 | ---- | M] (Uniblue Systems Limited) -- C:\Programme\Uniblue\DriverScanner\driverscanner.exe PRC - [2011.05.16 11:22:26 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Programme\Uniblue\DriverScanner\dsmonitor.exe PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.12.17 03:07:04 | 000,341,304 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!\IWatch.exe PRC - [2009.11.27 19:07:02 | 000,815,104 | ---- | M] (A Note) -- C:\Programme\A Note\A Note.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.06.13 14:24:02 | 000,081,920 | ---- | M] (Firebird Project) -- C:\Programme\Firebird\Firebird_2_1\bin\fbguard.exe PRC - [2008.06.13 14:22:50 | 002,723,840 | ---- | M] (Firebird Project) -- C:\Programme\Firebird\Firebird_2_1\bin\fbserver.exe PRC - [2007.10.25 16:08:58 | 000,206,128 | ---- | M] (AVM Berlin) -- C:\Programme\Common Files\AVM\De_serv.exe PRC - [2007.05.03 03:53:38 | 000,103,344 | ---- | M] (Lexmark International Inc.) -- C:\Programme\Lexmark 5200 Series\ezprint.exe PRC - [2007.05.03 03:51:38 | 000,230,320 | ---- | M] (Lexmark International, Inc.) -- C:\Programme\Lexmark 5200 Series\lxbtmon.exe PRC - [2007.05.03 03:48:52 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxbtcoms.exe ========== Modules (No Company Name) ========== MOD - [2013.05.23 16:38:03 | 000,158,384 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\SiteSafety.dll MOD - [2013.04.09 10:57:07 | 000,390,096 | ---- | M] () -- C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll MOD - [2013.04.09 10:57:06 | 013,130,704 | ---- | M] () -- C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll MOD - [2013.04.09 10:57:05 | 004,050,896 | ---- | M] () -- C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll MOD - [2013.04.09 10:56:15 | 000,598,480 | ---- | M] () -- C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll MOD - [2013.04.09 10:56:14 | 000,124,368 | ---- | M] () -- C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll MOD - [2013.04.09 10:56:13 | 001,606,096 | ---- | M] () -- C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Programme\program\libxml2.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.05.16 11:22:26 | 000,407,400 | ---- | M] () -- C:\Programme\Uniblue\DriverScanner\locale\de\de.dll MOD - [2011.05.16 11:22:26 | 000,071,016 | ---- | M] () -- C:\Programme\Uniblue\DriverScanner\InstallerExtensions.dll MOD - [2011.05.16 11:22:26 | 000,018,792 | ---- | M] () -- C:\Programme\Uniblue\DriverScanner\cwebpage.dll MOD - [2005.09.20 08:40:20 | 000,122,880 | ---- | M] () -- C:\Programme\Lexmark 5200 Series\lxbtdrec.dll MOD - [2005.06.14 17:08:28 | 000,196,608 | ---- | M] () -- C:\Programme\Lexmark 5200 Series\iptk.dll ========== Services (SafeList) ========== SRV - [2013.05.23 16:38:01 | 001,015,984 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe -- (vToolbarUpdater15.2.0) SRV - [2013.05.23 15:42:20 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2013.03.04 11:23:28 | 000,101,552 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Programme\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2013.03.01 12:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2012.09.12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.09.12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.06.18 17:27:10 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\Herrmann\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe -- (ColorZillaStatsUpdater) SRV - [2012.03.08 18:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.09.22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2008.06.13 14:24:02 | 000,081,920 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Programme\Firebird\Firebird_2_1\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance) SRV - [2008.06.13 14:22:50 | 002,723,840 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\Programme\Firebird\Firebird_2_1\bin\fbserver.exe -- (FirebirdServerDefaultInstance) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.10.25 16:08:58 | 000,206,128 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\Common Files\AVM\De_serv.exe -- (de_serv) SRV - [2007.05.03 03:48:52 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbtcoms.exe -- (lxbt_device) SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Herrmann\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134) DRV - [2013.05.23 16:38:04 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp) DRV - [2013.05.18 14:57:45 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1660FCF8-FE84-43D9-A18F-60F40DE38745}\MpKsl951db6a1.sys -- (MpKsl951db6a1) DRV - [2013.05.09 10:59:10 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2013.05.09 10:59:10 | 000,368,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2013.05.09 10:59:10 | 000,174,664 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm) DRV - [2013.05.09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2013.05.09 10:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt) DRV - [2013.05.09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2013.05.09 10:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2013.05.09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.08.30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011.05.10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2010.05.29 14:45:19 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2010.05.01 10:51:54 | 000,078,848 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\SSHDRV85.sys -- (SSHDRV85) DRV - [2010.04.30 14:16:23 | 000,005,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH) DRV - [2010.04.03 22:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.04.11 06:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) DRV - [2008.08.25 04:22:52 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2008.08.18 19:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2008.08.01 13:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007.10.25 16:07:24 | 000,334,640 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Netfritz.sys -- (NETFRITZ) DRV - [2007.05.07 02:00:00 | 000,064,512 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmcowan.sys -- (AVMCOWAN) DRV - [2004.05.17 11:21:54 | 000,017,280 | ---- | M] (Intellon, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\plcndis5.sys -- (PLCNDIS5) DRV - [2002.09.11 02:00:00 | 000,484,176 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fpcibase.sys -- (FPCIBASE) DRV - [2002.09.11 02:00:00 | 000,037,568 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmwan.sys -- (AVMWAN) DRV - [2001.10.23 00:00:00 | 000,059,520 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\avmport.sys -- (AVMPORT) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = StartPins IE - HKLM\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6BD63EF5-F376-4104-B390-F6E1E3BEDAAC} IE - HKLM\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = hxxp://startsear.ch/?q={searchTerms} IE - HKLM\..\SearchScopes\{7E16D914-CF36-4B14-A6F7-A7EB2F33452C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 81 FD 56 8D 4F CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=280612_5_&babsrc=SP_ss&mntrId=c802f32b000000000000406186023767 IE - HKCU\..\SearchScopes\{4AC17626-DCEC-4912-955D-380853AB4D1A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=59C775CB-8A0D-47B2-9B27-15BE4238F73C&apn_sauid=BC20E462-4887-4129-8F9B-DB55FC31F7B2 IE - HKCU\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = hxxp://startsear.ch/?q={searchTerms} IE - HKCU\..\SearchScopes\{7E16D914-CF36-4B14-A6F7-A7EB2F33452C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://mysearch.avg.com/search?cid={BAA0023A-1995-470B-9626-B5B1BBC7EE5A}&mid=ab83d13bf51d47d39ae5d14e3180e0c1-22282c4dc3b02cc32352678eedd9dd0af5242b0f&lang=en&ds=re011&pr=sa&d=2013-05-23 16:38:17&v=15.2.0.5&pid=safeguard&sg=2&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms} IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.defaultthis.engineName: "Ashampoo DE Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481020&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://mysearch.avg.com/?cid={BAA0023A-1995-470B-9626-B5B1BBC7EE5A}&mid=ab83d13bf51d47d39ae5d14e3180e0c1-22282c4dc3b02cc32352678eedd9dd0af5242b0f&lang=en&ds=re011&pr=sa&d=2013-05-23 16:38:17&v=15.2.0.5&pid=safeguard&sg=2&sap=hp" FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledAddons: {dd05fd3d-18df-4ce4-ae53-e795339c5f01}:1.21 FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.2.0 FF - prefs.js..extensions.enabledAddons: stats@colorzilla.com:2.7.12 FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.5.0 FF - prefs.js..extensions.enabledItems: sparweltgutscheinewl@sparwelt.de:1.0 FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:3.3.2.1 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.2.1 FF - prefs.js..keyword.URL: "" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Herrmann\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Herrmann\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.06.24 15:35:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013.05.23 15:18:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.05.23 15:10:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5 [2013.05.23 16:38:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.29 19:01:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.29 19:01:21 | 000,000,000 | ---D | M] [2010.05.08 14:51:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Extensions [2013.04.11 13:41:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions [2013.05.23 14:15:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.09.19 13:08:11 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}(227) [2012.09.19 13:08:12 | 000,000,000 | ---D | M] (Ashampoo DE Community Toolbar) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\{5786d022-540e-4699-b350-b4be0ae94b79}(228) [2012.09.19 13:08:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(229) [2013.05.23 14:14:59 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\ffxtlbr@babylon.com [2013.04.11 13:41:00 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\plugin@yontoo.com [2010.05.12 14:35:43 | 000,000,000 | ---D | M] (WINLOAD-Gutschein-Alarm) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\sparweltgutscheinewl@sparwelt.de [2013.04.11 13:40:18 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\SpecialSavings@SpecialSavings.com [2013.05.23 14:14:59 | 000,000,000 | ---D | M] (ColorZillaStats) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\stats@colorzilla.com [2013.05.23 14:14:59 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\toolbar@ask.com [2011.08.13 18:34:22 | 000,090,118 | ---- | M] () (No name found) -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi [2012.12.10 20:29:40 | 000,002,333 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\searchplugins\askcom.xml [2010.10.01 14:12:28 | 000,001,819 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\searchplugins\bing.xml [2011.07.24 15:36:54 | 000,000,925 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\searchplugins\conduit.xml [2010.05.29 14:45:38 | 000,002,059 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\searchplugins\daemon-search.xml [2011.07.11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\searchplugins\startsear.xml [2011.08.13 18:34:29 | 000,001,565 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\searchplugins\web-search.xml [2012.07.02 14:23:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.03.06 15:03:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.08.24 07:59:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.10 08:06:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.02.12 19:47:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.20 19:32:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.03 16:59:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2013.05.23 15:18:34 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR [2010.05.11 14:21:25 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [2010.08.24 07:59:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.10 08:06:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.02.12 19:47:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.20 19:32:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.03 16:59:24 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.07.08 09:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.08.31 12:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.28 13:17:29 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.05.23 07:14:41 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml [2013.05.23 16:38:24 | 000,003,725 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: AVG Secure Search (Enabled) CHR - default_search_provider: search_url = hxxp://mysearch.avg.com/search?cid={BAA0023A-1995-470B-9626-B5B1BBC7EE5A}&mid=ab83d13bf51d47d39ae5d14e3180e0c1-22282c4dc3b02cc32352678eedd9dd0af5242b0f&lang=en&ds=re011&pr=sa&d=2013-05-23 16:38:17&v=15.2.0.5&pid=safeguard&sg=2&sap=dsp&q={searchTerms} CHR - default_search_provider: suggest_url = hxxp://toolbar.avg.com/acp?q={searchTerms}&o=1 CHR - homepage: hxxp://mysearch.avg.com/?cid={BAA0023A-1995-470B-9626-B5B1BBC7EE5A}&mid=ab83d13bf51d47d39ae5d14e3180e0c1-22282c4dc3b02cc32352678eedd9dd0af5242b0f&lang=en&ds=re011&pr=sa&d=2013-05-23 16:38:17&v=15.2.0.5&pid=safeguard&sg=2&sap=hp CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Ask Toolbar = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.15.37265_0\ CHR - Extension: ColorZillaStats = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgfambohdeocadlemmdceabhlgccijal\2.7.12_0\ CHR - Extension: SiteAdvisor = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.61.113.2_1\ CHR - Extension: avast! Online Security = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.6_1\ CHR - Extension: vshare plugin = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\ CHR - Extension: AVG SafeGuard toolbar = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0\ O1 HOSTS File: ([2011.02.22 19:50:43 | 000,000,822 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Ashampoo DE Toolbar) - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ashampoo DE Toolbar) - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 5200 Series\ezprint.exe (Lexmark International Inc.) O4 - HKLM..\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe (ABBYY (BIT Software)) O4 - HKLM..\Run: [lxbtmon.exe] C:\Program Files\Lexmark 5200 Series\lxbtmon.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [MedionVFD] C:\Program Files\Medion Info Display\MdionLCMLH.exe (Dritek System Inc.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe (AVG Secure Search) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited) O4 - Startup: C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A Note.lnk = C:\Programme\A Note\A Note.exe (A Note) O4 - Startup: C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48CF551F-035E-4FE5-9A05-7EBBA2247674}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F5CB7E3-B8CB-45C1-8FDC-6394AF533536}: DhcpNameServer = 193.254.160.1 10.74.83.22 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9792E88B-7975-493F-8C0D-6FC5CE5ED023}: NameServer = 192.168.120.252,192.168.120.253 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{86844e6a-54fe-11df-93a4-000777640932}\Shell - "" = AutoRun O33 - MountPoints2\{86844e6a-54fe-11df-93a4-000777640932}\Shell\AutoRun\command - "" = I:\EasySuite.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.23 17:02:42 | 000,000,000 | ---D | C] -- C:\ReimageUndo [2013.05.23 16:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair [2013.05.23 16:38:15 | 000,037,664 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2013.05.23 16:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\AVG SafeGuard toolbar [2013.05.23 16:23:46 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\Documents\kav_rescue_10 (3) [2013.05.23 16:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip [2013.05.23 16:06:17 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\WinZip [2013.05.23 16:06:06 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\Documents\Add-in Express [2013.05.23 16:05:57 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip [2013.05.23 16:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip [2013.05.23 15:22:04 | 000,000,000 | ---D | C] -- C:\ProgramData\RapidSolution [2013.05.23 15:17:14 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\CrashRpt [2013.05.23 15:16:48 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audials USB 10 [2013.05.23 15:13:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive [2013.05.23 15:11:24 | 000,368,944 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2013.05.23 15:11:24 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2013.05.23 15:11:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013.05.23 15:11:22 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2013.05.23 15:11:22 | 000,049,760 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2013.05.23 15:11:21 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2013.05.23 15:11:20 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2013.05.23 15:11:18 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2013.05.23 15:10:22 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2013.05.23 15:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.05.23 15:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.05.23 15:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.05.23 14:34:42 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\RapidSolution [2013.05.23 14:19:08 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{C7FCE852-47EB-4677-8FCF-F21810BFC899} [2013.05.23 13:37:15 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\iLivid [2013.05.22 19:40:00 | 000,000,000 | ---D | C] -- C:\rei [2013.05.22 19:39:53 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\AVG SafeGuard toolbar [2013.05.22 19:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage [2013.05.22 19:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar [2013.05.22 19:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search [2013.05.22 19:39:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013.05.22 19:28:46 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{D7B4E242-0CD7-4852-8CEC-A2E7F4438170} [2013.05.22 17:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013.05.22 17:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2013.05.22 16:54:02 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2013.05.22 16:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2013.05.22 16:52:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013.05.22 16:52:38 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\Documents\Simply Super Software [2013.05.22 16:52:38 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Roaming\Simply Super Software [2013.05.22 16:52:15 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover [2013.05.22 16:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2013.05.22 16:39:24 | 000,000,000 | ---D | C] -- C:\sh4ldr [2013.05.22 16:39:24 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.05.21 13:26:38 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Roaming\fEJnNdCk [2013.05.21 13:26:35 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Roaming\Dirty [2013.05.21 13:03:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(18) [2013.05.21 13:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(19) [2013.05.17 18:58:57 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\WinZip Courier [2013.05.17 18:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZipEC [2013.05.17 18:58:42 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\assembly [2013.05.17 17:56:48 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2013.05.17 17:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\URE [2013.05.17 17:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\readmes [2013.05.17 17:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\share [2013.05.17 17:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\program [2013.05.17 17:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\Basis [2013.05.17 17:55:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.05.17 17:47:49 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\Desktop\OpenOffice.org 3.4.1 (de) Installation Files [2013.05.17 17:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.05.17 17:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013.05.17 17:27:45 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{BC0BE74D-6E13-41B4-93B3-09EDDAB620A8} [2013.05.01 11:34:32 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2013.04.30 06:54:18 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{159FB971-D1EB-4D5F-99E4-7590BD75872E} [2013.04.29 06:40:29 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{4BD078AA-2B67-42AD-BEFA-336ADA2558D8} [2013.04.28 12:33:07 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{4E36C6E6-6DEB-4EAB-B5A7-E30BB2793710} [2013.04.26 06:52:05 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{92B70286-D377-4319-8080-6082EC963C70} [2013.04.24 06:54:26 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{68389AA5-25E8-490A-B53D-A642859704E4} [2013.04.23 16:57:22 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\Documents\Burg [2013.04.23 06:52:32 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{7418967C-3027-439A-9FC5-2D0138A33D94} [2013.04.22 06:50:33 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{759C8B66-FA95-4D07-B25D-BED42EAFBD06} [2013.04.21 10:26:14 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{870F868F-916C-4B53-9476-A0E086740D49} [2013.04.20 10:20:01 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{B75AF3D7-B20D-4180-BD9C-667B727FD253} [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.23 17:02:44 | 000,009,216 | ---- | M] () -- C:\Windows\System32\Native.exe [2013.05.23 16:38:49 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk [2013.05.23 16:38:04 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2013.05.23 16:26:26 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.23 16:26:07 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1242251762-901191055-1999500024-1000UA.job [2013.05.23 16:06:21 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk [2013.05.23 16:06:21 | 000,001,804 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2013.05.23 15:16:52 | 000,001,272 | ---- | M] () -- C:\Users\Herrmann\Desktop\AudialsOne 10 USB starten.lnk [2013.05.23 15:11:24 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.05.23 15:11:20 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2013.05.23 15:09:18 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.05.23 14:26:17 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1242251762-901191055-1999500024-1000Core.job [2013.05.18 15:02:15 | 000,643,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.18 15:02:15 | 000,600,120 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.18 15:02:15 | 000,130,836 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.18 15:02:15 | 000,108,002 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.18 14:57:31 | 000,089,141 | ---- | M] () -- C:\ProgramData\nvModes.001 [2013.05.18 14:57:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.18 14:57:01 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job [2013.05.18 14:56:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.18 14:56:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.18 14:56:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.18 14:56:50 | 3220,484,096 | -HS- | M] () -- C:\hiberfil.sys [2013.05.18 14:55:53 | 000,000,176 | ---- | M] () -- C:\Users\Herrmann\defogger_reenable [2013.05.18 14:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.18 14:30:24 | 000,089,141 | ---- | M] () -- C:\ProgramData\nvModes.dat [2013.05.18 13:43:36 | 000,000,179 | ---- | M] () -- C:\Windows\Reimage.ini [2013.05.18 07:15:19 | 000,278,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.17 17:57:52 | 000,002,637 | ---- | M] () -- C:\Users\Herrmann\Desktop\Microsoft Office Word 2003.lnk [2013.05.17 17:57:22 | 000,000,845 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.05.17 17:56:48 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2013.05.17 17:34:08 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.05.17 17:25:24 | 000,000,000 | ---- | M] () -- C:\Windows\System32\reimage.rep [2013.05.15 06:52:46 | 000,008,592 | ---- | M] () -- C:\Users\Herrmann\AppData\Local\d3d9caps.dat [2013.05.09 10:59:10 | 000,765,736 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2013.05.09 10:59:10 | 000,368,944 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2013.05.09 10:59:10 | 000,174,664 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys [2013.05.09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2013.05.09 10:59:10 | 000,049,376 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys [2013.05.09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2013.05.09 10:59:09 | 000,049,760 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2013.05.09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2013.05.09 10:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2013.05.09 10:58:28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2013.04.20 11:04:38 | 000,002,735 | ---- | M] () -- C:\Users\Herrmann\Desktop\Microsoft Office Outlook 2003.lnk [2013.04.20 10:37:38 | 000,002,061 | ---- | M] () -- C:\Users\Herrmann\Desktop\Google Chrome.lnk [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.23 17:02:43 | 000,009,216 | ---- | C] () -- C:\Windows\System32\Native.exe [2013.05.23 16:38:49 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk [2013.05.23 16:35:31 | 000,000,179 | ---- | C] () -- C:\Windows\Reimage.ini [2013.05.23 16:06:21 | 000,001,850 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk [2013.05.23 16:06:19 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2013.05.23 15:16:52 | 000,001,272 | ---- | C] () -- C:\Users\Herrmann\Desktop\AudialsOne 10 USB starten.lnk [2013.05.23 15:11:24 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.05.23 15:11:21 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys [2013.05.23 15:11:21 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys [2013.05.23 15:09:18 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.05.18 14:55:40 | 000,000,176 | ---- | C] () -- C:\Users\Herrmann\defogger_reenable [2013.05.17 17:57:22 | 000,000,845 | ---- | C] () -- C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.05.17 17:56:48 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2013.05.17 17:34:08 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2013.05.17 17:25:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\reimage.rep [2012.08.13 11:08:08 | 000,014,217 | ---- | C] () -- C:\Program Files\readme.html [2012.05.08 14:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files\basis-link [2011.01.15 14:53:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.05.10 17:34:22 | 000,008,704 | ---- | C] () -- C:\Users\Herrmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.09 19:29:35 | 000,089,141 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.05.08 14:15:32 | 000,089,141 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010.04.30 13:58:21 | 000,008,592 | ---- | C] () -- C:\Users\Herrmann\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.05.18 14:57:31 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\A Note [2012.06.28 13:16:52 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Babylon [2012.05.02 14:37:40 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\canon [2010.05.25 15:35:47 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\ConfigWizard [2012.10.01 16:26:50 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\DAEMON Tools Lite [2010.05.29 14:41:51 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\DAEMON Tools Pro [2013.05.21 13:26:35 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Dirty [2010.05.01 11:59:47 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\EasySuite [2013.05.21 13:26:38 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\fEJnNdCk [2012.09.25 07:17:06 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\FRITZ! [2011.08.14 19:40:26 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\OpenCandy [2010.05.01 11:16:40 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\OpenOffice.org [2013.04.11 13:42:14 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\PerformerSoft [2010.05.25 15:33:36 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\PimeroUpdater [2012.10.25 15:59:50 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\RBotPlus [2011.08.23 14:50:40 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\redsn0w [2013.05.22 16:52:38 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Simply Super Software [2010.05.12 14:39:42 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\soft-evolution [2010.05.12 14:35:46 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\SparweltGutschein [2013.04.11 13:40:18 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\SpecialSavings [2013.05.23 14:15:00 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Spotify [2011.08.03 15:28:35 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\TuneUp Software [2011.08.14 19:41:07 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Uniblue [2012.08.30 17:43:46 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Windows Live Writer [2013.04.17 13:49:25 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Yontoo ========== Purity Check ========== < End of report > |
TL logfile created on: 18.05.2013 15:16:31 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Herrmann\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 51,70% Memory free 6,21 Gb Paging File | 4,54 Gb Available in Paging File | 73,13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 574,59 Gb Total Space | 428,58 Gb Free Space | 74,59% Space Free | Partition Type: NTFS Drive D: | 21,56 Gb Total Space | 8,66 Gb Free Space | 40,18% Space Free | Partition Type: FAT32 Computer Name: HERRMANN-PC | User Name: Herrmann | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.23 16:38:02 | 001,226,928 | ---- | M] (AVG Secure Search) -- C:\Programme\AVG SafeGuard toolbar\vprot.exe PRC - [2013.05.23 16:38:01 | 001,015,984 | ---- | M] (AVG Secure Search) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe PRC - [2013.05.23 14:17:34 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.145\GoogleCrashHandler.exe PRC - [2013.05.18 15:03:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Herrmann\Downloads\OTL.exe PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2013.05.01 17:50:00 | 000,685,936 | R--- | M] (WinZip Computing, S.L.) -- C:\Programme\WinZip\WZQKPICK32.EXE PRC - [2013.03.04 11:23:28 | 000,101,552 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee\SiteAdvisor\McSACore.exe PRC - [2013.02.08 15:55:20 | 001,644,680 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe PRC - [2012.09.12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\NisSrv.exe PRC - [2012.09.12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2012.09.12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Programme\program\soffice.exe PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Programme\program\soffice.bin PRC - [2012.06.18 17:27:10 | 000,018,432 | ---- | M] () -- C:\Users\Herrmann\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE PRC - [2011.05.16 11:22:26 | 000,326,504 | ---- | M] (Uniblue Systems Limited) -- C:\Programme\Uniblue\DriverScanner\driverscanner.exe PRC - [2011.05.16 11:22:26 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Programme\Uniblue\DriverScanner\dsmonitor.exe PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.12.17 03:07:04 | 000,341,304 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!\IWatch.exe PRC - [2009.11.27 19:07:02 | 000,815,104 | ---- | M] (A Note) -- C:\Programme\A Note\A Note.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.06.13 14:24:02 | 000,081,920 | ---- | M] (Firebird Project) -- C:\Programme\Firebird\Firebird_2_1\bin\fbguard.exe PRC - [2008.06.13 14:22:50 | 002,723,840 | ---- | M] (Firebird Project) -- C:\Programme\Firebird\Firebird_2_1\bin\fbserver.exe PRC - [2007.10.25 16:08:58 | 000,206,128 | ---- | M] (AVM Berlin) -- C:\Programme\Common Files\AVM\De_serv.exe PRC - [2007.05.03 03:53:38 | 000,103,344 | ---- | M] (Lexmark International Inc.) -- C:\Programme\Lexmark 5200 Series\ezprint.exe PRC - [2007.05.03 03:51:38 | 000,230,320 | ---- | M] (Lexmark International, Inc.) -- C:\Programme\Lexmark 5200 Series\lxbtmon.exe PRC - [2007.05.03 03:48:52 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxbtcoms.exe ========== Modules (No Company Name) ========== MOD - [2013.05.23 16:38:03 | 000,158,384 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\SiteSafety.dll MOD - [2013.04.09 10:57:07 | 000,390,096 | ---- | M] () -- C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll MOD - [2013.04.09 10:57:06 | 013,130,704 | ---- | M] () -- C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll MOD - [2013.04.09 10:57:05 | 004,050,896 | ---- | M] () -- C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll MOD - [2013.04.09 10:56:15 | 000,598,480 | ---- | M] () -- C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll MOD - [2013.04.09 10:56:14 | 000,124,368 | ---- | M] () -- C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll MOD - [2013.04.09 10:56:13 | 001,606,096 | ---- | M] () -- C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Programme\program\libxml2.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.05.16 11:22:26 | 000,407,400 | ---- | M] () -- C:\Programme\Uniblue\DriverScanner\locale\de\de.dll MOD - [2011.05.16 11:22:26 | 000,071,016 | ---- | M] () -- C:\Programme\Uniblue\DriverScanner\InstallerExtensions.dll MOD - [2011.05.16 11:22:26 | 000,018,792 | ---- | M] () -- C:\Programme\Uniblue\DriverScanner\cwebpage.dll MOD - [2005.09.20 08:40:20 | 000,122,880 | ---- | M] () -- C:\Programme\Lexmark 5200 Series\lxbtdrec.dll MOD - [2005.06.14 17:08:28 | 000,196,608 | ---- | M] () -- C:\Programme\Lexmark 5200 Series\iptk.dll ========== Services (SafeList) ========== SRV - [2013.05.23 16:38:01 | 001,015,984 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe -- (vToolbarUpdater15.2.0) SRV - [2013.05.23 15:42:20 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2013.03.04 11:23:28 | 000,101,552 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Programme\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2013.03.01 12:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2012.09.12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.09.12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.06.18 17:27:10 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\Herrmann\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe -- (ColorZillaStatsUpdater) SRV - [2012.03.08 18:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.09.22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2008.06.13 14:24:02 | 000,081,920 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Programme\Firebird\Firebird_2_1\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance) SRV - [2008.06.13 14:22:50 | 002,723,840 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\Programme\Firebird\Firebird_2_1\bin\fbserver.exe -- (FirebirdServerDefaultInstance) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.10.25 16:08:58 | 000,206,128 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\Common Files\AVM\De_serv.exe -- (de_serv) SRV - [2007.05.03 03:48:52 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbtcoms.exe -- (lxbt_device) SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Herrmann\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134) DRV - [2013.05.23 16:38:04 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp) DRV - [2013.05.18 14:57:45 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1660FCF8-FE84-43D9-A18F-60F40DE38745}\MpKsl951db6a1.sys -- (MpKsl951db6a1) DRV - [2013.05.09 10:59:10 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2013.05.09 10:59:10 | 000,368,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2013.05.09 10:59:10 | 000,174,664 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm) DRV - [2013.05.09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2013.05.09 10:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt) DRV - [2013.05.09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2013.05.09 10:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2013.05.09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.08.30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011.05.10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2010.05.29 14:45:19 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2010.05.01 10:51:54 | 000,078,848 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\SSHDRV85.sys -- (SSHDRV85) DRV - [2010.04.30 14:16:23 | 000,005,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH) DRV - [2010.04.03 22:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.04.11 06:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) DRV - [2008.08.25 04:22:52 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2008.08.18 19:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2008.08.01 13:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007.10.25 16:07:24 | 000,334,640 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Netfritz.sys -- (NETFRITZ) DRV - [2007.05.07 02:00:00 | 000,064,512 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmcowan.sys -- (AVMCOWAN) DRV - [2004.05.17 11:21:54 | 000,017,280 | ---- | M] (Intellon, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\plcndis5.sys -- (PLCNDIS5) DRV - [2002.09.11 02:00:00 | 000,484,176 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fpcibase.sys -- (FPCIBASE) DRV - [2002.09.11 02:00:00 | 000,037,568 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmwan.sys -- (AVMWAN) DRV - [2001.10.23 00:00:00 | 000,059,520 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\avmport.sys -- (AVMPORT) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = StartPins IE - HKLM\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6BD63EF5-F376-4104-B390-F6E1E3BEDAAC} IE - HKLM\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = hxxp://startsear.ch/?q={searchTerms} IE - HKLM\..\SearchScopes\{7E16D914-CF36-4B14-A6F7-A7EB2F33452C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 81 FD 56 8D 4F CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=280612_5_&babsrc=SP_ss&mntrId=c802f32b000000000000406186023767 IE - HKCU\..\SearchScopes\{4AC17626-DCEC-4912-955D-380853AB4D1A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=59C775CB-8A0D-47B2-9B27-15BE4238F73C&apn_sauid=BC20E462-4887-4129-8F9B-DB55FC31F7B2 IE - HKCU\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = hxxp://startsear.ch/?q={searchTerms} IE - HKCU\..\SearchScopes\{7E16D914-CF36-4B14-A6F7-A7EB2F33452C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://mysearch.avg.com/search?cid={BAA0023A-1995-470B-9626-B5B1BBC7EE5A}&mid=ab83d13bf51d47d39ae5d14e3180e0c1-22282c4dc3b02cc32352678eedd9dd0af5242b0f&lang=en&ds=re011&pr=sa&d=2013-05-23 16:38:17&v=15.2.0.5&pid=safeguard&sg=2&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms} IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.defaultthis.engineName: "Ashampoo DE Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481020&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://mysearch.avg.com/?cid={BAA0023A-1995-470B-9626-B5B1BBC7EE5A}&mid=ab83d13bf51d47d39ae5d14e3180e0c1-22282c4dc3b02cc32352678eedd9dd0af5242b0f&lang=en&ds=re011&pr=sa&d=2013-05-23 16:38:17&v=15.2.0.5&pid=safeguard&sg=2&sap=hp" FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledAddons: {dd05fd3d-18df-4ce4-ae53-e795339c5f01}:1.21 FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.2.0 FF - prefs.js..extensions.enabledAddons: stats@colorzilla.com:2.7.12 FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.5.0 FF - prefs.js..extensions.enabledItems: sparweltgutscheinewl@sparwelt.de:1.0 FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:3.3.2.1 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.2.1 FF - prefs.js..keyword.URL: "" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Herrmann\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Herrmann\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.06.24 15:35:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013.05.23 15:18:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.05.23 15:10:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5 [2013.05.23 16:38:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.29 19:01:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.29 19:01:21 | 000,000,000 | ---D | M] [2010.05.08 14:51:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Extensions [2013.04.11 13:41:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions [2013.05.23 14:15:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.09.19 13:08:11 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}(227) [2012.09.19 13:08:12 | 000,000,000 | ---D | M] (Ashampoo DE Community Toolbar) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\{5786d022-540e-4699-b350-b4be0ae94b79}(228) [2012.09.19 13:08:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(229) [2013.05.23 14:14:59 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\ffxtlbr@babylon.com [2013.04.11 13:41:00 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\plugin@yontoo.com [2010.05.12 14:35:43 | 000,000,000 | ---D | M] (WINLOAD-Gutschein-Alarm) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\sparweltgutscheinewl@sparwelt.de [2013.04.11 13:40:18 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\SpecialSavings@SpecialSavings.com [2013.05.23 14:14:59 | 000,000,000 | ---D | M] (ColorZillaStats) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\stats@colorzilla.com [2013.05.23 14:14:59 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\toolbar@ask.com [2011.08.13 18:34:22 | 000,090,118 | ---- | M] () (No name found) -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi [2012.12.10 20:29:40 | 000,002,333 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\searchplugins\askcom.xml [2010.10.01 14:12:28 | 000,001,819 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\searchplugins\bing.xml [2011.07.24 15:36:54 | 000,000,925 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\searchplugins\conduit.xml [2010.05.29 14:45:38 | 000,002,059 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\searchplugins\daemon-search.xml [2011.07.11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\searchplugins\startsear.xml [2011.08.13 18:34:29 | 000,001,565 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\searchplugins\web-search.xml [2012.07.02 14:23:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.03.06 15:03:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.08.24 07:59:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.10 08:06:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.02.12 19:47:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.20 19:32:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.03 16:59:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2013.05.23 15:18:34 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR [2010.05.11 14:21:25 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [2010.08.24 07:59:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.10 08:06:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.02.12 19:47:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.20 19:32:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.03 16:59:24 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.07.08 09:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.08.31 12:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.28 13:17:29 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.05.23 07:14:41 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml [2013.05.23 16:38:24 | 000,003,725 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: AVG Secure Search (Enabled) CHR - default_search_provider: search_url = hxxp://mysearch.avg.com/search?cid={BAA0023A-1995-470B-9626-B5B1BBC7EE5A}&mid=ab83d13bf51d47d39ae5d14e3180e0c1-22282c4dc3b02cc32352678eedd9dd0af5242b0f&lang=en&ds=re011&pr=sa&d=2013-05-23 16:38:17&v=15.2.0.5&pid=safeguard&sg=2&sap=dsp&q={searchTerms} CHR - default_search_provider: suggest_url = hxxp://toolbar.avg.com/acp?q={searchTerms}&o=1 CHR - homepage: hxxp://mysearch.avg.com/?cid={BAA0023A-1995-470B-9626-B5B1BBC7EE5A}&mid=ab83d13bf51d47d39ae5d14e3180e0c1-22282c4dc3b02cc32352678eedd9dd0af5242b0f&lang=en&ds=re011&pr=sa&d=2013-05-23 16:38:17&v=15.2.0.5&pid=safeguard&sg=2&sap=hp CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Ask Toolbar = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.15.37265_0\ CHR - Extension: ColorZillaStats = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgfambohdeocadlemmdceabhlgccijal\2.7.12_0\ CHR - Extension: SiteAdvisor = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.61.113.2_1\ CHR - Extension: avast! Online Security = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.6_1\ CHR - Extension: vshare plugin = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\ CHR - Extension: AVG SafeGuard toolbar = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0\ O1 HOSTS File: ([2011.02.22 19:50:43 | 000,000,822 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Ashampoo DE Toolbar) - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ashampoo DE Toolbar) - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 5200 Series\ezprint.exe (Lexmark International Inc.) O4 - HKLM..\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe (ABBYY (BIT Software)) O4 - HKLM..\Run: [lxbtmon.exe] C:\Program Files\Lexmark 5200 Series\lxbtmon.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [MedionVFD] C:\Program Files\Medion Info Display\MdionLCMLH.exe (Dritek System Inc.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe (AVG Secure Search) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited) O4 - Startup: C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A Note.lnk = C:\Programme\A Note\A Note.exe (A Note) O4 - Startup: C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48CF551F-035E-4FE5-9A05-7EBBA2247674}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F5CB7E3-B8CB-45C1-8FDC-6394AF533536}: DhcpNameServer = 193.254.160.1 10.74.83.22 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9792E88B-7975-493F-8C0D-6FC5CE5ED023}: NameServer = 192.168.120.252,192.168.120.253 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{86844e6a-54fe-11df-93a4-000777640932}\Shell - "" = AutoRun O33 - MountPoints2\{86844e6a-54fe-11df-93a4-000777640932}\Shell\AutoRun\command - "" = I:\EasySuite.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.23 17:02:42 | 000,000,000 | ---D | C] -- C:\ReimageUndo [2013.05.23 16:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair [2013.05.23 16:38:15 | 000,037,664 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2013.05.23 16:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\AVG SafeGuard toolbar [2013.05.23 16:23:46 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\Documents\kav_rescue_10 (3) [2013.05.23 16:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip [2013.05.23 16:06:17 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\WinZip [2013.05.23 16:06:06 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\Documents\Add-in Express [2013.05.23 16:05:57 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip [2013.05.23 16:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip [2013.05.23 15:22:04 | 000,000,000 | ---D | C] -- C:\ProgramData\RapidSolution [2013.05.23 15:17:14 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\CrashRpt [2013.05.23 15:16:48 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audials USB 10 [2013.05.23 15:13:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive [2013.05.23 15:11:24 | 000,368,944 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2013.05.23 15:11:24 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2013.05.23 15:11:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013.05.23 15:11:22 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2013.05.23 15:11:22 | 000,049,760 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2013.05.23 15:11:21 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2013.05.23 15:11:20 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2013.05.23 15:11:18 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2013.05.23 15:10:22 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2013.05.23 15:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.05.23 15:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.05.23 15:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.05.23 14:34:42 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\RapidSolution [2013.05.23 14:19:08 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{C7FCE852-47EB-4677-8FCF-F21810BFC899} [2013.05.23 13:37:15 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\iLivid [2013.05.22 19:40:00 | 000,000,000 | ---D | C] -- C:\rei [2013.05.22 19:39:53 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\AVG SafeGuard toolbar [2013.05.22 19:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage [2013.05.22 19:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar [2013.05.22 19:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search [2013.05.22 19:39:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013.05.22 19:28:46 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{D7B4E242-0CD7-4852-8CEC-A2E7F4438170} [2013.05.22 17:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013.05.22 17:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2013.05.22 16:54:02 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2013.05.22 16:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2013.05.22 16:52:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013.05.22 16:52:38 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\Documents\Simply Super Software [2013.05.22 16:52:38 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Roaming\Simply Super Software [2013.05.22 16:52:15 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover [2013.05.22 16:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2013.05.22 16:39:24 | 000,000,000 | ---D | C] -- C:\sh4ldr [2013.05.22 16:39:24 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.05.21 13:26:38 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Roaming\fEJnNdCk [2013.05.21 13:26:35 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Roaming\Dirty [2013.05.21 13:03:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(18) [2013.05.21 13:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(19) [2013.05.17 18:58:57 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\WinZip Courier [2013.05.17 18:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZipEC [2013.05.17 18:58:42 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\assembly [2013.05.17 17:56:48 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2013.05.17 17:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\URE [2013.05.17 17:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\readmes [2013.05.17 17:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\share [2013.05.17 17:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\program [2013.05.17 17:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\Basis [2013.05.17 17:55:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.05.17 17:47:49 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\Desktop\OpenOffice.org 3.4.1 (de) Installation Files [2013.05.17 17:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.05.17 17:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013.05.17 17:27:45 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{BC0BE74D-6E13-41B4-93B3-09EDDAB620A8} [2013.05.01 11:34:32 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2013.04.30 06:54:18 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{159FB971-D1EB-4D5F-99E4-7590BD75872E} [2013.04.29 06:40:29 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{4BD078AA-2B67-42AD-BEFA-336ADA2558D8} [2013.04.28 12:33:07 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{4E36C6E6-6DEB-4EAB-B5A7-E30BB2793710} [2013.04.26 06:52:05 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{92B70286-D377-4319-8080-6082EC963C70} [2013.04.24 06:54:26 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{68389AA5-25E8-490A-B53D-A642859704E4} [2013.04.23 16:57:22 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\Documents\Burg [2013.04.23 06:52:32 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{7418967C-3027-439A-9FC5-2D0138A33D94} [2013.04.22 06:50:33 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{759C8B66-FA95-4D07-B25D-BED42EAFBD06} [2013.04.21 10:26:14 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{870F868F-916C-4B53-9476-A0E086740D49} [2013.04.20 10:20:01 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{B75AF3D7-B20D-4180-BD9C-667B727FD253} [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.23 17:02:44 | 000,009,216 | ---- | M] () -- C:\Windows\System32\Native.exe [2013.05.23 16:38:49 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk [2013.05.23 16:38:04 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2013.05.23 16:26:26 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.23 16:26:07 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1242251762-901191055-1999500024-1000UA.job [2013.05.23 16:06:21 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk [2013.05.23 16:06:21 | 000,001,804 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2013.05.23 15:16:52 | 000,001,272 | ---- | M] () -- C:\Users\Herrmann\Desktop\AudialsOne 10 USB starten.lnk [2013.05.23 15:11:24 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.05.23 15:11:20 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2013.05.23 15:09:18 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.05.23 14:26:17 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1242251762-901191055-1999500024-1000Core.job [2013.05.18 15:02:15 | 000,643,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.18 15:02:15 | 000,600,120 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.18 15:02:15 | 000,130,836 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.18 15:02:15 | 000,108,002 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.18 14:57:31 | 000,089,141 | ---- | M] () -- C:\ProgramData\nvModes.001 [2013.05.18 14:57:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.18 14:57:01 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job [2013.05.18 14:56:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.18 14:56:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.18 14:56:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.18 14:56:50 | 3220,484,096 | -HS- | M] () -- C:\hiberfil.sys [2013.05.18 14:55:53 | 000,000,176 | ---- | M] () -- C:\Users\Herrmann\defogger_reenable [2013.05.18 14:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.18 14:30:24 | 000,089,141 | ---- | M] () -- C:\ProgramData\nvModes.dat [2013.05.18 13:43:36 | 000,000,179 | ---- | M] () -- C:\Windows\Reimage.ini [2013.05.18 07:15:19 | 000,278,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.17 17:57:52 | 000,002,637 | ---- | M] () -- C:\Users\Herrmann\Desktop\Microsoft Office Word 2003.lnk [2013.05.17 17:57:22 | 000,000,845 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.05.17 17:56:48 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2013.05.17 17:34:08 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.05.17 17:25:24 | 000,000,000 | ---- | M] () -- C:\Windows\System32\reimage.rep [2013.05.15 06:52:46 | 000,008,592 | ---- | M] () -- C:\Users\Herrmann\AppData\Local\d3d9caps.dat [2013.05.09 10:59:10 | 000,765,736 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2013.05.09 10:59:10 | 000,368,944 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2013.05.09 10:59:10 | 000,174,664 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys [2013.05.09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2013.05.09 10:59:10 | 000,049,376 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys [2013.05.09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2013.05.09 10:59:09 | 000,049,760 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2013.05.09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2013.05.09 10:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2013.05.09 10:58:28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2013.04.20 11:04:38 | 000,002,735 | ---- | M] () -- C:\Users\Herrmann\Desktop\Microsoft Office Outlook 2003.lnk [2013.04.20 10:37:38 | 000,002,061 | ---- | M] () -- C:\Users\Herrmann\Desktop\Google Chrome.lnk [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.23 17:02:43 | 000,009,216 | ---- | C] () -- C:\Windows\System32\Native.exe [2013.05.23 16:38:49 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk [2013.05.23 16:35:31 | 000,000,179 | ---- | C] () -- C:\Windows\Reimage.ini [2013.05.23 16:06:21 | 000,001,850 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk [2013.05.23 16:06:19 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2013.05.23 15:16:52 | 000,001,272 | ---- | C] () -- C:\Users\Herrmann\Desktop\AudialsOne 10 USB starten.lnk [2013.05.23 15:11:24 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.05.23 15:11:21 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys [2013.05.23 15:11:21 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys [2013.05.23 15:09:18 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.05.18 14:55:40 | 000,000,176 | ---- | C] () -- C:\Users\Herrmann\defogger_reenable [2013.05.17 17:57:22 | 000,000,845 | ---- | C] () -- C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.05.17 17:56:48 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2013.05.17 17:34:08 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2013.05.17 17:25:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\reimage.rep [2012.08.13 11:08:08 | 000,014,217 | ---- | C] () -- C:\Program Files\readme.html [2012.05.08 14:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files\basis-link [2011.01.15 14:53:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.05.10 17:34:22 | 000,008,704 | ---- | C] () -- C:\Users\Herrmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.09 19:29:35 | 000,089,141 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.05.08 14:15:32 | 000,089,141 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010.04.30 13:58:21 | 000,008,592 | ---- | C] () -- C:\Users\Herrmann\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.05.18 14:57:31 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\A Note [2012.06.28 13:16:52 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Babylon [2012.05.02 14:37:40 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\canon [2010.05.25 15:35:47 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\ConfigWizard [2012.10.01 16:26:50 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\DAEMON Tools Lite [2010.05.29 14:41:51 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\DAEMON Tools Pro [2013.05.21 13:26:35 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Dirty [2010.05.01 11:59:47 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\EasySuite [2013.05.21 13:26:38 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\fEJnNdCk [2012.09.25 07:17:06 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\FRITZ! [2011.08.14 19:40:26 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\OpenCandy [2010.05.01 11:16:40 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\OpenOffice.org [2013.04.11 13:42:14 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\PerformerSoft [2010.05.25 15:33:36 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\PimeroUpdater [2012.10.25 15:59:50 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\RBotPlus [2011.08.23 14:50:40 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\redsn0w [2013.05.22 16:52:38 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Simply Super Software [2010.05.12 14:39:42 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\soft-evolution [2010.05.12 14:35:46 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\SparweltGutschein [2013.04.11 13:40:18 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\SpecialSavings [2013.05.23 14:15:00 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Spotify [2011.08.03 15:28:35 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\TuneUp Software [2011.08.14 19:41:07 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Uniblue [2012.08.30 17:43:46 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Windows Live Writer [2013.04.17 13:49:25 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Yontoo ========== Purity Check ========== < End of report > |
so danke schonmal dafür :) Jemand vom Helferteam wird dir so schnell wie möglich zu hilfe kommen ;) mfg HardStylerx3 |
Danke |
Hi, wichtig: "fummel" nicht selbst an dem Gerät rum. otl fix Fixen mit OTL
Code: :OTL
falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
|
hoffentlich bekomme ich das hin, da ich nicht so der Fuchs bin |
es ist ja sehr ausführlich beschrieben und gut erklärt das schaffst du schon ;) mfg HardStylerx3 |
OTL Logfile: Code: OTL logfile created on: 19.05.2013 10:40:19 - Run 2 |
Lies bitte was ich geschrieben hatte, du solltest einen Fix, keinen Scan ausführen |
Hallo, wenn ich auf Fix drücke kommt folgende Meldung Klicke auf OK um einen Fix von einer Datei zu laden. Ich mach das und dann öffnet sich wieder ein anderes Fenster. |
naja du musst schon meinen text den ich auf seite 1 in code taks gepostet habe einfügen, so wie es da steht :-) |
TL logfile created on: 19.05.2013 10:40:19 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Herrmann\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 39,98% Memory free 6,20 Gb Paging File | 4,14 Gb Available in Paging File | 66,80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 574,59 Gb Total Space | 428,26 Gb Free Space | 74,53% Space Free | Partition Type: NTFS Drive D: | 21,56 Gb Total Space | 8,66 Gb Free Space | 40,18% Space Free | Partition Type: FAT32 Computer Name: HERRMANN-PC | User Name: Herrmann | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Programme\AVG SafeGuard toolbar\vprot.exe (AVG Secure Search) PRC - C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe (AVG Secure Search) PRC - C:\Programme\Google\Update\1.3.21.145\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Users\Herrmann\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Programme\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.) PRC - c:\Programme\McAfee\SiteAdvisor\saUI.exe (McAfee, Inc.) PRC - c:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Programme\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\program\soffice.bin (OpenOffice.org) PRC - C:\Users\Herrmann\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe () PRC - C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Programme\Uniblue\DriverScanner\dsmonitor.exe (Uniblue Systems Limited) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\FRITZ!\IWatch.exe (AVM Berlin) PRC - C:\Programme\A Note\A Note.exe (A Note) PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Firebird\Firebird_2_1\bin\fbguard.exe (Firebird Project) PRC - C:\Programme\Firebird\Firebird_2_1\bin\fbserver.exe (Firebird Project) PRC - C:\Programme\Common Files\AVM\De_serv.exe (AVM Berlin) PRC - C:\Programme\Lexmark 5200 Series\ezprint.exe (Lexmark International Inc.) PRC - C:\Programme\Lexmark 5200 Series\lxbtmon.exe (Lexmark International, Inc.) PRC - C:\Windows\System32\lxbtcoms.exe ( ) ========== Modules (No Company Name) ========== MOD - C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\SiteSafety.dll () MOD - C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll () MOD - C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll () MOD - C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll () MOD - C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll () MOD - C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll () MOD - C:\Programme\program\libxml2.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\Lexmark 5200 Series\lxbtdrec.dll () MOD - C:\Programme\Lexmark 5200 Series\iptk.dll () ========== Services (SafeList) ========== SRV - (vToolbarUpdater15.2.0) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe (AVG Secure Search) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (McAfee SiteAdvisor Service) -- c:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (ColorZillaStatsUpdater) -- C:\Users\Herrmann\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe () SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (FirebirdGuardianDefaultInstance) -- C:\Programme\Firebird\Firebird_2_1\bin\fbguard.exe (Firebird Project) SRV - (FirebirdServerDefaultInstance) -- C:\Programme\Firebird\Firebird_2_1\bin\fbserver.exe (Firebird Project) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (de_serv) -- C:\Programme\Common Files\AVM\De_serv.exe (AVM Berlin) SRV - (lxbt_device) -- C:\Windows\System32\lxbtcoms.exe ( ) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (cpuz134) -- C:\Users\Herrmann\AppData\Local\Temp\cpuz134\cpuz134_x32.sys File not found DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies) DRV - (MpKsl0ea6c5c3) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1660FCF8-FE84-43D9-A18F-60F40DE38745}\MpKsl0ea6c5c3.sys (Microsoft Corporation) DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys () DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys () DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (AswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.) DRV - (SSHDRV85) -- C:\Windows\System32\drivers\SSHDRV85.sys () DRV - (IntelDH) -- C:\Windows\System32\drivers\IntelDH.sys (Intel Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (RMCAST) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (NETFRITZ) -- C:\Windows\System32\drivers\Netfritz.sys (AVM Berlin) DRV - (AVMCOWAN) -- C:\Windows\System32\drivers\avmcowan.sys (AVM GmbH) DRV - (PLCNDIS5) -- C:\Windows\System32\plcndis5.sys (Intellon, Inc.) DRV - (FPCIBASE) -- C:\Windows\System32\drivers\fpcibase.sys (AVM Berlin) DRV - (AVMWAN) -- C:\Windows\System32\drivers\avmwan.sys (AVM GmbH) DRV - (AVMPORT) -- C:\Windows\System32\drivers\avmport.sys (AVM Berlin) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = StartPins IE - HKLM\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6BD63EF5-F376-4104-B390-F6E1E3BEDAAC} IE - HKLM\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = hxxp://startsear.ch/?q={searchTerms} IE - HKLM\..\SearchScopes\{7E16D914-CF36-4B14-A6F7-A7EB2F33452C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 81 FD 56 8D 4F CC 01 [binary data] IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms} IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=280612_5_&babsrc=SP_ss&mntrId=c802f32b000000000000406186023767 IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\SearchScopes\{4AC17626-DCEC-4912-955D-380853AB4D1A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=59C775CB-8A0D-47B2-9B27-15BE4238F73C&apn_sauid=BC20E462-4887-4129-8F9B-DB55FC31F7B2 IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = hxxp://startsear.ch/?q={searchTerms} IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\SearchScopes\{7E16D914-CF36-4B14-A6F7-A7EB2F33452C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://mysearch.avg.com/search?cid={BAA0023A-1995-470B-9626-B5B1BBC7EE5A}&mid=ab83d13bf51d47d39ae5d14e3180e0c1-22282c4dc3b02cc32352678eedd9dd0af5242b0f&lang=en&ds=re011&pr=sa&d=2013-05-23 16:38:17&v=15.2.0.5&pid=safeguard&sg=2&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms} IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020 IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.defaultthis.engineName: "Ashampoo DE Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481020&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://mysearch.avg.com/?cid={BAA0023A-1995-470B-9626-B5B1BBC7EE5A}&mid=ab83d13bf51d47d39ae5d14e3180e0c1-22282c4dc3b02cc32352678eedd9dd0af5242b0f&lang=en&ds=re011&pr=sa&d=2013-05-23 16:38:17&v=15.2.0.5&pid=safeguard&sg=2&sap=hp" FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledAddons: {dd05fd3d-18df-4ce4-ae53-e795339c5f01}:1.21 FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.2.0 FF - prefs.js..extensions.enabledAddons: stats@colorzilla.com:2.7.12 FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.5.0 FF - prefs.js..extensions.enabledItems: sparweltgutscheinewl@sparwelt.de:1.0 FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:3.3.2.1 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.2.1 FF - prefs.js..keyword.URL: "" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Herrmann\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Herrmann\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.06.24 15:35:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013.05.23 15:18:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.05.23 15:10:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5 [2013.05.23 16:38:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.29 19:01:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.29 19:01:21 | 000,000,000 | ---D | M] [2010.05.08 14:51:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Extensions [2013.04.11 13:41:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions [2013.05.23 14:15:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.09.19 13:08:11 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}(227) [2012.09.19 13:08:12 | 000,000,000 | ---D | M] (Ashampoo DE Community Toolbar) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\{5786d022-540e-4699-b350-b4be0ae94b79}(228) [2012.09.19 13:08:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(229) [2013.05.23 14:14:59 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\ffxtlbr@babylon.com [2013.04.11 13:41:00 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\plugin@yontoo.com [2010.05.12 14:35:43 | 000,000,000 | ---D | M] (WINLOAD-Gutschein-Alarm) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\sparweltgutscheinewl@sparwelt.de [2013.04.11 13:40:18 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\SpecialSavings@SpecialSavings.com [2013.05.23 14:14:59 | 000,000,000 | ---D | M] (ColorZillaStats) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\stats@colorzilla.com [2013.05.23 14:14:59 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\toolbar@ask.com [2011.08.13 18:34:22 | 000,090,118 | ---- | M] () (No name found) -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi [2012.12.10 20:29:40 | 000,002,333 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\searchplugins\askcom.xml [2010.10.01 14:12:28 | 000,001,819 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\searchplugins\bing.xml [2011.07.24 15:36:54 | 000,000,925 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\searchplugins\conduit.xml [2010.05.29 14:45:38 | 000,002,059 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\searchplugins\daemon-search.xml [2011.07.11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\searchplugins\startsear.xml [2011.08.13 18:34:29 | 000,001,565 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\searchplugins\web-search.xml [2012.07.02 14:23:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.03.06 15:03:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.08.24 07:59:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.10 08:06:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.02.12 19:47:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.20 19:32:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.03 16:59:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2013.05.23 15:18:34 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR [2010.05.11 14:21:25 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [2010.08.24 07:59:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.10 08:06:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.02.12 19:47:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.20 19:32:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.03 16:59:24 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.07.08 09:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.08.31 12:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.28 13:17:29 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.05.23 07:14:41 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml [2013.05.23 16:38:24 | 000,003,725 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: AVG Secure Search (Enabled) CHR - default_search_provider: search_url = hxxp://mysearch.avg.com/search?cid={BAA0023A-1995-470B-9626-B5B1BBC7EE5A}&mid=ab83d13bf51d47d39ae5d14e3180e0c1-22282c4dc3b02cc32352678eedd9dd0af5242b0f&lang=en&ds=re011&pr=sa&d=2013-05-23 16:38:17&v=15.2.0.5&pid=safeguard&sg=2&sap=dsp&q={searchTerms} CHR - default_search_provider: suggest_url = hxxp://toolbar.avg.com/acp?q={searchTerms}&o=1 CHR - homepage: hxxp://mysearch.avg.com/?cid={BAA0023A-1995-470B-9626-B5B1BBC7EE5A}&mid=ab83d13bf51d47d39ae5d14e3180e0c1-22282c4dc3b02cc32352678eedd9dd0af5242b0f&lang=en&ds=re011&pr=sa&d=2013-05-23 16:38:17&v=15.2.0.5&pid=safeguard&sg=2&sap=hp CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Ask Toolbar = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.15.37265_0\ CHR - Extension: ColorZillaStats = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgfambohdeocadlemmdceabhlgccijal\2.7.12_0\ CHR - Extension: SiteAdvisor = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.61.113.2_1\ CHR - Extension: avast! Online Security = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.6_1\ CHR - Extension: vshare plugin = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\ CHR - Extension: AVG SafeGuard toolbar = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0\ O1 HOSTS File: ([2011.02.22 19:50:43 | 000,000,822 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Ashampoo DE Toolbar) - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ashampoo DE Toolbar) - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 5200 Series\ezprint.exe (Lexmark International Inc.) O4 - HKLM..\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe (ABBYY (BIT Software)) O4 - HKLM..\Run: [lxbtmon.exe] C:\Program Files\Lexmark 5200 Series\lxbtmon.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [MedionVFD] C:\Program Files\Medion Info Display\MdionLCMLH.exe (Dritek System Inc.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe (AVG Secure Search) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1242251762-901191055-1999500024-1000..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited) O4 - Startup: C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A Note.lnk = C:\Programme\A Note\A Note.exe (A Note) O4 - Startup: C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48CF551F-035E-4FE5-9A05-7EBBA2247674}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F5CB7E3-B8CB-45C1-8FDC-6394AF533536}: DhcpNameServer = 193.254.160.1 10.74.83.22 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9792E88B-7975-493F-8C0D-6FC5CE5ED023}: NameServer = 192.168.120.252,192.168.120.253 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{86844e6a-54fe-11df-93a4-000777640932}\Shell - "" = AutoRun O33 - MountPoints2\{86844e6a-54fe-11df-93a4-000777640932}\Shell\AutoRun\command - "" = I:\EasySuite.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.23 17:02:42 | 000,000,000 | ---D | C] -- C:\ReimageUndo [2013.05.23 16:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair [2013.05.23 16:38:15 | 000,037,664 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2013.05.23 16:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\AVG SafeGuard toolbar [2013.05.23 16:23:46 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\Documents\kav_rescue_10 (3) [2013.05.23 16:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip [2013.05.23 16:06:17 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\WinZip [2013.05.23 16:06:06 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\Documents\Add-in Express [2013.05.23 16:05:57 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip [2013.05.23 16:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip [2013.05.23 15:22:04 | 000,000,000 | ---D | C] -- C:\ProgramData\RapidSolution [2013.05.23 15:17:14 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\CrashRpt [2013.05.23 15:16:48 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audials USB 10 [2013.05.23 15:13:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive [2013.05.23 15:11:24 | 000,368,944 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2013.05.23 15:11:24 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2013.05.23 15:11:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013.05.23 15:11:22 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2013.05.23 15:11:22 | 000,049,760 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2013.05.23 15:11:21 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2013.05.23 15:11:20 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2013.05.23 15:11:18 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2013.05.23 15:10:22 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2013.05.23 15:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.05.23 15:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.05.23 15:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.05.23 14:34:42 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\RapidSolution [2013.05.23 14:19:08 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{C7FCE852-47EB-4677-8FCF-F21810BFC899} [2013.05.23 13:37:15 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\iLivid [2013.05.22 19:40:00 | 000,000,000 | ---D | C] -- C:\rei [2013.05.22 19:39:53 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\AVG SafeGuard toolbar [2013.05.22 19:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage [2013.05.22 19:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar [2013.05.22 19:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search [2013.05.22 19:39:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013.05.22 19:28:46 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{D7B4E242-0CD7-4852-8CEC-A2E7F4438170} [2013.05.22 17:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013.05.22 17:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2013.05.22 16:54:02 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2013.05.22 16:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2013.05.22 16:52:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013.05.22 16:52:38 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\Documents\Simply Super Software [2013.05.22 16:52:38 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Roaming\Simply Super Software [2013.05.22 16:52:15 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover [2013.05.22 16:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2013.05.22 16:39:24 | 000,000,000 | ---D | C] -- C:\sh4ldr [2013.05.22 16:39:24 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.05.21 13:26:38 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Roaming\fEJnNdCk [2013.05.21 13:26:35 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Roaming\Dirty [2013.05.21 13:03:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(18) [2013.05.21 13:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(19) [2013.05.18 17:58:23 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2013.05.18 15:03:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Herrmann\Desktop\OTL.exe [2013.05.17 18:58:57 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\WinZip Courier [2013.05.17 18:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZipEC [2013.05.17 18:58:42 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\assembly [2013.05.17 17:56:48 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2013.05.17 17:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\URE [2013.05.17 17:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\readmes [2013.05.17 17:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\share [2013.05.17 17:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\program [2013.05.17 17:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\Basis [2013.05.17 17:55:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.05.17 17:47:49 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\Desktop\OpenOffice.org 3.4.1 (de) Installation Files [2013.05.17 17:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.05.17 17:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013.05.17 17:27:45 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{BC0BE74D-6E13-41B4-93B3-09EDDAB620A8} [2013.05.01 11:34:32 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2013.04.30 06:54:18 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{159FB971-D1EB-4D5F-99E4-7590BD75872E} [2013.04.29 06:40:29 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{4BD078AA-2B67-42AD-BEFA-336ADA2558D8} [2013.04.28 12:33:07 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{4E36C6E6-6DEB-4EAB-B5A7-E30BB2793710} [2013.04.26 06:52:05 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{92B70286-D377-4319-8080-6082EC963C70} [2013.04.24 06:54:26 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{68389AA5-25E8-490A-B53D-A642859704E4} [2013.04.23 16:57:22 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\Documents\Burg [2013.04.23 06:52:32 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{7418967C-3027-439A-9FC5-2D0138A33D94} [2013.04.22 06:50:33 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{759C8B66-FA95-4D07-B25D-BED42EAFBD06} [2013.04.21 10:26:14 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{870F868F-916C-4B53-9476-A0E086740D49} [2013.04.20 10:20:01 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{B75AF3D7-B20D-4180-BD9C-667B727FD253} [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.23 17:02:44 | 000,009,216 | ---- | M] () -- C:\Windows\System32\Native.exe [2013.05.23 16:38:49 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk [2013.05.23 16:38:04 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2013.05.23 16:26:26 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.23 16:26:07 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1242251762-901191055-1999500024-1000UA.job [2013.05.23 16:06:21 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk [2013.05.23 16:06:21 | 000,001,804 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2013.05.23 15:42:19 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.05.23 15:42:18 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.05.23 15:16:52 | 000,001,272 | ---- | M] () -- C:\Users\Herrmann\Desktop\AudialsOne 10 USB starten.lnk [2013.05.23 15:11:24 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.05.23 15:11:20 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2013.05.23 15:09:18 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.05.23 14:26:17 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1242251762-901191055-1999500024-1000Core.job [2013.05.19 10:41:22 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.19 10:41:07 | 000,643,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.19 10:41:07 | 000,600,120 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.19 10:41:07 | 000,130,836 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.19 10:41:07 | 000,108,002 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.19 10:36:08 | 000,002,637 | ---- | M] () -- C:\Users\Herrmann\Desktop\Microsoft Office Word 2003.lnk [2013.05.19 10:35:25 | 000,089,141 | ---- | M] () -- C:\ProgramData\nvModes.dat [2013.05.19 10:35:25 | 000,089,141 | ---- | M] () -- C:\ProgramData\nvModes.001 [2013.05.19 10:34:52 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.19 10:34:50 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job [2013.05.19 10:34:47 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.19 10:34:47 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.19 10:34:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.19 10:34:37 | 3220,475,904 | -HS- | M] () -- C:\hiberfil.sys [2013.05.18 15:03:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Herrmann\Desktop\OTL.exe [2013.05.18 14:55:53 | 000,000,176 | ---- | M] () -- C:\Users\Herrmann\defogger_reenable [2013.05.18 13:43:36 | 000,000,179 | ---- | M] () -- C:\Windows\Reimage.ini [2013.05.18 07:15:19 | 000,278,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.17 17:57:22 | 000,000,845 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.05.17 17:56:48 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2013.05.17 17:34:08 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.05.17 17:25:24 | 000,000,000 | ---- | M] () -- C:\Windows\System32\reimage.rep [2013.05.15 06:52:46 | 000,008,592 | ---- | M] () -- C:\Users\Herrmann\AppData\Local\d3d9caps.dat [2013.05.09 10:59:10 | 000,765,736 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2013.05.09 10:59:10 | 000,368,944 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2013.05.09 10:59:10 | 000,174,664 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys [2013.05.09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2013.05.09 10:59:10 | 000,049,376 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys [2013.05.09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2013.05.09 10:59:09 | 000,049,760 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2013.05.09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2013.05.09 10:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2013.05.09 10:58:28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2013.05.02 17:28:50 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2013.04.20 11:04:38 | 000,002,735 | ---- | M] () -- C:\Users\Herrmann\Desktop\Microsoft Office Outlook 2003.lnk [2013.04.20 10:37:38 | 000,002,061 | ---- | M] () -- C:\Users\Herrmann\Desktop\Google Chrome.lnk [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.23 17:02:43 | 000,009,216 | ---- | C] () -- C:\Windows\System32\Native.exe [2013.05.23 16:38:49 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk [2013.05.23 16:35:31 | 000,000,179 | ---- | C] () -- C:\Windows\Reimage.ini [2013.05.23 16:06:21 | 000,001,850 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk [2013.05.23 16:06:19 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2013.05.23 15:16:52 | 000,001,272 | ---- | C] () -- C:\Users\Herrmann\Desktop\AudialsOne 10 USB starten.lnk [2013.05.23 15:11:24 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.05.23 15:11:21 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys [2013.05.23 15:11:21 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys [2013.05.23 15:09:18 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.05.18 14:55:40 | 000,000,176 | ---- | C] () -- C:\Users\Herrmann\defogger_reenable [2013.05.17 17:57:22 | 000,000,845 | ---- | C] () -- C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.05.17 17:56:48 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2013.05.17 17:34:08 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2013.05.17 17:25:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\reimage.rep [2012.08.13 11:08:08 | 000,014,217 | ---- | C] () -- C:\Program Files\readme.html [2012.05.08 14:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files\basis-link [2011.01.15 14:53:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.05.10 17:34:22 | 000,008,704 | ---- | C] () -- C:\Users\Herrmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.09 19:29:35 | 000,089,141 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.05.08 14:15:32 | 000,089,141 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010.04.30 13:58:21 | 000,008,592 | ---- | C] () -- C:\Users\Herrmann\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.05.19 10:35:12 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\A Note [2012.06.28 13:16:52 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Babylon [2012.05.02 14:37:40 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\canon [2010.05.25 15:35:47 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\ConfigWizard [2012.10.01 16:26:50 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\DAEMON Tools Lite [2010.05.29 14:41:51 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\DAEMON Tools Pro [2013.05.21 13:26:35 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Dirty [2010.05.01 11:59:47 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\EasySuite [2013.05.21 13:26:38 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\fEJnNdCk [2012.09.25 07:17:06 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\FRITZ! [2011.08.14 19:40:26 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\OpenCandy [2010.05.01 11:16:40 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\OpenOffice.org [2013.04.11 13:42:14 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\PerformerSoft [2010.05.25 15:33:36 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\PimeroUpdater [2012.10.25 15:59:50 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\RBotPlus [2011.08.23 14:50:40 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\redsn0w [2013.05.22 16:52:38 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Simply Super Software [2010.05.12 14:39:42 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\soft-evolution [2010.05.12 14:35:46 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\SparweltGutschein [2013.04.11 13:40:18 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\SpecialSavings [2013.05.23 14:15:00 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Spotify [2011.08.03 15:28:35 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\TuneUp Software [2011.08.14 19:41:07 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Uniblue [2012.08.30 17:43:46 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Windows Live Writer [2013.04.17 13:49:25 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Yontoo ========== Purity Check ========== < End of report > upload hat geklappt |
ok. für eine weitere analyse benötige ich mal folgendes. c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte wenn erledigt kurz melden bitte |
upload hat geklappt |
hatte dein Antimalware programm angeschlagen in der Zwischenzeit? der Upload des java Caches hat nich geklappt. falls zu groß: www.file-upload.net da hochladen, link als private Nachicht an mich |
hab ein upload gesendet |
frage beantworten noch bitte. gab es Funde, wenn ja welche? |
ja es kam eine Meldung weiß aber nicht mehr was da stand :-( |
dann schau deine Programme durch, mse oder avast, denn ich weis erst recht nich was da stand, sitze ja nich an dem PC :-) bei avast evtl. auch in die Quarantäne schaun |
was anderes sind jetzt meine Word-Dateien und Bilder nicht mehr zu gebrauchen. |
weis ich bisher nicht, ich benötige die angeforderten infos, also wer hat gelöscht? |
hab noch einmal mit Avast geprüft und es kam keine Meldung |
stand was von ner weiteren Prüfung? du musst das machen was ich poste sonst hatts halt auch nich so viel sinn... programme durchgehen, avast, mse und gucken ob es in den quarantäne ordnern, logs, protokollen etc funde gibt |
Virus Container: invoice copy.zip Mail/Inbox/>Subj:invoice copy< hoffentlich kann ich damit helfen |
gibts noch mehr funde? falls nein schau als nächstes in microsoft security essencials (mse) |
weitere Frage, hattest du diese Zip datei geöffnet? scheint via mail gekommen zu seinb |
ich habe die Zip Datei nicht geöffnet ich habe die zip nicht geöffnet |
ok den rest abarbeiten. wenn du mit meinen Anweisungen nicht zu rande hommst, hast du keinen bekannten der dir da durch helfen kann und meine Anleitungen bearbeitet. |
Leider nein :-( ich versuche, dass zu machen was Du mir schreibst ich muss mir microsoft security essencials herunterladen |
Microsoft Security Client ist schon instaliert, nichts neues runterladen, davon steht hier nichts. du kannst auch auf start, ausführen ereignissanzeige enter einträge mit: Microsoft Antimalware suchen, doppelklicken, und meldung(en) posten |
ok. und wo finde ich das :-( die Meldung lassen sich nicht hier rein kopieren hab 13 Suchergebnisse gefunden, aber hier kann sie nicht hier reinkopieren :-( |
doch geht, doppelklicke auf das ereigniss dann geht ein neues fenster mit den infos auf dort strg+a, das sollte alles markieren, dann strg+c und hier auf antworten, dort strg+v bzw einfügen, dass mit allen passenen meldungen |
Hallo J3142, markusg hat auf das Thema 'Word Datei verschlüsselt oder kann Sie nicht öffnen' im Forum 'Plagegeister aller Art und deren Bekämpfung' bei Trojaner-Board geantwortet. Dieses Thema ist hier zu finden: http://www.trojaner-board.de/135489-...-new-post.html Dies ist der Beitrag, der gerade geschrieben wurde: *************** gibts noch mehr funde? falls nein schau als nächstes in microsoft security essencials (mse) *************** Es könnte noch weitere Antworten auf das Thema geben, jedoch erhalten Sie keine zusätzlichen Benachrichtigungen, bis Sie das Forum wieder besucht haben. Mit freundlichen Grüßen Trojaner-Board ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sie erhalten diese E-Mail, da Sie das Thema 'Word Datei verschlüsselt oder kann Sie nicht öffnen' abonniert haben. Informationen zur Abbestellung: Um das Thema abzubestellen, klicken Sie bitte auf diesen Link: http://www.trojaner-board.de/subscri...64dc4eb371a437 Um ALLE Themen abzubestellen, klicken Sie bitte auf diesen Link: http://www.trojaner-board.de/subscri...n&folderid=all die Meldung kommt drei Mal html{border:0;margin:0;padding:0;font-family:Segoe ui,Helvetica,Arial,sans-serif;font-size:.75em}body{margin:0;padding:0;text-align:center}div.articlehighlight{width:97%;padding:10px;margin:20px 0;border:0;background-color:#e8e8e8}div.twocolumns{width:100%}div.twocolumns div.column{margin:0;padding:0;width:48%;float:left}div.twocolumns div.column div.articlehighlight{margin:0 0 10px 0}div.twocolumns div.column object{margin:0 0 10px 0}p{color:#333333;margin:0 0 10px 0;padding:0;line-height:1.4em}h1{color:#2c2c2c;font-size:2em;font-weight:normal;margin:0 0 10px 0;padding:0}h2{color:#2c2c2c;font-size:1.5em;font-weight:normal;margin:0 0 5px 0;padding:0}h3{color:#2c2c2c;font-size:1.25em;font-weight:normal;margin:0 0 5px 0;padding:0}h4{color:#2c2c2c;font-size:1em;font-weight:bold;margin:0 0 5px 0;padding:0}ul.bignumbers{list-style-type:none;padding:0;margin:0}ul.bignumbers li.number1{background-image:url('/global/security/PublishingImages/global/1.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number2{background-image:url('/global/security/PublishingImages/global/2.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number3{background-image:url('/global/security/PublishingImages/global/3.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number4{background-image:url('/global/security/PublishingImages/global/4.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number5{background-image:url('/global/security/PublishingImages/global/5.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number6{background-image:url('/global/security/PublishingImages/global/6.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number7{background-image:url('/global/security/PublishingImages/global/7.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number8{background-image:url('/global/security/PublishingImages/global/8.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number9{background-image:url('/global/security/PublishingImages/global/9.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number10{background-image:url('/global/security/PublishingImages/global/10.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number11{background-image:url('/global/security/PublishingImages/global/11.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number12{background-image:url('/global/security/PublishingImages/global/12.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number13{background-image:url('/global/security/PublishingImages/global/13.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number14{background-image:url('/global/security/PublishingImages/global/14.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number15{background-image:url('/global/security/PublishingImages/global/15.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}p a img{border:none}a:link{text-decoration:none;color:#008dc2}a:visited{text-decoration:none;color:#008dc2}a:hover{text-decoration:none;color:#333333}a:active{text-decoration:none;color:#333333}object{margin:10px 0;border:0;padding:0}#msviLSBWeb{display:none}div#logosearch{margin:0;padding:0;border:0}div#logosearch div#logo{margin:15px 0;float:left;width:auto}div#logosearch div#logo p{color:#fff;font-size:11px;margin:0;padding:0}div#logosearch div#logo p.mstitle{font-size:13px;margin:0px;padding:0px}div#logosearch div#logo p.headertitle{font-size:30px;font-weight:bold;margin-top:0px;padding-top:0px;padding-bottom:8px;line-height:25px}div#logosearch div#logo p.headersubtitle{font-weight:bold}div#logosearch div#sitesearch{margin:20px 9px 0 0;float:right}div#share p{float:left;padding:10px}div#share img{margin:0 5px 0 0}div.caption{padding:5px 0;border-bottom:1px solid black;margin:10px 0}div.caption p{font-size:.9em;font-style:italic}.border_margin{margin:13px -5px 0 15px !important}div#topNav ul#left,div#topNav ul#right{list-style-type:none;padding:0;margin:0}div#topNav ul#right{float:right;margin-right:20px}div#topNav ul#right li{float:left;margin:13px 0 0 10px}div#topNav ul#left li p,div#topNav ul#right li p{margin:0}div#topNav ul#right li img{margin-top:3px}div#topNav ul#left li a:link,div#topNav ul#left li a:visited{color:#0099cc;font-weight:bold;text-decoration:none;font-size:15px}div#topNav ul#right li a:link,div#topNav ul#right li a:visited{color:#009ad4;font-weight:normal;font-size:1.05em;text-decoration:none}div#topNav ul#left li a:hover{color:#898989;font-weight:bold;text-decoration:none}div#topNav ul#right li a:hover{color:#898989;font-weight:normal;text-decoration:none}div#topNav ul#left li a:active{color:#898989;font-weight:bold;text-decoration:none}div#topNav ul#right li a:active{color:#898989;font-weight:normal;text-decoration:none}div#topNav ul#left li p{text-transform:none}div#topNav ul#left li a.on{color:#898989}div#topNav p{font-size:1.05em}.breadcrumb{display:none}div#bodyContentLeft_Nav{ width:180px;height:auto}div.bodyContentLeft_Spacer{height:20px}div#bodyContentLeft_Ads{margin:0 0 0 22px;width:180px}div.border{border-top:double 1px #e0e0e0;border-bottom:double 1px #e0e0e0;height:3px;margin:0 0 20px 0}div.pageBackgroundMiddle{background-image:url('/global/security/PublishingImages/global/white_bg_middle.png');background-repeat:repeat-y;background-position:-6px 0px;margin:0}div.pageBackgroundBottom{background-image:url('/global/security/PublishingImages/global/white_bg_bottom.png');background-repeat:no-repeat;background-position:-6px 0px}.accordionhead{background:transparent url(/global/security/PublishingImages/global/i_want_to.jpg) no-repeat 0 0;width:223px;height:50px}.accordionhead h2{width:223px;height:50px;margin:0;padding:0 0 0 15px;font-size:27px;color:#fff;line-height:40px}#accordion{background:transparent url(/global/security/PublishingImages/global/bottom_bar_left_nav.jpg) no-repeat 0 bottom;width:223px;padding-bottom:26px}#accordion h3{border-left:none;border-right:none;border-bottom:none;border-color:#C1E4C3;margin:0;padding:0;background:#E9F7E6 url(/global/security/PublishingImages/global/plus.gif) no-repeat 10px 13px}#accordion h3.ui-state-active{background:#fff url(/global/security/PublishingImages/global/minus_icon.jpg) no-repeat 10px 17px;border:none}#accordion h3 a:link,#accordion h3 a:active,#accordion h3 a:visited,#accordion h3 a:hover{margin:0;padding:0;font-size:12px;color:#4f533f;padding:10px 20px 10px 25px;font-weight:bold}#accordion div{border:none;width:100%;height:auto;margin:0;padding:0;font-size:9.6pt}#accordion div ul{margin:0;padding:0 0 20px 0;height:auto;list-style-type:none}#accordion div ul li{margin:0;padding:0 20px 5px 40px;background:#fff url(/global/security/PublishingImages/global/square.jpg) no-repeat 30px 7px}#accordion div ul li a:link,#accordion div ul li a:active,#accordion div ul li a:visited,#accordion div ul li a:hover{color:#0099cc;text-decoration:none;margin:0;padding:0}.accordionhead span{width:223px;height:50px;margin:0;padding:0 0 0 15px;font-size:27px;color:#fff;line-height:40px}#accordion{background:transparent url(/global/security/PublishingImages/global/bottom_bar_left_nav.jpg) no-repeat 0 bottom;width:223px;padding-bottom:26px}#accordion p{border-left:none;border-right:none;border-bottom:none;border-color:#C1E4C3;margin:0;padding:0;background:#E9F7E6 url(/global/security/PublishingImages/global/plus.gif) no-repeat 10px 13px}#accordion p.ui-state-active{background:#fff url(/global/security/PublishingImages/global/minus_icon.jpg) no-repeat 10px 17px;border:none}#accordion p a:link,#accordion p a:active,#accordion p a:visited,#accordion p a:hover{margin:0;padding:0;font-size:10pt;color:#4f533f;padding:10px 20px 10px 25px;font-weight:bold}.selectblock{margin-top:15px}.selectblock span{padding-right:20px}.filtersection{width:100%;margin:20px 0 0 0;clear:both}.filtersection h2{font-size:22px;margin-bottom:12px;font-weight:normal;color:#555;clear:both}.filtersection p{margin:0 50px 20px 0;padding:0;width:170px;float:left}.filtersection p span{display:block}.filtersection a{display:block}.filtersection a img{clear:both;width:170px;height:109px;border:none}#related-feedback{margin:0;padding:0;border:0}#related{width:450px;float:left;margin:0;padding:0;border:0}.feedback{margin:0;padding:0;border:0;width:150px;flo at:right}#pageTools{ margin:0;padding:0;font:9px Verdana,Arial,Geneva,sans-serif;color:#00275b;width:75px}#pageTools ul{ list-style:none;margin:1px 0 0;padding:0}#pageTools ul li{ display:line-height:2em;padding-left:1em;margin-right:1em;margin:0 0 10px 0;border:0;background-image:none}#pageTools ul li:first-child{ margin-left:0}#pageTools a.print{ padding:0;margin:0;background:url('hxxp://i3.microsoft.com/de-de/security/shared/Templates/components/_msSecurity_ShareEmailPrint/images/pt-button-print.gif') no-repeat top left;color:#00275b;display:block;width:75px;height:19px;text-indent:-150px;overflow:hidden}#pageTools a.share{ padding:0;margin:0;background:url('hxxp://i3.microsoft.com/de-de/security/shared/Templates/components/_msSecurity_ShareEmailPrint/images/pt-button-share.gif') no-repeat top left;display:block;width:75px;height:19px;text-indent:-150px;overflow:hidden}#pageTools a.email{ padding:0;margin:0;background:url('hxxp://i3.microsoft.com/de-de/security/shared/Templates/components/_msSecurity_ShareEmailPrint/images/pt-button-email.gif') no-repeat top left;color:#00275b;display:block;width:75px;height:19px;text-indent:-150px;overflow:hidden}#pageTools .dynSBM-hide{display:none}#pageTools .dynSBM-show{display:block}ul #share-this-page{ list-style:none;margin:0;padding:0;background:#fff;border:1px solid #929292;width:120px;position:absolute}ul #share-this-page li{ margin:0;padding:5px;border:0;background-color:#fff;width:110px}#share-this-page a.delicious{padding:0.25em 0 0.25em 20px;background:url('hxxp://i2.microsoft.com/de-de/security/shared/Templates/components/_msSecurity_ShareEmailPrint/images/delicious.png') no-repeat 0 0;display:block;margin:0;border:0}#share-this-page a.digg{padding:0.25em 0 0.25em 20px;background:url('hxxp://i.microsoft.com/de-de/security/shared/Templates/components/_msSecurity_ShareEmailPrint/images/digg.png') no-repeat 0 0;display:block;margin:0;border:0}#share-this-page a.facebook{padding:0.25em 0 0.25em 20px;background:url('hxxp://i2.microsoft.com/de-de/security/shared/Templates/components/_msSecurity_ShareEmailPrint/images/facebook.gif') no-repeat 0 0;display:block;margin:0;border:0}#share-this-page a.twitter{padding:0.25em 0 0.25em 20px;background:url('hxxp://i3.microsoft.com/de-de/security/shared/Templates/components/_msSecurity_ShareEmailPrint/images/twitter.png') no-repeat 0 0;display:block;margin:0;border:0}.topstoryheading,.videoHeading{font-size:13px}@media print{#page-tools{ display:none}}div#faq{margin:0;padding:0;font-family:Segoe UI}div#faq a:link,div#faq a:visited,div#faq a:hover,div#faq a:active{text-decoration:none;color:#008dc2}div#faq ul#showLinks{list-style-type:none;padding:0;margin:0;float:right;width:auto;position:relative;top:10px}div#faq ul#showLinks #showAll,div#faq ul#showLinks #hideAll{padding:5px 0 0 0}div#faq ul#showLinks li{float:left;margin:0;padding:0}div#faq ul#showLinks li p{margin:0;padding:0}div#faq ul#showLinks li img{margin:5px 10px 0 10px;padding:0}div#faq ul#showLinks li p a:link,div#faq ul#showLinks li p a:visited,div#faq ul#showLinks li p a:active{text-decoration:none;font-size:12px}div#faq ul#showLinks li p a:hover{text-decoration:underline}div#faq div#faqContainer{clear:both;margin-bottom:30px} div#faq div#faqContainer .question{padding:10px 0;margin:0;height:auto}div#faq div#faqContainer .question a:link,div#faq div#faqContainer .question a:visited,div#faq div#faqContainer .question a:hover,div#faq div#faqContainer .question a:active{text-decoration:none;color:#000000;font-size:13px;line-height:24px;font-weight:bold;padding:0 0 0 25px}div#faq div#faqContainer .answer{font-size:13px;padding:0 0 0 25px;margin:0}div#faq div#faqContainer .minus{background:url(/global/security/PublishingImages/global/minus.png) no-repeat 0 13px}div#faq div#faqContainer .plus{background:url(/global/security/PublishingImages/global/plus.png) no-repeat 0 13px} table{border:0;margin:10px 0}table tr td,table tr th{border:0;border-bottom:1px solid #333}table tbody.noborder tr td,table thead.noborder tr th{border:0}table.alternate tr{background-color:#dadada}table.alternate tr.alternating{background-color:#eee}table.alternate tr th{background-color:#b1e8e5}p.lefthalf{float:left;width:50%}p.righthalf{float:left;width:47%;padding-left:20px}p.righthalf select{margin:10px 0}p.righthalf span{display:block}span#downloadterms{display:none}span#downloadterms span{font-weight:bold;margin:10px 0}span#downloadterms a.acceptlink{display:block;padding:15px 0 0 0}p.presentationimage{padding:15px 0}p.downloadbutton a:link,p.downloadbutton a:visited,p.downloadbutton a:active{background:url(/global/security/PublishingImages/global/btn_dwnload_sprite.png) no-repeat 0px -42px;padding-left:35px;height:42px;display:inline-block;width:auto;color:#fff;font-weight:bold}p.downloadbutton a span{background:url(/global/security/PublishingImages/global/btn_dwnload_sprite.png) no-repeat 100% 0px;height:42px;line-height:42px;padding-right:35px;padding-left:6px;display:inline-block;width:auto}table.pwchecker tr td{border-bottom:none;padding-right:6px}.clear:after{content:".";display:block;height:0;clear:both;visibility:hidden} .clear{display:inline-table}* html .clear{height:1%}.clear{display:block} |
was soll ich damit jetzt anfangen? ich möchte die meldungen von microsoft scanner sehen wie beschrieben, nicht deine Benachichtigungen das ich geantwortet hab |
.homepage_AccordianHeadings > li > h4 { height:35px; } #bodycontent { height:365px; } .copyright_right{float:right;} .bottom_links { /*padding-left: 228px !important;*/ padding-left: 0 !important; text-align:right; width:800px; } .headersubtitle{ color:#000000 !important; display:block !important; } .homepage_Accordian { /*margin-bottom: 15px !important;*/ height:311px !important; margin-top: -6px !important; } .homepage_AccordianContent li h4 { margin: 0px 0px 0px 10px !important; } .homepage_Accordian p { line-height:12px !important; margin:5px 0px 0px !important; } .homepage_AccordianContent { padding-top:2px !important; } .homepage_AccordianHeadings li h4 { height: 30px !important; font-size:12px !important; padding-right:5px !important; } .homepage_AccordianHeadings li { line-height:14px !important; /*background-position: 3px 0px !important;*/ } ._1LinerText{padding-top:6px !important;} .noalternate td{ vertical-align:top; } #topnav #topmenu, #topnav #topmenu #container{width:700px !important;} /*de-de changes begin*/ #imgslider .bjqs-markers li > a { background-image:url(/global/de-de/security/publishingimages/header/bullet.png); } #topmenu .root>a { padding: 0 15px 0 15px; } .copyright .copyright_left .globe { padding-left:6px; } /*de-de changes end*/ #dsin{display:none;} <?xml version="1.0" encoding="UTF-8"?> -<de-de_security> -<HeaderShareLinks> <NewsLetterLink Link="hxxp://technet.microsoft.com/de-de/security/cc307424.aspx" Text="Newsletter"/> <FollowText Text="Follow:"/> <PrintText Text="Drucken" Image="/global/security/PublishingImages/global/print.png"/> </HeaderShareLinks> </de-de_security> |
was soll das sein? |
ich bin einfach zu blöd, bin gerade voll überfordert :-( sorry das Du Deine Zeit für mich opferst. |
du hast doch schon die ergebnisse gefunden hast du gesagt,in der ereignissanzeige, für Microsoft Antimalware da einfach auf jedes, du sagst es waren 13, doppelklicken, mit der maus alles markieren, strg+c drücken, antworten und hier die ergebnisse einfügen, nacheinander. |
<?xml version="1.0"?> -<SMlog> -<ID> <NA>A Note.lnk</NA> <ST>1</ST> <PU>A Note</PU> <PA>%PROGRAMFILES%\a note\a note.exe</PA> <SL>3</SL> <SP>C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup</SP> <RP/> <WOW/> <IE>0</IE> <IS>2</IS> <IN/> <MD5>c76bb600153e9a62493c0e3077a6b04c</MD5> </ID> -<ID> <NA>ApnUpdater</NA> <ST>1</ST> <PU>Ask</PU> <PA>%PROGRAMFILES%\ask.com\updater\updater.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>1acba585d47fb69c12f26074517efe5a</MD5> </ID> -<ID> <NA>AppleSyncNotifier</NA> <ST>1</ST> <PU>Apple Inc.</PU> <PA>%PROGRAMFILES%\common files\apple\mobile device support\applesyncnotifier.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>3417e5691ac9e5b6c3176d2b66dae82d</MD5> </ID> -<ID> <NA>APSDaemon</NA> <ST>1</ST> <PU>Apple Inc.</PU> <PA>%PROGRAMFILES%\common files\apple\apple application support\apsdaemon.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>46da8e7484ac7a52ce1d6e428398724b</MD5> </ID> -<ID> <NA>DAEMON Tools Lite</NA> <ST>1</ST> <PU>DT Soft Ltd</PU> <PA>%PROGRAMFILES%\daemon tools lite\dtlite.exe</PA> <SL>1</SL> <SP>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>0</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>f34e7705751bb413283434697bf8e55d</MD5> </ID> -<ID> <NA>DriverScanner</NA> <ST>1</ST> <PU>Uniblue Systems Limited</PU> <PA>%PROGRAMFILES%\uniblue\driverscanner\launcher.exe</PA> <SL>1</SL> <SP>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>0</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>98d7c3f58884d89d1f16f4f77bcd00ee</MD5> </ID> -<ID> <NA>DriverScanner</NA> <ST>1</ST> <PU>Uniblue Systems Limited</PU> <PA>%PROGRAMFILES%\uniblue\driverscanner\dsmonitor.exe</PA> <SL>2</SL> <SP/> <RP/> <WOW/> <IE>0</IE> <IS>2</IS> <IN/> <MD5>0b14724f4869639b92cef25f2cf72448</MD5> </ID> -<ID> <NA>EzPrint</NA> <ST>1</ST> <PU>Lexmark International Inc.</PU> <PA>%PROGRAMFILES%\lexmark 5200 series\ezprint.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>5f9f9dcc28733f6601a9f49fb44351d5</MD5> </ID> -<ID> <NA>FineReader7NewsReaderPro</NA> <ST>1</ST> <PU>ABBYY (BIT Software)</PU> <PA>%PROGRAMFILES%\abbyy finereader 7.0 professional edition\abbyynewsreader.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>87b07e85119d7679667026980364354d</MD5> </ID> -<ID> <NA>Google Update</NA> <ST>1</ST> <PU>Google Inc.</PU> <PA>%USERPROFILE%\appdata\local\google\update\googleupdate.exe</PA> <SL>1</SL> <SP>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>0</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>f02a533f517eb38333cb12a9e8963773</MD5> </ID> -<ID> <NA>GoogleUpdateTaskMachineCore</NA> <ST>1</ST> <PU>Google Inc.</PU> <PA>%PROGRAMFILES%\google\update\googleupdate.exe</PA> <SL>2</SL> <SP/> <RP/> <WOW/> <IE>0</IE> <IS>2</IS> <IN/> <MD5>f02a533f517eb38333cb12a9e8963773</MD5> </ID> -<ID> <NA>ISDNWatch.lnk</NA> <ST>1</ST> <PU>AVM Berlin</PU> <PA>%PROGRAMFILES%\fritz!\iwatch.exe</PA> <SL>3</SL> <SP>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup</SP> <RP/> <WOW/> <IE>0</IE> <IS>2</IS> <IN/> <MD5>415e58504ad193cf7847cde3faf0cdfa</MD5> </ID> -<ID> <NA>iTunesHelper</NA> <ST>1</ST> <PU>Apple Inc.</PU> <PA>%PROGRAMFILES%\itunes\ituneshelper.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>8e2a7f1f62467a7dcb8ab2c0642f47ca</MD5> </ID> -<ID> <NA>LXBTCATS</NA> <ST>1</ST> <PU/> <PA>rundll32 %WINDIR%\system32\spool\drivers\w32x86\3\lxbttime.dll,_rundllentry@16</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>1</IE> <IS>0</IS> <IN/> <MD5/> </ID> -<ID> <NA>lxbtmon.exe</NA> <ST>1</ST> <PU>Lexmark International, Inc.</PU> <PA>%PROGRAMFILES%\lexmark 5200 series\lxbtmon.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>dff894775fd74510ff572e44f023a191</MD5> </ID> -<ID> <NA>McAfee Security Scan Plus.lnk</NA> <ST>1</ST> <PU>McAfee, Inc.</PU> <PA>%PROGRAMFILES%\mcafee security scan\3.0.318\ssscheduler.exe</PA> <SL>3</SL> <SP>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup</SP> <RP/> <WOW/> <IE>0</IE> <IS>2</IS> <IN/> <MD5>bd713579a87d698e1f2158ce10e48130</MD5> </ID> -<ID> <NA>MedionVFD</NA> <ST>1</ST> <PU>Dritek System Inc.</PU> <PA>%PROGRAMFILES%\medion info display\mdionlcmlh.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>cf05ae23b1fbaf3e01d9f42002f8fc9b</MD5> </ID> -<ID> <NA>MobileDocuments</NA> <ST>1</ST> <PU/> <PA>%PROGRAMFILES%\common files\apple\internet services\ubd.exe</PA> <SL>1</SL> <SP>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>0</WOW> <IE>1</IE> <IS>0</IS> <IN/> <MD5/> </ID> -<ID> <NA>MSC</NA> <ST>1</ST> <PU>Microsoft Corporation</PU> <PA>%PROGRAMFILES%\microsoft security client\msseces.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>7e1b0c85b7347d9391fe60f6dadfddf0</MD5> </ID> -<ID> <NA>msnmsgr</NA> <ST>1</ST> <PU>Microsoft Corporation</PU> <PA>%PROGRAMFILES%\windows live\messenger\msnmsgr.exe</PA> <SL>1</SL> <SP>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>0</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>24b1666fd14cc71c7b0679ac61625b90</MD5> </ID> -<ID> <NA>OpenOffice.org 3.1.lnk</NA> <ST>1</ST> <PU/> <PA>%PROGRAMFILES%\openoffice.org 3\program\quickstart.exe</PA> <SL>3</SL> <SP>C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup</SP> <RP/> <WOW/> <IE>0</IE> <IS>2</IS> <IN/> <MD5>c047c9c6cd8e134afdfdb374e80547e5</MD5> </ID> -<ID> <NA>PC Performer</NA> <ST>1</ST> <PU>PerformerSoft LLC</PU> <PA>%PROGRAMFILES%\pc performer\pcperformer.exe</PA> <SL>2</SL> <SP/> <RP/> <WOW/> <IE>0</IE> <IS>2</IS> <IN/> <MD5>ee3ec3bf27ec6c6fb45e4125255cabe5</MD5> </ID> -<ID> <NA>QuickTime Task</NA> <ST>1</ST> <PU>Apple Inc.</PU> <PA>%PROGRAMFILES%\quicktime\qttask.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>8dda2b606279753601f9415da503ca63</MD5> </ID> -<ID> <NA>RtHDVCpl</NA> <ST>1</ST> <PU/> <PA>rthdvcpl.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>1</IE> <IS>0</IS> <IN/> <MD5/> </ID> -<ID> <NA>Sidebar</NA> <ST>1</ST> <PU>Microsoft Corporation</PU> <PA>%PROGRAMFILES%\windows sidebar\sidebar.exe</PA> <SL>1</SL> <SP>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>0</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>9e35ff7f943ae0fb89192bfe058b7fd4</MD5> </ID> -<ID> <NA>SunJavaUpdateSched</NA> <ST>1</ST> <PU>Sun Microsystems, Inc.</PU> <PA>%PROGRAMFILES%\common files\java\java update\jusched.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>12916e0642e92561c98b18a2a2d01b14</MD5> </ID> -<ID> <NA>Windows Defender</NA> <ST>1</ST> <PU>Microsoft Corporation</PU> <PA>%PROGRAMFILES%\windows defender\msascui.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>0d392ede3b97e0b3131b2f63ef1db94e</MD5> </ID> -<ID> <NA>Yontoo Desktop</NA> <ST>1</ST> <PU>Yontoo LLC</PU> <PA>%APPDATA%\yontoo\yontoodesktop.exe</PA> <SL>1</SL> <SP>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>0</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>2a6c01bac0f8aa9143d61ae1e28e263a</MD5> </ID> </SMlog> OTL Logfile: Code: OTL logfile created on: 19.05.2013 10:40:19 - Run 2 |
das sind die Funde unter der von mir genannten kategorie? |
<?xml version="1.0" encoding="UTF-8"?> -<SerializableDictionaryOfStringListOfcFoundItems> -<Item> -<Key> <string>trojan-downloader.istbar</string> </Key> -<Value> -<ArrayOfFI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\classes\eurogrand</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211338</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\classes\eurogrand</V2> <V3>url protocol</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211338</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>livedefault</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>livedefaultid</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>dlgl</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>firstconnecthurl</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>funaccount</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>funnickname</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>funusername</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>nickname</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options-fullscreen</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options-volume</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_autologinfun</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_autologinreal</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_bj_warning</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_cardback</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_dealervoices</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_dealervoiceset</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_fastplay</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_fullscreen</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_multiwindow</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_music</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_sounds</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_speed</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_volume</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_vpdouble</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_xl</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_xlslots</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>uninstall_lang</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>username</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino\lobby_favouritegames</V2> <V3/> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino\lobby_favouritegames</V2> <V3>roulette_premium</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino\ro_g</V2> <V3/> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino\ro_g</V2> <V3>donotshow</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino\ro_g</V2> <V3>history</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> </ArrayOfFI> </Value> </Item> -<Item> -<Key> <string>trojan-spy.vb</string> </Key> -<Value> -<ArrayOfFI> -<FI> <C>79</C> <TL>2</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\ptech</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211568</ID> </FI> -<FI> <C>79</C> <TL>2</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\ptech</V2> <V3>ptserialnum</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> </ArrayOfFI> </Value> </Item> -<Item> -<Key> <string>trojan.agent</string> </Key> -<Value> -<ArrayOfFI> -<FI> <C>9</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>FileSignature</FT> <V1>c:\program files\yontoo\yontooieclient.dll</V1> <V2>0</V2> <V3>247065459825303623</V3> <V4>5677a8d244739d5ad46691c7ace29280</V4> <V5>9275257075565914642|CN=Yontoo LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Yontoo LLC, L=Carlsbad, S=California, C=US</V5> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV>c:\program files\yontoo\yontooieclient.dll</DV> <FA>FileSystem</FA> <RBT>None</RBT> <ID>218671</ID> </FI> </ArrayOfFI> </Value> </Item> -<Item> -<Key> <string>adware.casino</string> </Key> -<Value> -<ArrayOfFI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211100</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>livedefault</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>livedefaultid</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>fav_dealer_enable</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>firstconnecthurl</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>funaccount</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>funnickname</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>funusername</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>last_lobby_tmpl</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>lobby-rememberfunpassword</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>lobby_favouritegames_</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>lobby_template_swr52455772</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>lobby_tmpl_</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>lobby_tmpl_swr52455772</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>nickname</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options-fullscreen</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options-volume</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_autologinfun</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_autologinreal</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_bj_warning</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_cardback</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_dealervoices</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_dealervoiceset</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_fastplay</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_fullscreen</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_hideadvisor</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_music</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_music_track</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_sounds</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_speed</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_volume</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_vpdouble</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_xl</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_xlslots</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>uninstall_lang</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>username</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>usernmae</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\frr_g</V2> <V3/> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\frr_g</V2> <V3>donotshow</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\frr_g</V2> <V3>history</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\frr_g</V2> <V3>roulette_window_nowarning</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\lobby_favouritegames_swf52433852</V2> <V3/> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\lobby_favouritegames_swf52433852</V2> <V3>roulette_french2_premium</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\lobby_favouritegames_swr52455772</V2> <V3/> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\lobby_favouritegames_swr52455772</V2> <V3>roulette_french2_premium</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\lobby_window_pos</V2> <V3/> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\lobby_window_pos</V2> <V3>0</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\lobby_window_pos</V2> <V3>1</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\lobby_window_size</V2> <V3/> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\lobby_window_size</V2> <V3>0</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\lobby_window_size</V2> <V3>1</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\ro</V2> <V3/> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\ro</V2> <V3>tablelimitsshown</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> </ArrayOfFI> </Value> </Item> -<Item> -<Key> <string>adware.activshopper</string> </Key> -<Value> -<ArrayOfFI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>mynewsbarlauncher.ie5barlauncher.1\clsid</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>mynewsbarlauncher.ie5barlauncher.1</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>mynewsbarlauncher.ie5barlauncher\clsid</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>mynewsbarlauncher.ie5barlauncher\curver</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>mynewsbarlauncher.ie5barlauncher</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>mynewsbarlauncher.ie5barlauncherbho.1\clsid</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>mynewsbarlauncher.ie5barlauncherbho.1</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>mynewsbarlauncher.ie5barlauncherbho\clsid</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>mynewsbarlauncher.ie5barlauncherbho\curver</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>mynewsbarlauncher.ie5barlauncherbho</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\interface\{3d782bb2-f2a5-11d3-bf4c-000000000000}\proxystubclsid</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\interface\{3d782bb2-f2a5-11d3-bf4c-000000000000}\proxystubclsid32</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\interface\{3d782bb2-f2a5-11d3-bf4c-000000000000}\typelib</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\interface\{3d782bb2-f2a5-11d3-bf4c-000000000000}\typelib</V2> <V3>version</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\interface\{3d782bb2-f2a5-11d3-bf4c-000000000000}</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\interface\{db1f5554-582c-4f53-82cc-458d2c04a2f1}\proxystubclsid</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\interface\{db1f5554-582c-4f53-82cc-458d2c04a2f1}\proxystubclsid32</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\interface\{db1f5554-582c-4f53-82cc-458d2c04a2f1}\typelib</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\interface\{db1f5554-582c-4f53-82cc-458d2c04a2f1}\typelib</V2> <V3>version</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\interface\{db1f5554-582c-4f53-82cc-458d2c04a2f1}</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\mynewsbarlauncher.ie5barlauncher.1\clsid</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\mynewsbarlauncher.ie5barlauncher.1</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\mynewsbarlauncher.ie5barlauncher\clsid</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\mynewsbarlauncher.ie5barlauncher\curver</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\mynewsbarlauncher.ie5barlauncher</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\mynewsbarlauncher.ie5barlauncherbho.1\clsid</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\mynewsbarlauncher.ie5barlauncherbho.1</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\mynewsbarlauncher.ie5barlauncherbho\clsid</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\mynewsbarlauncher.ie5barlauncherbho\curver</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\mynewsbarlauncher.ie5barlauncherbho</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> </ArrayOfFI> </Value> </Item> -<Item> -<Key> <string>worm-email.generic</string> </Key> -<Value> -<ArrayOfFI> -<FI> <C>83</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\.cff</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211519</ID> </FI> </ArrayOfFI> </Value> </Item> -<Item> -<Key> <string>adware.activeshopper</string> </Key> -<Value> -<ArrayOfFI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>interface\{3d782bb2-f2a5-11d3-bf4c-000000000000}\proxystubclsid</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>212763</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>interface\{3d782bb2-f2a5-11d3-bf4c-000000000000}\proxystubclsid32</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>212763</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>interface\{3d782bb2-f2a5-11d3-bf4c-000000000000}\typelib</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>212763</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>interface\{3d782bb2-f2a5-11d3-bf4c-000000000000}\typelib</V2> <V3>version</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>interface\{3d782bb2-f2a5-11d3-bf4c-000000000000}</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>212763</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>interface\{db1f5554-582c-4f53-82cc-458d2c04a2f1}\proxystubclsid</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>212763</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>interface\{db1f5554-582c-4f53-82cc-458d2c04a2f1}\proxystubclsid32</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>212763</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>interface\{db1f5554-582c-4f53-82cc-458d2c04a2f1}\typelib</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>212763</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>interface\{db1f5554-582c-4f53-82cc-458d2c04a2f1}\typelib</V2> <V3>version</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>interface\{db1f5554-582c-4f53-82cc-458d2c04a2f1}</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>212763</ID> </FI> </ArrayOfFI> </Value> </Item> -<Item> -<Key> <string>pup.casino</string> </Key> -<Value> -<ArrayOfFI> -<FI> <C>37</C> <TL>5</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Md5</FT> <V1>c:\users\herrmann\downloads\setupcasino_bb9eda_de.exe</V1> <V2>16579620143503616204</V2> <V3>0</V3> <V4>cb4f23596c6a4ac64fcade981368e2a8</V4> <V5>5879253557381762925|CN=PLAYTECH LIMITED, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=PLAYTECH LIMITED, L=Douglas, S=Isle of Man, C=IM</V5> <WSS>None</WSS> <PID>false</PID> <CMP>Packed</CMP> <DV>c:\users\herrmann\downloads\setupcasino_bb9eda_de.exe</DV> <FA>FileSystem</FA> <RBT>None</RBT> <ID>211144</ID> </FI> </ArrayOfFI> </Value> </Item> </SerializableDictionaryOfStringListOfcFoundItems> OTL EXTRAS Logfile: Code: OTL Extras logfile created on: 19.05.2013 10:40:19 - Run 2eine geht nicht da geht es ums Registrieren. |
du sollst mir nicht alle meldungen kopieren... lass es bitte. und vor allem kein neues otl log. bitte such dir doch mal wer, der wenigstens ein wenig versteht was ich hier schreibe, sonst sitzen wir noch in 3 wochen hier... gehe mal zu: c:\ProgramData\Microsoft\Microsoft Antimalware\Quarantine packe den ordner mit winrar und lad ihn im upload channel hoch |
geht das auch mit winzip |
is mir auch recht :-) wenn das archiv größer als 10 mb ist, das siehst du dann unter Rechtsklick, eigenschaften, dannlade es hier: File-Upload.net - Ihr kostenloser File Hoster! hoch. dann klickst du auf meinen Nutzernamen, nachicht senden, private nachicht an markusg senden und sendest mir den Download link |
,ok Scan mit Combofix
|
Combofix Logfile: Code: ComboFix 13-05-25.02 - Herrmann 26.05.2013 10:45:13.1.4 - x86 |
wird die fake meldung noch angezeigt? |
Leider ja File is encrypted This file can be decrypted using the program DirtyDecrypt.exe Press CTRL+ALT+D to run DirtyDecrypt.exe If DirtyDecrypt.exe not opened сheck the paths: C:\Program Files\Dirty\DirtyDecrypt.exe C:\Program Files (x86)\Dirty\DirtyDecrypt.exe C:\Users\[YOUR USER]\AppData\Roaming\Dirty\DirtyDecrypt.exe C:\Documents and Settings\[YOUR USER]\Application Data\Dirty\DirtyDecrypt.exe C:\Documents and Settings\[YOUR USER]\Local Settings\Application Data\Dirty\DirtyDecrypt.exe sind jetzt meine Word Dateien verloren �� muss ich mir die Dateien jetzt abschreiben ? |
gibts noch einen der Ordner, bzw mehere? C:\Program Files\Dirty\ C:\Program Files (x86)\Dirty\ C:\Users\[YOUR USER]\AppData\Roaming\Dirty\ C:\Documents and Settings\[YOUR USER]\Application Data\Dirty\ C:\Documents and Settings\[YOUR USER]\Local Settings\Application Data\Dirty\ wenn ja, versuche diese mal zu packen, und im Uploadchannel bzw bei File-Upload.net - Ihr kostenloser File Hoster! hochzuladen. |
die ersten drei Ordner gibt es nicht und die zwei anderen wird der Zugriff verweigert und es steht so ein blaues P davor |
Hi, otl fix Fixen mit OTL
Code: :OTL
Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
|
All processes killed ========== OTL ========== ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Herrmann ->Temp folder emptied: 1512710 bytes ->Temporary Internet Files folder emptied: 2725142 bytes ->Java cache emptied: 68090 bytes ->FireFox cache emptied: 84203097 bytes ->Google Chrome cache emptied: 20777469 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 523 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 41466796 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 144,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 05272013_184126 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... |
sorry, hab n Fehler drinn gehabt Hi, otl fix Fixen mit OTL
Code: :OTL
so bitte und dann noch mal packen und hochladen. |
All processes killed ========== OTL ========== ========== FILES ========== Folder C:\Documents and Settings\[YOUR USER]\Application Data\Dirty not found. Folder C:\Documents and Settings\[YOUR USER]\Local Settings\Application Data\Dirty not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Herrmann ->Temp folder emptied: 146602 bytes ->Temporary Internet Files folder emptied: 135666 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 10351852 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 41416235 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 50,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 05272013_185423 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... |
hi, lade bitte: http://jpshortstuff.247fixes.com/SystemLook.exe kopiere Rein: :folderfind *Dirty* klicke dann auf Look. poste dann bitte den Inhalt der SystemLook.txt die sich auf dem Destkop befindet |
SystemLook 30.07.11 by jpshortstuff Log created at 19:19 on 27/05/2013 by Herrmann Administrator - Elevation successful ========== folderfind ========== Searching for "*Dirty*" C:\Users\Herrmann\AppData\Local\VirtualStore\Program Files\Dirty d------ [11:26 21/05/2013] C:\_OTL\MovedFiles\05252013_122947\C_Users\Herrmann\AppData\Roaming\Dirty d------ [11:26 21/05/2013] -= EOF =- |
bHi, otl fix Fixen mit OTL
Code: :OTL
Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
|
All processes killed ========== OTL ========== ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Herrmann ->Temp folder emptied: 336560 bytes ->Temporary Internet Files folder emptied: 135671 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 30389710 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 41429075 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 69,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 05272013_193349 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... |
ich werd heut noch blöd Hi, otl fix Fixen mit OTL
Code: :OTL
|
All processes killed ========== OTL ========== ========== FILES ========== C:\Users\Herrmann\AppData\Local\VirtualStore\Program Files\Dirty folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Herrmann ->Temp folder emptied: 284607 bytes ->Temporary Internet Files folder emptied: 135668 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 12633326 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 41428139 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 52,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 05272013_200705 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. File\Folder C:\Windows\temp\TMP0000003359017CB47B6C27ED not found! PendingFileRenameOperations files... Registry entries deleted on Reboot... |
so, bitte teste mal ob die Meldung noch kommt, packe Movedfiles mit Zip oder was du gerne nutzen möchtest, und lade es entweder im Uploadchannel hoch oder bei File-Upload.net - Ihr kostenloser File Hoster! falls letzteres, Link als private Nachicht an mich |
leider kommt die scheiß Meldung immer noch |
und du hast das falsche hochgeladen, noch mal lesen bitte. |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 14:19 Uhr. |
Copyright ©2000-2025, Trojaner-Board
Textbox. 
WARNUNG an die MITLESER: