Seite 1 von 2 12 LetzteLetzte
Ergebnis 1 bis 10 von 19
Like Tree1Likes

Thema: spyHunter4

  1. #1
    Einsteiger
    Registriert seit
    23.04.2013
    Beiträge
    12

    spyHunter4

    AUCH ICH BIN AUF spyHunrter reingefallen....
    ich habe spyHunter alles suchen lassen, wolte dann löschen, ging aber nicht, nur nach Bezahlung...
    ihr kennt das wohl schon alles...
    ich habe dann Spybot - Search & Destroy from Safer-Networking Ltd heruntergeladen, weil ich es nicht mehr gelöscht bekommen habe...hat nicht geklappt....
    Aber bei der Gelegenheit alles "Immunisiert" was auch immer das heißt.

    SpyHunter macht noch nichts (glaube ich)-

    Habe dann versucht mich in euren Foren in das Problem einzulesen und beschlossen mich doch zu Regestrieren.

    Folge nun den "NEU HIER" Anweisungen- wie kann ich Spybot ausschalten- finde nur deinstalieren. Soll ich das machen?
    Windows Firewall ist an.
    Das Wartungscenter sagt ich soll einAntivirprogramm suchen, da ein Virus entdeckt wurde.
    Wenn ich hier sehr viele Rechtschreibfehler habe,
    tut es mir sehr leid-bin tatsächlich sehr schlecht darin-
    war die meiste Zeit meiner Schulzeit nicht in Deutschland und auch
    sonst in eher bildungsfernen Ländern- Spott wäre mir sehr peinlich- ich arbeite an meiner Rechtschreibung! Danke.

    Toolbars sind deaktiviert.
    ich habe keine Software die illegal erworben wurden.

    OTL.exe und gmer habe ich runter geladen- muss aber wohl spyware ausschalten- weiß aber seider nicht wie!!!

    HILFE!

  2. #2
    Moderator (global) Team-Mitglied Avatar von Speedy
    Registriert seit
    07.08.2004
    Ort
    Linz
    Beiträge
    23.586

    AW: spyHunter4

    erstelle mit Hijackthis 2.0.4 ein Logfile und poste es.
    Wichtig, HJT nicht aus einem Temp. Ordner heraus starten, sondern einen separaten Ordner unter Programme dafür anlegen.
    Vista und Windows7 User klicken beim Installieren und beim Ausführen von Hijackthis mit der rechten Maustaste auf die Startdatei und wählen aus dem Menü " als Administrator ausführen"

    Erstelle mit HjtScanList von Mopao ein Logfile, verwende neben der Einstellung deines OS (XP oder Vista (Windows7) die 1 (XPScanlist oder Vistascanlist).

    • lege folgenden ordner an c:\programm_download\ccleaner
    • download die aktuelle version des ccleaners in diesen ordner
    • erstelle bei windows me, xp oder vista einen neuen systemwiederherstellungspunkt
    • installieren den ccleaner durch einen doppelklick auf die heruntergeladene datei (die yahoo toolbar musst du nicht mitinstallieren)
    • starte nun den ccleaner und wähle unter options settings "german"
    • bereinige nun damit dein system (alle am system vorhandenen temp. ordner und den prefetch ordner leeren, applications und registry bereinigen) (germanversion)
      (quick-tour und screenshots)
    • wechsle im ccleaner nach extras -> programme deinstallieren -> als textdatei speichern -> poste auch dieses logfile (schreib dazu, wozu du jedes einzelne programm benötigst).
    lg
    www.Speedyweb.at.tf
    Die Durchführung meiner Tipps erfolgt auf eigene Verantwortung!
    HijackThis (Downloads und Anleitungen z.B. was ist fixen usw.)
    HijackThis-Chat oder willst du hier mitmachen Stellenausschreibung
    hilfestellung zur systembereinigung nur über das öffentliche forum und keinesfalls über privatnachrichten oder email !!

  3. #3
    Einsteiger
    Registriert seit
    23.04.2013
    Beiträge
    12

    AW: spyHunter4

    Habe versucht die Programme auf c zu speicher, jetzt behauptet mein Rechner plötzlich, ich hätte keine admin Rechte um auf diesem Pfad etwas zu Speichern!
    Aber das habe ich:
    Code:
    OTL logfile created on: 4/23/2013 11:57:37 PM - Run 3
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\fraxmann\Desktop
     Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    1.99 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 59.37% Memory free
    3.98 Gb Paging File | 2.87 Gb Available in Paging File | 72.08% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 40.00 Gb Total Space | 6.53 Gb Free Space | 16.34% Space Free | Partition Type: NTFS
    Drive D: | 93.95 Gb Total Space | 15.64 Gb Free Space | 16.64% Space Free | Partition Type: NTFS
     
    Computer Name: KISCHDLE | User Name: fraxmann | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - File not found -- 
    PRC - [2013/04/23 23:05:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\fraxmann\Desktop\OTL.exe
    PRC - [2013/03/23 03:56:36 | 000,042,784 | ---- | M] (Yontoo LLC) -- C:\Users\fraxmann\AppData\Roaming\Yontoo\YontooDesktop.exe
    PRC - [2013/01/24 14:18:46 | 001,646,216 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
    PRC - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2012/11/13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
    PRC - [2012/11/13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    PRC - [2012/11/12 12:45:18 | 000,309,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    PRC - [2012/11/12 12:45:14 | 000,968,120 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
    PRC - [2012/04/19 08:57:16 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
    PRC - [2012/04/19 08:57:16 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
    PRC - [2012/02/18 17:58:13 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\PROGRA~1\TELEVI~2\bar\1.bin\64barsvc.exe
    PRC - [2012/02/18 17:58:13 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files\TelevisionFanatic\bar\1.bin\64brmon.exe
    PRC - [2011/11/18 15:51:12 | 003,673,944 | ---- | M] () -- D:\Tobit Radio.fx\Server\rfx-server.exe
    PRC - [2011/09/27 11:44:20 | 000,439,440 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    PRC - [2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/12/09 17:01:20 | 000,606,208 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
    PRC - [2009/09/11 12:33:54 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
    PRC - [2009/08/27 06:43:50 | 000,093,184 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
    PRC - [2009/08/23 06:47:34 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
    PRC - [2009/08/22 08:11:48 | 000,826,880 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
    PRC - [2009/08/13 22:58:10 | 000,044,312 | ---- | M] () -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
    PRC - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\System32\Rezip.exe
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - [2013/02/14 12:12:36 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll
    MOD - [2013/02/14 12:10:59 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
    MOD - [2013/01/10 15:30:25 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
    MOD - [2013/01/10 15:24:13 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
    MOD - [2013/01/10 15:23:18 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
    MOD - [2013/01/10 15:21:44 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
    MOD - [2013/01/10 15:21:36 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
    MOD - [2013/01/10 15:20:51 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
    MOD - [2013/01/10 15:20:24 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
    MOD - [2013/01/10 15:20:05 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
    MOD - [2013/01/10 15:20:00 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
    MOD - [2013/01/10 15:19:26 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
    MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
    MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
    MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
    MOD - [2012/11/08 23:10:16 | 012,564,480 | ---- | M] () -- C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll
    MOD - [2012/11/08 23:09:50 | 000,569,344 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.UI.dll
    MOD - [2012/10/29 20:07:46 | 000,034,816 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
    MOD - [2012/10/29 20:07:02 | 000,023,040 | ---- | M] () -- C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll
    MOD - [2012/10/29 13:10:06 | 000,057,856 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\MediaModules\ASF_cSharpAPI.dll
    MOD - [2012/10/05 12:53:24 | 003,198,976 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    MOD - [2012/04/13 12:04:32 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
    MOD - [2012/04/13 12:00:04 | 000,170,496 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxslt.dll
    MOD - [2010/11/13 02:02:21 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
    MOD - [2010/11/05 03:59:41 | 000,212,992 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
    MOD - [2010/11/05 03:58:14 | 002,048,000 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
    MOD - [2010/11/05 03:58:04 | 000,425,984 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
    MOD - [2009/12/09 17:01:20 | 000,606,208 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
    MOD - [2009/08/28 03:13:01 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
    MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
     
     
    ========== Services (SafeList) ==========
     
    SRV - File not found [Auto | Running] -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe C:\Users\fraxmann\AppData\Roaming\Yontoo\YontooDesktop.exe -- (Yontoo Desktop Updater)
    SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
    SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
    SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
    SRV - [2013/04/14 19:03:14 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/04/02 21:07:28 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/02/18 17:58:13 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\PROGRA~1\TELEVI~2\bar\1.bin\64barsvc.exe -- (TelevisionFanaticService)
    SRV - [2011/11/18 15:51:12 | 003,673,944 | ---- | M] () [Auto | Running] -- D:\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx)
    SRV - [2009/09/11 12:33:54 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
    SRV - [2009/08/13 22:58:10 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
    SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
    SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\System32\Rezip.exe -- (Rezip)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\fraxmann\AppData\Local\Temp\fwlyqpog.sys -- (fwlyqpog)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\fraxmann\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
    DRV - [2011/05/06 15:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
    DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009/12/14 05:44:42 | 001,245,696 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2009/06/29 17:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
    DRV - [2009/06/29 17:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
    DRV - [2009/04/09 13:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2009/03/02 14:12:10 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
    DRV - [2009/03/02 14:12:10 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
    DRV - [2008/10/09 13:50:08 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
    DRV - [2008/10/09 13:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Stopped] -- C:\windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
    DRV - [2002/08/08 16:51:32 | 000,038,951 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETMDUSB.sys -- (NETMDUSB)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{2A09A812-C00C-434B-88DE-79F30BC40577}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://startsear.ch/?aff=1&q={searchTerms}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1703539
     
     
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
     
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
     
     
     
    IE - HKU\S-1-5-21-1675562717-242507097-1823633445-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
    IE - HKU\S-1-5-21-1675562717-242507097-1823633445-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-1675562717-242507097-1823633445-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKU\S-1-5-21-1675562717-242507097-1823633445-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKU\S-1-5-21-1675562717-242507097-1823633445-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 68 00 74 00 74 00 70 00 3A 00 2F 00 2F 00 FE 00 FF 00 FF 00 FF 00 77 00 2F 00 F9 00 76 00 12 00 2E 00 F9 00 76 00 A0 00 F7 00 25 00 2F 00 00 00 61 00 62 00 6F 00 75 00 74 00 3A 00 62 00 6C 00 61 00 6E 00 6B 00 00 00 68 00 74 00 74 00 70 00 3A 00 2F 00 2F 00 24 00 76 00 68 00 F8 00 25 00 2F 00 00 00 68 00 74 00 74 00 70 00 3A 00 2F 00 2F 00 4E 00 D4 00 4F 00 75 00 1C 00 02 00 2F 00 00 00 61 00 62 00 6F 00 75 00 74 00 3A 00 62 00 6C 00 61 00 6E 00 6B 00 00 00 61 00 62 00 6F 00 75 00 74 00 3A 00 62 00 6C 00 61 00 6E 00 6B 00 00 00 61 00 62 00 6F 00 75 00 74 00 3A 00 62 00 6C 00 61 00 6E 00 6B 00 00 00 61 00 62 00 6F 00 75 00 74 00 3A 00 62 00 6C 00 61 00 6E 00 6B 00 00 00 61 00 62 00 6F 00 75 00 74 00 3A 00 62 00 6C 00 61 00 6E 00 6B 00 00 00 61 00 62 00 6F 00 75 00 74 00 3A 00 62 00 6C 00 61 00 6E 00 6B 00 00 00 61 00 62 00 6F 00 75 00 74 00 3A 00 62 00 6C 00 61 00 6E 00 6B 00 00 00 61 00 62 00 6F 00 75 00 74 00 3A 00 62 00 6C 00 61 00 6E 00 6B 00 00 00 61 00 62 00 6F 00 75 00 74 00 3A 00 62 00 6C 00 61 00 6E 00 6B 00 00 00 61 00 62 00 6F 00 75 00 74 00 3A 00 62 00 6C 00 61 00 6E 00 6B 00 00 00 61 00 62 00 6F 00 75 00 74 00 3A 00 62 00 6C 00 61 00 6E 00 6B 00 00 00 61 00 62 00 6F 00 75 00 74 00 3A 00 62 00 6C 00 61 00 6E 00 6B 00 00 00 68 00 74 00 74 00 70 00 3A 00 2F 00 2F 00 C8 00 54 00 F8 00 76 00 08 00 68 00 F8 00 76 00 D0 00 F7 00 25 00 2F 00 00 00 66 00 69 00 6C 00 65 00 3A 00 2F 00 2F 00 2F 00 43 00 3A 00 2F 00 55 00 73 00 65 00 72 00 73 00 2F 00 66 00 72 00 61 00 00 00 00 00  [Binary data over 200 bytes]
    IE - HKU\S-1-5-21-1675562717-242507097-1823633445-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=XPxdm049BCde&ptb=0CFEA547-8671-4BAC-8450-FD0107AB7356&si=49647/
    IE - HKU\S-1-5-21-1675562717-242507097-1823633445-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-1675562717-242507097-1823633445-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-1675562717-242507097-1823633445-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKU\S-1-5-21-1675562717-242507097-1823633445-1000\..\URLSearchHook: {0696f815-a3a9-490a-bb14-9ec3350b1276} - No CLSID value found
    IE - HKU\S-1-5-21-1675562717-242507097-1823633445-1000\..\URLSearchHook: {134b012b-132d-4516-a786-2395828640b5} - No CLSID value found
    IE - HKU\S-1-5-21-1675562717-242507097-1823633445-1000\..\SearchScopes,DefaultScope = {2A09A812-C00C-434B-88DE-79F30BC40577}
    IE - HKU\S-1-5-21-1675562717-242507097-1823633445-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1675562717-242507097-1823633445-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=BLT&o=15558&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=HG&apn_dtid=YYYYYYYYDE&apn_uid=085BCE13-1069-426C-9E43-4463E1D7EC65&apn_sauid=F535A6E5-B3C2-47BE-B135-05D66A7FB048
    IE - HKU\S-1-5-21-1675562717-242507097-1823633445-1000\..\SearchScopes\{2A09A812-C00C-434B-88DE-79F30BC40577}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_deDE362DE362
    IE - HKU\S-1-5-21-1675562717-242507097-1823633445-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de___DE362
    IE - HKU\S-1-5-21-1675562717-242507097-1823633445-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-1675562717-242507097-1823633445-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1703539
    IE - HKU\S-1-5-21-1675562717-242507097-1823633445-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1675562717-242507097-1823633445-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
     
    ========== FireFox ==========
     
    FF - prefs.js..CT3241949.browser.search.defaultthis.engineName: true
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultthis.engineName: "IsoBuster DE Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1703539&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {134b012b-132d-4516-a786-2395828640b5}:2.7.2.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.102
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
     
     
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@TelevisionFanatic.com/Plugin: C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll (MindSpark)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2010/09/30 17:00:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\64ffxtbr@TelevisionFanatic.com: C:\Program Files\TelevisionFanatic\bar\1.bin [2012/02/18 17:58:27 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/14 19:03:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/14 19:04:43 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/04/06 13:37:43 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/04/06 13:37:43 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
     
    [2010/03/27 14:39:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fraxmann\AppData\Roaming\mozilla\Extensions
    [2010/03/27 14:39:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fraxmann\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2013/04/23 21:15:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fraxmann\AppData\Roaming\mozilla\Firefox\Profiles\pq55x1t5.default\extensions
    [2011/04/30 11:34:39 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\fraxmann\AppData\Roaming\mozilla\Firefox\Profiles\pq55x1t5.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2011/08/17 21:45:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fraxmann\AppData\Roaming\mozilla\Firefox\Profiles\pq55x1t5.default\extensions\nostmp
    [2010/08/15 18:16:03 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\fraxmann\AppData\Roaming\mozilla\Firefox\Profiles\pq55x1t5.default\extensions\vshare@toolbar
    [2013/04/02 21:00:06 | 000,216,743 | ---- | M] () (No name found) -- C:\Users\fraxmann\AppData\Roaming\mozilla\firefox\profiles\pq55x1t5.default\extensions\freehdsport@freehdsport.tv.xpi
    [2013/04/19 21:35:00 | 000,262,896 | ---- | M] () (No name found) -- C:\Users\fraxmann\AppData\Roaming\mozilla\firefox\profiles\pq55x1t5.default\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
    [2011/12/22 19:59:19 | 000,000,933 | ---- | M] () -- C:\Users\fraxmann\AppData\Roaming\mozilla\firefox\profiles\pq55x1t5.default\searchplugins\11-suche.xml
    [2013/04/23 19:16:36 | 000,002,400 | ---- | M] () -- C:\Users\fraxmann\AppData\Roaming\mozilla\firefox\profiles\pq55x1t5.default\searchplugins\askcom.xml
    [2011/12/22 19:59:19 | 000,002,419 | ---- | M] () -- C:\Users\fraxmann\AppData\Roaming\mozilla\firefox\profiles\pq55x1t5.default\searchplugins\englische-ergebnisse.xml
    [2013/01/23 22:04:18 | 000,001,064 | ---- | M] () -- C:\Users\fraxmann\AppData\Roaming\mozilla\firefox\profiles\pq55x1t5.default\searchplugins\fileconverter-13-customized-web-search.xml
    [2010/01/31 20:10:28 | 000,002,321 | ---- | M] () -- C:\Users\fraxmann\AppData\Roaming\mozilla\firefox\profiles\pq55x1t5.default\searchplugins\forestle-de.xml
    [2011/12/22 19:59:19 | 000,010,525 | ---- | M] () -- C:\Users\fraxmann\AppData\Roaming\mozilla\firefox\profiles\pq55x1t5.default\searchplugins\gmx-suche.xml
    [2011/12/22 19:59:19 | 000,002,457 | ---- | M] () -- C:\Users\fraxmann\AppData\Roaming\mozilla\firefox\profiles\pq55x1t5.default\searchplugins\lastminute.xml
    [2012/02/18 18:27:36 | 000,009,629 | ---- | M] () -- C:\Users\fraxmann\AppData\Roaming\mozilla\firefox\profiles\pq55x1t5.default\searchplugins\my-web-search.xml
    [2011/07/11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\fraxmann\AppData\Roaming\mozilla\firefox\profiles\pq55x1t5.default\searchplugins\startsear.xml
    [2011/12/22 19:59:19 | 000,005,508 | ---- | M] () -- C:\Users\fraxmann\AppData\Roaming\mozilla\firefox\profiles\pq55x1t5.default\searchplugins\webde-suche.xml
    [2013/03/08 08:21:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
    [2013/03/08 08:21:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/04/14 19:03:15 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/06/09 13:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
    [2012/06/20 14:20:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
    [2012/08/30 19:39:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/06/20 14:20:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
    [2012/06/20 14:20:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
    [2012/06/20 14:20:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
    [2012/06/20 14:20:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
     
    O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Search Assistant BHO) - {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll (MindSpark)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Toolbar BHO) - {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\PROGRA~1\TELEVI~2\bar\1.bin\64bar.dll (MindSpark)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll File not found
    O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
    O3 - HKLM\..\Toolbar: (TelevisionFanatic) - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-1675562717-242507097-1823633445-1000\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
    O3 - HKU\S-1-5-21-1675562717-242507097-1823633445-1000\..\Toolbar\WebBrowser: (TelevisionFanatic) - {C98D5B61-B0EA-4D48-9839-1079D352D880} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)
    O3 - HKU\S-1-5-21-1675562717-242507097-1823633445-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: []  File not found
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
    O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
    O4 - HKLM..\Run: [Samsung PanelMgr] C:\windows\Samsung\PanelMgr\ssmmgr.exe ()
    O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    O4 - HKLM..\Run: [TelevisionFanatic Browser Plugin Loader] C:\PROGRA~1\TELEVI~2\bar\1.bin\64brmon.exe (VER_COMPANY_NAME)
    O4 - HKLM..\Run: [TelevisionFanatic Search Scope Monitor] "C:\PROGRA~1\TELEVI~2\bar\1.bin\64srchmn.exe" /m=2 /w /h File not found
    O4 - HKU\S-1-5-21-1675562717-242507097-1823633445-1000..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
    O4 - HKU\S-1-5-21-1675562717-242507097-1823633445-1000..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
    O4 - HKU\S-1-5-21-1675562717-242507097-1823633445-1000..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
    O4 - HKU\S-1-5-21-1675562717-242507097-1823633445-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-1675562717-242507097-1823633445-1000..\Run: [Yontoo Desktop] C:\Users\fraxmann\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC)
    O4 - HKLM..\RunOnce: [SpybotDeletingE1226] C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe (Safer-Networking Ltd.)
    O4 - HKLM..\RunOnce: [SpybotDeletingE5197] C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe (Safer-Networking Ltd.)
    O4 - HKLM..\RunOnce: [SpybotDeletingE5247] C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe (Safer-Networking Ltd.)
    O4 - HKLM..\RunOnce: [SpybotDeletingE5518] C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe (Safer-Networking Ltd.)
    O4 - HKLM..\RunOnce: [SpybotDeletingE7589] C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe (Safer-Networking Ltd.)
    O4 - HKLM..\RunOnce: [SpybotDeletingE779] C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe (Safer-Networking Ltd.)
    O4 - HKLM..\RunOnce: [SpybotDeletingE781] C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1675562717-242507097-1823633445-1000..\RunOnce: [SpybotDeletingF1604] C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-1675562717-242507097-1823633445-1000..\RunOnce: [SpybotDeletingF3001] C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-1675562717-242507097-1823633445-1000..\RunOnce: [SpybotDeletingF3549] C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-1675562717-242507097-1823633445-1000..\RunOnce: [SpybotDeletingF4110] C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-1675562717-242507097-1823633445-1000..\RunOnce: [SpybotDeletingF6356] C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-1675562717-242507097-1823633445-1000..\RunOnce: [SpybotDeletingF6549] C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-1675562717-242507097-1823633445-1000..\RunOnce: [SpybotDeletingF6572] C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-1675562717-242507097-1823633445-1000..\RunOnce: [SpybotDeletingF8199] C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-1675562717-242507097-1823633445-1000..\RunOnce: [SpybotDeletingF9345] C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-1675562717-242507097-1823633445-1000..\RunOnce: [SpybotDeletingF9645] C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe (Safer-Networking Ltd.)
    O4 - Startup: C:\Users\fraxmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\S-1-5-21-1675562717-242507097-1823633445-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
    O7 - HKU\S-1-5-21-1675562717-242507097-1823633445-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
    O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
    O13 - gopher Prefix: missing
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D86903C-E2E0-47F9-8984-F2575DF13B9C}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2013/04/20 20:39:51 | 000,000,000 | ---D | M] - D:\Auto -- [ NTFS ]
    O32 - AutoRun File - [2010/03/21 10:17:18 | 000,000,000 | ---D | M] - D:\Automatisch zu iTunes hinzufügen -- [ NTFS ]
    O33 - MountPoints2\{af2f1b3f-cc64-11df-bb99-001377bff629}\Shell - "" = AutoRun
    O33 - MountPoints2\{af2f1b3f-cc64-11df-bb99-001377bff629}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
    O33 - MountPoints2\{af2f1b59-cc64-11df-bb99-001377bff629}\Shell - "" = AutoRun
    O33 - MountPoints2\{af2f1b59-cc64-11df-bb99-001377bff629}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
    O33 - MountPoints2\{af2f1b95-cc64-11df-bb99-001e101f9843}\Shell - "" = AutoRun
    O33 - MountPoints2\{af2f1b95-cc64-11df-bb99-001e101f9843}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2013/04/23 23:05:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\fraxmann\Desktop\OTL.exe
    [2013/04/23 17:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2013/04/23 17:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    [2013/04/23 17:32:04 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\windows\System32\sdnclean.exe
    [2013/04/23 17:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
    [2013/04/23 15:27:20 | 000,000,000 | ---D | C] -- C:\Users\fraxmann\AppData\Local\Programs
    [2013/04/23 15:25:55 | 055,454,464 | ---- | C] (Safer-Networking Ltd.                                       ) -- C:\Users\fraxmann\Desktop\SpybotSD2_2.0.12.exe
    [2013/04/22 22:55:57 | 000,000,000 | ---D | C] -- C:\Users\fraxmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
    [2013/04/22 22:55:54 | 000,000,000 | ---D | C] -- C:\sh4ldr
    [2013/04/22 22:55:54 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
    [2013/04/22 22:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
    [2013/04/11 06:55:49 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
    [2013/04/11 06:55:46 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
    [2013/04/11 06:55:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
    [2013/04/11 06:55:44 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
    [2013/04/11 06:55:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
    [2013/04/11 06:55:41 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
    [2013/04/11 06:55:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
    [2013/04/11 06:55:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
    [2013/04/10 15:16:00 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
    [2013/04/10 15:15:52 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
    [2013/04/10 15:15:52 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
    [2013/04/10 15:15:50 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\csrsrv.dll
    [2013/04/10 15:15:32 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aaclient.dll
    [2013/04/10 15:15:31 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tsgqec.dll
    [2013/04/06 13:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
    [2013/04/02 21:01:46 | 000,000,000 | ---D | C] -- C:\Program Files\Iminent
    [2013/04/02 21:00:15 | 000,000,000 | ---D | C] -- C:\Users\fraxmann\AppData\Roaming\Yontoo
    [2013/04/02 21:00:15 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
    [2013/04/02 21:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
    [2013/04/02 21:00:02 | 000,000,000 | ---D | C] -- C:\Users\fraxmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ATDheNetTVApp.com
    [2013/04/02 21:00:02 | 000,000,000 | ---D | C] -- C:\Program Files\ATDheNetTVApp.com
    [2013/04/02 16:09:52 | 004,550,656 | ---- | C] (Google Inc.) -- C:\windows\System32\GPhotos.scr
    [2013/03/26 00:50:19 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\usb8023.sys
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2013/04/23 23:32:01 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/04/23 23:26:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2013/04/23 23:24:09 | 000,377,856 | ---- | M] () -- C:\Users\fraxmann\Desktop\1zvhzb7b.exe
    [2013/04/23 23:05:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\fraxmann\Desktop\OTL.exe
    [2013/04/23 22:46:04 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2013/04/23 21:11:40 | 000,000,512 | ---- | M] () -- C:\windows\wininit.ini
    [2013/04/23 17:32:18 | 000,002,119 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2013/04/23 15:25:58 | 055,454,464 | ---- | M] (Safer-Networking Ltd.                                       ) -- C:\Users\fraxmann\Desktop\SpybotSD2_2.0.12.exe
    [2013/04/23 15:10:30 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/04/23 15:10:29 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/04/23 14:03:07 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/04/22 23:01:26 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\SWR RadioRecorder.LNK
    [2013/04/22 23:01:22 | 000,000,918 | ---- | M] () -- C:\Users\Public\Desktop\hr2 RadioRecorder.LNK
    [2013/04/22 06:55:55 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
    [2013/04/22 06:55:55 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
    [2013/04/22 06:55:55 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
    [2013/04/22 06:55:55 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
    [2013/04/22 06:51:16 | 000,000,314 | ---- | M] () -- C:\windows\tasks\WinMaximizer-fraxmann-Startup.job
    [2013/04/22 06:50:49 | 1603,035,136 | -HS- | M] () -- C:\hiberfil.sys
    [2013/04/14 07:31:13 | 000,000,334 | ---- | M] () -- C:\windows\tasks\File Helper.job
    [2013/04/11 07:04:47 | 000,325,928 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
    [2013/04/10 22:25:49 | 000,018,432 | ---- | M] () -- C:\Users\fraxmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/04/02 21:21:17 | 000,000,254 | ---- | M] () -- C:\windows\System32\InstallUtil.InstallLog
    [2013/04/02 21:07:27 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
    [2013/04/02 21:07:27 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
    [2013/04/02 16:09:52 | 004,550,656 | ---- | M] (Google Inc.) -- C:\windows\System32\GPhotos.scr
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2013/04/23 23:24:02 | 000,377,856 | ---- | C] () -- C:\Users\fraxmann\Desktop\1zvhzb7b.exe
    [2013/04/23 20:31:17 | 000,000,512 | ---- | C] () -- C:\windows\wininit.ini
    [2013/04/23 17:32:18 | 000,002,131 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    [2013/04/23 17:32:18 | 000,002,119 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2013/04/02 21:21:17 | 000,000,254 | ---- | C] () -- C:\windows\System32\InstallUtil.InstallLog
    [2012/10/29 13:09:28 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll
    [2012/10/29 13:09:28 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll
    [2012/10/29 13:09:28 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll
    [2012/10/29 13:09:28 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll
    [2012/10/29 13:09:28 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
    [2012/06/22 11:01:32 | 000,019,984 | ---- | C] () -- C:\windows\System32\ESGScanner.sys
    [2011/11/20 18:52:00 | 000,015,873 | ---- | C] () -- C:\windows\System32\Inetde.dll
    [2011/10/04 19:15:18 | 000,018,432 | ---- | C] () -- C:\Users\fraxmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/01/18 00:31:30 | 000,004,940 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
    [2010/01/12 21:53:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/01/12 18:37:20 | 000,000,444 | ---- | C] () -- C:\Users\fraxmann\Desktop.lnk
    [2010/01/12 18:07:20 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
    [2009/06/16 13:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
     
    ========== ZeroAccess Check ==========
     
    [2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    ========== LOP Check ==========
     
    [2011/11/20 18:51:54 | 000,000,000 | ---D | M] -- C:\Users\fraxmann\AppData\Roaming\BOM
    [2010/09/30 09:37:42 | 000,000,000 | ---D | M] -- C:\Users\fraxmann\AppData\Roaming\Bytemobile
    [2012/11/13 21:09:31 | 000,000,000 | ---D | M] -- C:\Users\fraxmann\AppData\Roaming\Canon
    [2012/07/23 16:17:07 | 000,000,000 | ---D | M] -- C:\Users\fraxmann\AppData\Roaming\elsterformular
    [2010/01/12 23:13:17 | 000,000,000 | ---D | M] -- C:\Users\fraxmann\AppData\Roaming\OpenOffice.org
    [2012/12/09 21:15:11 | 000,000,000 | ---D | M] -- C:\Users\fraxmann\AppData\Roaming\Samsung
    [2012/02/10 19:25:59 | 000,000,000 | ---D | M] -- C:\Users\fraxmann\AppData\Roaming\SR-Media
    [2010/03/27 14:39:22 | 000,000,000 | ---D | M] -- C:\Users\fraxmann\AppData\Roaming\Thunderbird
    [2012/01/02 21:43:31 | 000,000,000 | ---D | M] -- C:\Users\fraxmann\AppData\Roaming\TIPP10
    [2010/05/21 07:33:59 | 000,000,000 | ---D | M] -- C:\Users\fraxmann\AppData\Roaming\Tobit
    [2010/09/30 09:38:01 | 000,000,000 | ---D | M] -- C:\Users\fraxmann\AppData\Roaming\Vodafone
    [2010/09/30 09:40:53 | 000,000,000 | ---D | M] -- C:\Users\fraxmann\AppData\Roaming\Vodafone Mobile Connect
    [2012/12/23 00:08:00 | 000,000,000 | ---D | M] -- C:\Users\fraxmann\AppData\Roaming\Wise Registry Cleaner
    [2013/04/23 19:56:29 | 000,000,000 | ---D | M] -- C:\Users\fraxmann\AppData\Roaming\Yontoo
     
    ========== Purity Check ==========
     
     
     
    ========== Alternate Data Streams ==========
     
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54
    
    < End of report >

    und:
    Code:
    OTL Extras logfile created on: 4/23/2013 11:57:37 PM - Run 3
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\fraxmann\Desktop
     Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    1.99 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 59.37% Memory free
    3.98 Gb Paging File | 2.87 Gb Available in Paging File | 72.08% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 40.00 Gb Total Space | 6.53 Gb Free Space | 16.34% Space Free | Partition Type: NTFS
    Drive D: | 93.95 Gb Total Space | 15.64 Gb Free Space | 16.64% Space Free | Partition Type: NTFS
     
    Computer Name: KISCHDLE | User Name: fraxmann | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (SafeList) ==========
     
     
    ========== File Associations ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
     
    [HKEY_USERS\S-1-5-21-1675562717-242507097-1823633445-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
     
    ========== Shell Spawning ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- "%1" %*
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    ========== Security Center Settings ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
     
    ========== Firewall Settings ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    ========== Authorized Applications List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
    "C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
    "C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
    "C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
     
     
    ========== Vista Active Open Ports Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{D0720E22-EA4D-47C0-9A08-2808F0BEB67F}" = lport=2869 | protocol=6 | dir=in | app=system | 
    "{F2FE5964-FD10-4630-88D0-F54DA5155630}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
     
    ========== Vista Active Application Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{122F995C-AE03-417A-9765-9E1DEB1E336E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
    "{189C864F-6ED8-4CB0-9BFC-6FA39C2637FA}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
    "{1B5C80E1-EA8B-4628-BD09-B3B46F9CE851}" = dir=in | app=c:\program files\itunes\itunes.exe | 
    "{29657DA0-0800-4F22-9147-CC5F6683650A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
    "{7813D03B-8EC7-457A-B696-9216FD7D8B64}" = protocol=17 | dir=in | app=d:\tobit radio.fx\client\rfx-client.exe | 
    "{847457E8-CCED-41E8-93A2-D7A0C5667791}" = protocol=17 | dir=in | app=d:\tobit radio.fx\server\rfx-server.exe | 
    "{87BFF4E0-F052-4F41-91E3-6D6225950A4D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
    "{89B3B440-B3A2-4B3A-B9B5-6AF764BBF3FA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
    "{96DC0F67-5157-4309-80F2-21F6CC2BF8B3}" = protocol=6 | dir=in | app=d:\tobit radio.fx\client\rfx-client.exe | 
    "{A0D4D209-D118-456B-B5FB-85F58F1E3489}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
    "{A88698C6-C6C3-41E3-9971-9565417FB8BB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
    "{D56ED230-03CC-4D2D-9FB0-B01695676CA0}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
    "{DF551631-67A4-485D-8D6E-B83C922D52B0}" = protocol=6 | dir=in | app=d:\tobit radio.fx\server\rfx-server.exe | 
    "{E92E6F04-A5F1-4213-AE9D-42F9394B9CF7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
    "TCP Query User{0B191392-357B-405B-A48F-0305474474AB}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
    "TCP Query User{B081F020-DA77-441C-BABA-508E78B06ADB}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
    "TCP Query User{E19CF978-C0C2-425D-BAA9-DF487A475B91}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
    "UDP Query User{4203044B-629F-4C55-8BEC-E8CBDC97B117}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
    "UDP Query User{625DFC66-87A6-41BF-B463-C4EBE855E105}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
    "UDP Query User{78326B01-0180-40CC-BCA4-6C66D5B48317}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{0DCF2BB4-A124-4596-89F7-5670294E091B}" = Microsoft Office Activation Assistant for Netbooks
    "{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX430_series" = Canon MX430 series MP Drivers
    "{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
    "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
    "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
    "{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
    "{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1" = System Checkup 3.2
    "{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
    "{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
    "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
    "{54B1E5A3-1B29-4582-A226-172A1FC7BA6C}" = Windows Live Family Safety
    "{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
    "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
    "{63eafc52-b963-4297-a7eb-d412944e7065}_is1" = Game Pack
    "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
    "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller  Driver
    "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 2.051
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
    "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
    "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
    "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
    "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
    "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
    "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
    "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91DE5A42-8D5E-42EB-BA32-A80682FA94D7}" = Samsung Support Center
    "{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender
    "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
    "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
    "{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
    "{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
    "{D8167CA8-236B-4334-B77D-F388F494EE18}" = SpyHunter
    "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    "{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
    "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
    "{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    "{F8EC41B8-8C54-4C56-AFBD-30EFF1EE2DF6}" = Förderplaner V2
    "{FE6E1AF6-6B88-44FE-8101-84AE6A52B393}" = Windows Live Movie Maker-Betaversion
    "ABC Amber Text Converter" = ABC Amber Text Converter
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
    "Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
    "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
    "dm-Fotowelt" = dm-Fotowelt
    "ElsterFormular für Privatanwender 12.2.1.6570p" = ElsterFormular-Upgrade
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "IsoBuster_is1" = IsoBuster 2.8.5
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    "Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
    "Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MP Navigator EX 5.1" = Canon MP Navigator EX 5.1
    "Picasa 3" = Picasa 3
    "Samsung CLP-310 Series" = Samsung CLP-310 Series
    "Samsung ML-1510_700 Series" = Samsung ML-1510_700 Series
    "Samsung ML-191x 252x Series" = Wartung Samsung ML-191x 252x Series
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TelevisionFanaticbar Uninstall" = TelevisionFanatic Toolbar
    "TIPP10_is1" = TIPP10 Version 2.1.0
    "Tobit Radio.fx Server 16" = hr2 RadioRecorder
    "Tobit Radio.fx Server 4" = SWR RadioRecorder
    "Veetle TV" = Veetle TV 0.9.17
    "vShare.tv plugin" = vShare.tv plugin 1.3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "Wise Registry Cleaner_is1" = Wise Registry Cleaner 7.55
     
    ========== HKEY_USERS Uninstall List ==========
     
    [HKEY_USERS\S-1-5-21-1675562717-242507097-1823633445-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
     
    ========== Last 20 Event Log Errors ==========
     
    [ Application Events ]
    Error - 4/21/2013 1:36:59 PM | Computer Name = kischdle | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 50497
     
    Error - 4/22/2013 12:51:06 AM | Computer Name = kischdle | Source = VMCService | ID = 0
    Description = conflictManagerTypeValue
     
    Error - 4/22/2013 8:33:03 AM | Computer Name = kischdle | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second
     
    Error - 4/22/2013 8:33:03 AM | Computer Name = kischdle | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 1398581
     
    Error - 4/22/2013 8:33:03 AM | Computer Name = kischdle | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 1398581
     
    Error - 4/22/2013 9:11:33 AM | Computer Name = kischdle | Source = SideBySide | ID = 16842785
    Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
     Support Center\Drv\drv2x64\KStartMem.exe.Manifest".  Die abhängige Assemblierung 
    "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
     konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
     "sxstrace.exe".
     
    Error - 4/22/2013 9:12:59 AM | Computer Name = kischdle | Source = SideBySide | ID = 16842785
    Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
    Die
     abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
     konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
     "sxstrace.exe".
     
    Error - 4/22/2013 9:14:44 AM | Computer Name = kischdle | Source = SideBySide | ID = 16842785
    Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Canon\mp
     navigator ex 5.1\mpnmlif64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
     konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
     "sxstrace.exe".
     
    Error - 4/23/2013 11:33:36 AM | Computer Name = kischdle | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847,
     Zeitstempel: 0x51650aee  Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847,
     Zeitstempel: 0x51650a09  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000b10e8  ID des fehlerhaften
     Prozesses: 0x17d8  Startzeit der fehlerhaften Anwendung: 0x01ce401ac98599fa  Pfad der
     fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
     Moduls: C:\Program Files\Mozilla Firefox\xul.dll  Berichtskennung: 29bca60f-ac2b-11e2-8775-001377bff629
     
    Error - 4/23/2013 2:32:38 PM | Computer Name = kischdle | Source = VSS | ID = 8194
    Description = 
     
    Error - 4/23/2013 3:11:21 PM | Computer Name = kischdle | Source = VSS | ID = 8194
    Description = 
     
    [ OSession Events ]
    Error - 1/14/2010 4:32:18 PM | Computer Name = kischdle | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
     12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 79
     seconds with 0 seconds of active time.  This session ended with a crash.
     
    [ Spybot - Search and Destroy Events ]
    Error - 4/23/2013 2:31:27 PM | Computer Name = kischdle | Source = SDCleaner | ID = 100
    Description = LoadCleaningInstructions
     
    Error - 4/23/2013 2:33:47 PM | Computer Name = kischdle | Source = SDCleaner | ID = 100
    Description = LoadCleaningInstructions
     
    Error - 4/23/2013 2:57:16 PM | Computer Name = kischdle | Source = SDCleaner | ID = 100
    Description = LoadCleaningInstructions
     
    Error - 4/23/2013 3:11:46 PM | Computer Name = kischdle | Source = SDCleaner | ID = 100
    Description = LoadCleaningInstructions
     
    [ System Events ]
    Error - 4/20/2013 5:11:37 AM | Computer Name = kischdle | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
       %%20
     
    Error - 4/20/2013 5:11:43 AM | Computer Name = kischdle | Source = Service Control Manager | ID = 7026
    Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
       cdrom  tcpipBM
     
    Error - 4/21/2013 4:29:49 AM | Computer Name = kischdle | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
       %%20
     
    Error - 4/21/2013 4:29:55 AM | Computer Name = kischdle | Source = Service Control Manager | ID = 7026
    Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
       cdrom  tcpipBM
     
    Error - 4/21/2013 4:33:43 AM | Computer Name = kischdle | Source = Disk | ID = 262159
    Description = Das Gerät \Device\Harddisk0\DR0 ist für den Zugriff noch nicht bereit.
     
    Error - 4/21/2013 4:33:43 AM | Computer Name = kischdle | Source = Microsoft-Windows-Kernel-General | ID = 6
    Description = 
     
    Error - 4/22/2013 12:51:02 AM | Computer Name = kischdle | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
       %%20
     
    Error - 4/22/2013 12:51:06 AM | Computer Name = kischdle | Source = Service Control Manager | ID = 7026
    Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
       cdrom  tcpipBM
     
    Error - 4/22/2013 12:51:54 AM | Computer Name = kischdle | Source = Service Control Manager | ID = 7023
    Description = Der Dienst "iPod-Dienst" wurde mit folgendem Fehler beendet:   %%-2147417831
     
    Error - 4/22/2013 12:52:35 AM | Computer Name = kischdle | Source = DCOM | ID = 10010
    Description = 
     
     
    < End of report >
    ????????????????????????????????????????

    Tania
    Geändert von Speedy (25.04.2013 um 04:59 Uhr)

  4. #4
    Moderator (global) Team-Mitglied Avatar von Speedy
    Registriert seit
    07.08.2004
    Ort
    Linz
    Beiträge
    23.586

    AW: spyHunter4

    ok, deinstalliere die ask toolbar, yontoo, spyhunter und spybot s&d

    persönliche daten sichern
    1) vorbereitung
    • wechsle auf die seite von bleepingcomputer, und lies dir die deutsche beschreibung des tools sorgfälltig durch.
    • lade nun das tool combofix mit hilfe der links auf der seite von bleepingcomputer auf deinen desktop
    • nimm der rechner vom netz

    Öffne Notepad, schreib hinein (oder kopier das nachfolgende wort inkl. der :: Punkte
    KILLALL::
    speichere dies als CFScript.txt (also nur das eine wort) am selben speicherort (desktop), an dem sich combofix.exe befinde
    2) ausführen


    in bezug auf das obige bild, ziehe das CFScript in die combofix.exe hinein. wenn CF fertig ist, wird es eine logdatei unter C:\ComboFix.txt erstellen, poste den inhalt.

    poste bitte auch das Logfile C:\Qoobox\Add-Remove Programs.txt
    Geändert von Speedy (25.04.2013 um 05:20 Uhr)
    taniabaldklüger? likes this.
    lg
    www.Speedyweb.at.tf
    Die Durchführung meiner Tipps erfolgt auf eigene Verantwortung!
    HijackThis (Downloads und Anleitungen z.B. was ist fixen usw.)
    HijackThis-Chat oder willst du hier mitmachen Stellenausschreibung
    hilfestellung zur systembereinigung nur über das öffentliche forum und keinesfalls über privatnachrichten oder email !!

  5. #5
    Einsteiger
    Registriert seit
    23.04.2013
    Beiträge
    12

    AW: spyHunter4

    Code:
    ComboFix 13-04-25.01 - fraxmann 25.04.2013  20:50:25.1.2 - x86
    Microsoft Windows 7 Starter   6.1.7601.1.1252.49.1031.18.2038.1188 [GMT 2:00]
    ausgeführt von:: c:\users\fraxmann\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     * Neuer Wiederherstellungspunkt wurde erstellt
    .
    .
    ((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\FullRemove.exe
    c:\windows\system32\muzapp.exe
    c:\windows\wininit.ini
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_TelevisionFanaticService
    .
    .
    (((((((((((((((((((((((   Dateien erstellt von 2013-03-25 bis 2013-04-25  ))))))))))))))))))))))))))))))
    .
    .
    2013-04-24 17:40 . 2013-04-24 17:40	--------	d-----w-	c:\program files\download
    2013-04-24 17:37 . 2013-04-24 17:37	--------	d-----w-	c:\program files\Neuer Ordner
    2013-04-24 08:18 . 2013-04-12 13:45	1211752	----a-w-	c:\windows\system32\drivers\ntfs.sys
    2013-04-23 17:03 . 2013-04-23 17:03	60872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1CE826D0-3446-43FB-9924-549F0F82FE70}\offreg.dll
    2013-04-23 15:32 . 2013-04-23 18:30	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
    2013-04-23 15:31 . 2013-04-25 17:57	--------	d-----w-	c:\program files\Spybot - Search & Destroy 2
    2013-04-23 13:27 . 2013-04-23 13:27	--------	d-----w-	c:\users\fraxmann\AppData\Local\Programs
    2013-04-23 13:10 . 2013-04-23 13:10	--------	d-----w-	c:\windows\D8167CA8236B4334B77DF388F494EE18.TMP
    2013-04-23 12:18 . 2013-04-10 03:08	6906960	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1CE826D0-3446-43FB-9924-549F0F82FE70}\mpengine.dll
    2013-04-22 20:55 . 2013-04-22 20:55	110080	----a-r-	c:\users\fraxmann\AppData\Roaming\Microsoft\Installer\{D8167CA8-236B-4334-B77D-F388F494EE18}\IconF7A21AF7.exe
    2013-04-22 20:55 . 2013-04-22 20:55	110080	----a-r-	c:\users\fraxmann\AppData\Roaming\Microsoft\Installer\{D8167CA8-236B-4334-B77D-F388F494EE18}\IconD7F16134.exe
    2013-04-22 20:55 . 2013-04-22 20:55	110080	----a-r-	c:\users\fraxmann\AppData\Roaming\Microsoft\Installer\{D8167CA8-236B-4334-B77D-F388F494EE18}\IconCF33A0CE.exe
    2013-04-22 20:55 . 2013-04-22 20:56	--------	d-----w-	C:\sh4ldr
    2013-04-22 20:55 . 2013-04-22 20:55	--------	d-----w-	c:\program files\Enigma Software Group
    2013-04-22 20:54 . 2013-04-22 20:54	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
    2013-04-14 17:03 . 2013-04-14 17:03	26520	----a-w-	c:\program files\Mozilla Firefox\plugin-hang-ui.exe
    2013-04-10 13:16 . 2013-03-01 03:09	2347008	----a-w-	c:\windows\system32\win32k.sys
    2013-04-10 13:15 . 2013-03-19 05:04	3968856	----a-w-	c:\windows\system32\ntkrnlpa.exe
    2013-04-10 13:15 . 2013-03-19 05:04	3913560	----a-w-	c:\windows\system32\ntoskrnl.exe
    2013-04-10 13:15 . 2013-03-19 04:48	38912	----a-w-	c:\windows\system32\csrsrv.dll
    2013-04-10 13:15 . 2013-03-19 02:49	69632	----a-w-	c:\windows\system32\smss.exe
    2013-04-10 13:15 . 2013-02-15 04:37	3217408	----a-w-	c:\windows\system32\mstscax.dll
    2013-04-10 13:15 . 2013-02-15 04:34	131584	----a-w-	c:\windows\system32\aaclient.dll
    2013-04-10 13:15 . 2013-02-15 03:25	36864	----a-w-	c:\windows\system32\tsgqec.dll
    2013-04-06 11:37 . 2013-04-11 05:07	--------	d-----w-	c:\program files\Mozilla Thunderbird
    2013-04-02 19:01 . 2013-04-02 19:24	--------	d-----w-	c:\program files\Iminent
    2013-04-02 19:00 . 2013-04-25 19:29	--------	d-----w-	c:\users\fraxmann\AppData\Roaming\Yontoo
    2013-04-02 19:00 . 2013-04-02 19:00	--------	d-----w-	c:\programdata\Tarma Installer
    2013-04-02 19:00 . 2013-04-02 19:20	--------	d-----w-	c:\program files\ATDheNetTVApp.com
    2013-04-02 14:09 . 2013-04-02 14:09	4550656	----a-w-	c:\windows\system32\GPhotos.scr
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-04-02 19:07 . 2012-03-31 18:08	693976	----a-w-	c:\windows\system32\FlashPlayerApp.exe
    2013-04-02 19:07 . 2011-06-12 17:55	73432	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-03-11 23:10 . 2010-01-19 18:07	237088	------w-	c:\windows\system32\MpSigStub.exe
    2013-02-12 03:32 . 2013-03-25 22:50	15872	----a-w-	c:\windows\system32\drivers\usb8023.sys
    2013-04-14 17:03 . 2013-03-08 06:21	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2013-01-24 1521800]
    "{0696f815-a3a9-490a-bb14-9ec3350b1276}"= "c:\program files\TelevisionFanatic\bar\1.bin\64SrcAs.dll" [2012-02-18 62864]
    .
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{0696f815-a3a9-490a-bb14-9ec3350b1276}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{5d79f641-c168-40df-a32f-bacea7509e75}]
    2012-02-18 15:58	62864	----a-w-	c:\program files\TelevisionFanatic\bar\1.bin\64SrcAs.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}]
    2011-06-01 15:47	177712	----a-w-	c:\program files\vShare.tv plugin\BarLcher.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{cb41fc95-f1b3-4797-8bb6-1012ff62abba}]
    2012-02-18 15:58	693648	----a-w-	c:\progra~1\TELEVI~2\bar\1.bin\64bar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2013-01-24 12:18	1521800	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2013-01-24 1521800]
    "{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"= "c:\program files\vShare.tv plugin\BarLcher.dll" [2011-06-01 177712]
    "{c98d5b61-b0ea-4d48-9839-1079d352d880}"= "c:\program files\TelevisionFanatic\bar\1.bin\64bar.dll" [2012-02-18 693648]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CLASSES_ROOT\clsid\{7ac3e13b-3bca-4158-b330-f66dbb03c1b5}]
    [HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1]
    [HKEY_CLASSES_ROOT\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}]
    [HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher]
    .
    [HKEY_CLASSES_ROOT\clsid\{c98d5b61-b0ea-4d48-9839-1079d352d880}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2013-01-24 1521800]
    "{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"= "c:\program files\vShare.tv plugin\BarLcher.dll" [2011-06-01 177712]
    "{C98D5B61-B0EA-4D48-9839-1079D352D880}"= "c:\program files\TelevisionFanatic\bar\1.bin\64bar.dll" [2012-02-18 693648]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CLASSES_ROOT\clsid\{7ac3e13b-3bca-4158-b330-f66dbb03c1b5}]
    [HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1]
    [HKEY_CLASSES_ROOT\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}]
    [HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher]
    .
    [HKEY_CLASSES_ROOT\clsid\{c98d5b61-b0ea-4d48-9839-1079d352d880}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-27 39408]
    "KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-11-12 968120]
    "KiesAirMessage"="c:\program files\Samsung\Kies\KiesAirMessage.exe" [2012-11-01 577536]
    "Yontoo Desktop"="c:\users\fraxmann\AppData\Roaming\Yontoo\YontooDesktop.exe" [2013-03-23 42784]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-21 7625248]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-26 1713448]
    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
    "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-12-09 606208]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-04 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-04 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-04 150552]
    "MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-11 2403840]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-09-27 439440]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-11-12 309688]
    "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2013-01-24 1646216]
    .
    c:\users\fraxmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    OpenOffice.org 3.4.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-4-19 1199104]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean.exe
    .
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
    R2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files\Yontoo\Y2Desktop.Updater.exe [x]
    R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
    R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
    S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [x]
    S2 Radio.fx;Radio.fx Server;d:\tobit radio.fx\Server\rfx-server.exe [x]
    S2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [x]
    S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
    S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [x]
    S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
    .
    .
    --- Andere Dienste/Treiber im Speicher ---
    .
    *Deregistered* - BMLoad
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
    .
    Inhalt des "geplante Tasks" Ordners
    .
    2013-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 19:07]
    .
    2013-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 17:32]
    .
    2013-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 17:32]
    .
    .
    ------- Zusätzlicher Suchlauf -------
    .
    uStart Page = about:blank
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://startsear.ch/?aff=1
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    LSP: bmnet.dll
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\fraxmann\AppData\Roaming\Mozilla\Firefox\Profiles\pq55x1t5.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1703539&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
    FF - ExtSQL: 2013-04-02 21:00; freehdsport@freehdsport.tv; c:\users\fraxmann\AppData\Roaming\Mozilla\Firefox\Profiles\pq55x1t5.default\extensions\freehdsport@freehdsport.tv.xpi
    FF - user.js: yahoo.homepage.dontask - true);user_pref(extentions.y2layers.installId, 73fdc0c7-1e22-4a1a-8a11-8253e2f6bc94
    FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,buzzdock,YontooNewOffers
    .
    - - - - Entfernte verwaiste Registrierungseinträge - - - -
    .
    URLSearchHooks-{134b012b-132d-4516-a786-2395828640b5} - (no file)
    BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\Yontoo\YontooIEClient.dll
    Toolbar-Locked - (no file)
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
    AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
    AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
    AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
    AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
    AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
    AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
    AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
    AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
    AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
    AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
    .
    .
    .
    --------------------- Gesperrte Registrierungsschluessel ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- Durch laufende Prozesse gestartete DLLs ---------------------
    .
    - - - - - - - > 'lsass.exe'(536)
    c:\windows\system32\bmnet.dll
    .
    ------------------------ Weitere laufende Prozesse ------------------------
    .
    c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
    c:\program files\Samsung\Samsung Support Center\SSCKbdHk.exe
    c:\program files\Enigma Software Group\SpyHunter\Spyhunter4.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\Synaptics\SynTP\SynTPHelper.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\OpenOffice.org 3\program\soffice.exe
    c:\program files\OpenOffice.org 3\program\soffice.bin
    c:\program files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Zeit der Fertigstellung: 2013-04-25  21:37:26 - PC wurde neu gestartet
    ComboFix-quarantined-files.txt  2013-04-25 19:37
    .
    Vor Suchlauf: 7.783.329.792 Bytes frei
    Nach Suchlauf: 7.775.850.496 Bytes frei
    .
    - - End Of File - - 9DE05E67FD4B55C5AC22CB3321BCB38E

  6. #6
    Einsteiger
    Registriert seit
    23.04.2013
    Beiträge
    12

    AW: spyHunter4

    Das war ganz, ganz spannend!
    Tania

  7. #7
    Einsteiger
    Registriert seit
    23.04.2013
    Beiträge
    12

    AW: spyHunter4

    Ich dachte ich hätte die ask toolbar gelöscht! Da steht aber was von ask! ist sie etwa noch da? sehen kann ich sie nicht!

  8. #8
    Moderator (global) Team-Mitglied Avatar von Speedy
    Registriert seit
    07.08.2004
    Ort
    Linz
    Beiträge
    23.586

    AW: spyHunter4

    ein teil der anleitung fehlt noch!
    lg
    www.Speedyweb.at.tf
    Die Durchführung meiner Tipps erfolgt auf eigene Verantwortung!
    HijackThis (Downloads und Anleitungen z.B. was ist fixen usw.)
    HijackThis-Chat oder willst du hier mitmachen Stellenausschreibung
    hilfestellung zur systembereinigung nur über das öffentliche forum und keinesfalls über privatnachrichten oder email !!

  9. #9
    Einsteiger
    Registriert seit
    23.04.2013
    Beiträge
    12

    AW: spyHunter4

    ja- trotzdem sehr spannend!!

  10. #10
    Moderator (global) Team-Mitglied Avatar von Speedy
    Registriert seit
    07.08.2004
    Ort
    Linz
    Beiträge
    23.586

    AW: spyHunter4

    schön für dich

    die anleitung begann
    ok, deinstalliere die ask toolbar, yontoo, spyhunter und spybot s&d
    konntest du hier alles deinstallieren?
    das fehlt noch
    poste bitte auch das Logfile C:\Qoobox\Add-Remove Programs.txt
    lg
    www.Speedyweb.at.tf
    Die Durchführung meiner Tipps erfolgt auf eigene Verantwortung!
    HijackThis (Downloads und Anleitungen z.B. was ist fixen usw.)
    HijackThis-Chat oder willst du hier mitmachen Stellenausschreibung
    hilfestellung zur systembereinigung nur über das öffentliche forum und keinesfalls über privatnachrichten oder email !!

Seite 1 von 2 12 LetzteLetzte

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •