| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Firefox staret automatisch http://ad.adserverplus.com/ mit leerem FensterWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.11.2012, 17:03
| #1 |
 |  Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster Hallo zusammen, in der Hoffnung, dass ich als Neuling nicht irgend eine Regel übersehen habe, will ich mein Problem schildern: Seit einigen Tagen öffnet Firefox an schwer reproduzierbaren Stellen das vielzitierte Fenster hxxp://ad.adserverplus.com/. Das Fenster ist allerdings leer; eine Besonderheit, die mir in dieser Form bei den anderen Beiträgen nicht so aufgefallen ist. Heute bin ich auf eure (sehr übersichtlich und verständlich aufgebaute) Website gestoßen und habe folgendes abgearbeitet: 1. Malwarebytes gestartet ==> alles sauber 2. Defogger gestartet ==> In Bruchteilen einer Sekunde erschien die Meldung "Finished" also offensichtlich auch hier alles ok. 3. Habe OTL laufen lassen ==> die beiden Logs folgen unten. Da ich Windows 7 (64 bit) habe, habe ich weiter nichts unternommen, füge die beiden Dateien ein und warte auf eure Reaktion. Im voraus schon besten Dank! Masin OTL.txt: OTL logfile created on: 10.11.2012 16:16:56 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = E:\Downloads\firefox\Trojaner-Board 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,96 Gb Total Physical Memory | 3,80 Gb Available Physical Memory | 63,75% Memory free 11,92 Gb Paging File | 9,36 Gb Available in Paging File | 78,55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 205,97 Gb Total Space | 127,29 Gb Free Space | 61,80% Space Free | Partition Type: NTFS Drive D: | 425,58 Gb Total Space | 261,32 Gb Free Space | 61,40% Space Free | Partition Type: NTFS Drive E: | 554,98 Gb Total Space | 382,46 Gb Free Space | 68,91% Space Free | Partition Type: NTFS Drive I: | 662,53 Gb Total Space | 368,80 Gb Free Space | 55,67% Space Free | Partition Type: NTFS Computer Name: HDS-NEU | User Name: Hans-Dieter | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - E:\Downloads\firefox\Trojaner-Board\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - E:\Downloads\windows\Desktop\dsksve8\DeskSave.exe () PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) PRC - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis) PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe () PRC - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) PRC - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) PRC - C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe () PRC - C:\Program Files (x86)\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe (Deutsche Telekom AG) PRC - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) PRC - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.) PRC - C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () PRC - C:\Program Files (x86)\Microsoft Location Finder\LocationFinder.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - E:\Downloads\windows\Desktop\dsksve8\DeskSave.exe () MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll () MOD - C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll () MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtCore4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtSvg4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtGUI4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtXml4.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe (G Data Software AG) SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (syncagentsrv) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis) SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (GDFwSvc) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe (G Data Software AG) SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) SRV - (AVKService) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (OS Selector) -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe () SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG) DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG) DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG) DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis) DRV:64bit: - (tdrpman) -- C:\Windows\SysNative\drivers\tdrpman.sys (Acronis) DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis) DRV:64bit: - (vididr) -- C:\Windows\SysNative\drivers\vididr.sys (Acronis) DRV:64bit: - (vidsflt67) -- C:\Windows\SysNative\drivers\vsflt67.sys (Acronis) DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis) DRV:64bit: - (fltsrv) -- C:\Windows\SysNative\drivers\fltsrv.sys (Acronis) DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (NBVol) -- C:\Windows\SysNative\drivers\NBVol.sys (Nero AG) DRV:64bit: - (NBVolUp) -- C:\Windows\SysNative\drivers\NBVolUp.sys (Nero AG) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (FPCIBASE) -- C:\Windows\SysNative\drivers\fpcibase.sys (AVM Berlin) DRV:64bit: - (AVMCOWAN) -- C:\Windows\SysNative\drivers\avmcowan.sys (AVM GmbH) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (Null) -- C:\Windows\SysWow64\NULL () DRV - (PCDSRVC{1E208CE0-FB7451FF-06020200}_0) -- c:\Programme\Dell Support Center\pcdsrvc_x64.pkms (PC-Doctor, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D1 E6 22 1C E7 BC CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: {bb6bc1bb-f824-4702-90cd-35e2fb24f25d}:1.5.1.1 FF - prefs.js..extensions.enabledAddons: fb_add_on@avm.de:1.6.3 FF - prefs.js..extensions.enabledAddons: {BCC877E7-7F3F-4632-8338-DAEE4475DE35}:0.20 FF - prefs.js..extensions.enabledAddons: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.2.2 FF - prefs.js..extensions.enabledAddons: maps@ovi.com:5.10.3.0 FF - prefs.js..extensions.enabledAddons: {906305f7-aafc-45e9-8bbd-941950a84dad}:1.1.11215.1124 FF - prefs.js..extensions.enabledAddons: bbrs_002@blabbers.com:1.0.5 FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=7878efc5-99c2-42ac-b1f9-c47325604a69&searchtype=ds&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files (x86)\dradio-Recorder\npphonostarDetectNP.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.30 17:57:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.07 10:43:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@shopping-preise.de: C:\Users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\extensions\mail@shopping-preise.de [2012.11.06 14:18:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\extensions\firejump@firejump.net [2012.11.06 14:18:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\extensions\extension@preispilot.com FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.30 17:57:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.11 13:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Extensions [2012.10.11 13:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.11.07 17:04:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions [2012.10.08 17:38:41 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2012.09.25 17:42:52 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2012.09.25 17:42:51 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com [2012.09.25 17:42:51 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions\fb_add_on@avm.de [2012.11.06 14:18:32 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions\firejump@firejump.net [2012.11.06 14:18:32 | 000,000,000 | ---D | M] (Shopping-preise.de) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions\mail@shopping-preise.de [2012.10.18 14:35:29 | 000,000,000 | ---D | M] (Nokia Maps 3D browser plugin) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions\maps@ovi.com [2012.11.07 17:04:18 | 000,111,107 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\extension@preispilot.com.xpi [2012.09.25 18:46:06 | 000,009,282 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\{BCC877E7-7F3F-4632-8338-DAEE4475DE35}.xpi [2012.07.26 07:33:30 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.30 16:28:53 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591 b_expire [2012.09.02 16:51:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\170f337942c410233f577de5778810a 6_expire [2012.09.09 07:48:52 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1bcf5a8f2429c4942ad539ef2c5df33 6_expire [2012.11.10 15:04:43 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\292124057d00cb0fa73db6b90d07965 8_expire [2012.11.10 15:04:45 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2a86ac4f3322238b4f27d14a0983927 5_expire [2012.08.12 13:25:14 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2e74403c227112bec523796d5a77d77 e_expire [2012.08.20 15:20:50 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b507b6d0186efd3615b9b9233c5f70 8_expire [2012.11.10 16:05:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b6b74d5a92c729ce36a9d055d3db8e 9_expire [2012.08.23 12:06:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3d0187861633ce04b8c224f2475a283 7_expire [2012.08.29 13:10:56 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4ad053d40dfa5cab7948e9251df6e3d 9_expire [2012.11.06 17:05:49 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41 f_expire [2012.10.21 12:48:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5f4ce27504a73ff97d1936c597c769e 5_expire [2012.09.04 19:07:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\61e2ae11ba3d1cbe8887ea80f192e29 9_expire [2012.11.10 16:09:55 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6ff6ea009817b27df633b37777d528c d_expire [2012.09.05 06:43:58 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ccfda3ab1ab5bbc5d7af38840ba022 b_expire [2012.11.10 16:05:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ffbb13aa6f702b0cafab391f90d1db 7_expire [2012.08.20 07:06:52 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\9803c283e94e743374151c4bbe60a5d f_expire [2012.11.10 16:05:17 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a38dbdd1af07f4236d43e8fd995f57a 6_expire [2012.11.10 15:04:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a4cc6ab573e4a5fee2a418e22d3c14d c_expire [2012.09.20 13:18:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a74277a9a3c0203a3093f810f43fbc1 1_expire [2012.08.27 14:03:20 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\b5bc7084382de95cb69790e5d10db33 8_expire [2012.11.10 15:04:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bf73732e1f0b76bac435293ba388057 9_expire [2012.10.31 16:32:39 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c6d8337e4b016a68fdbb60b29e7d254 d_expire [2012.08.20 07:06:52 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52 b_expire [2012.08.13 09:31:54 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d2458fd784f4eb7cff549c598cd1465 1_expire [2012.08.26 14:33:28 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d83bb387de1d7c4401815e133de06c6 b_expire [2012.08.28 10:26:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\dc6668d28979688b1e2066d1dcaef0f 6_expire [2012.10.31 16:32:39 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\df4525cd4117d8ae1c7453b13975924 2_expire [2012.09.20 13:18:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e02b35320e5111f1b626466c13c70a0 a_expire [2012.08.25 15:29:22 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e7215b147326809c45f6cf095227462 4_expire [2012.11.10 15:04:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e72174145ae7671ff95578a2089c26b 2_expire [2012.11.10 15:04:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e426427 1_expire [2012.11.10 15:04:45 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece5f266221b5245c6e3d7e27ddee96 3_expire [2012.10.21 12:48:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece71b71690fad200cbed95871ef4bb 2_expire [2012.11.10 15:04:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300 d_expire [2012.11.06 17:05:49 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6 b_expire [2012.11.06 17:05:49 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6 f_expire [2012.07.25 07:44:14 | 000,000,003 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\maps@ovi.com\plugins\package.XPI [2012.09.23 00:45:10 | 000,002,401 | ---- | M] () -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\searchplugins\Web Search.xml [2012.08.27 10:13:16 | 000,001,348 | ---- | M] () -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\searchplugins\wikipdia-fr.xml [2012.10.31 09:39:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.10.30 17:57:12 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2012.10.30 17:57:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.30 17:57:17 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google  riginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}sourceid=chrome&ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Hans-Dieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Hans-Dieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Hans-Dieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG) O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun File not found O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [dradio-RecorderTimer] C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe () O4 - HKCU..\Run: [Microsoft Location Finder] C:\Program Files (x86)\Microsoft Location Finder\LocationFinder.exe (Microsoft Corporation) O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} hxxp://bmontessori12.dyndns.org:1119/VatDec.cab (VatCtrl Class) O16 - DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} hxxp://bmontessori12.dyndns.org:1120/RtspVaPgDec.cab (RtspVaPgCtrlNew Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C8BD92B-6F2C-4827-852A-084480244670}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.11.10 15:28:29 | 000,000,000 | ---D | M] - E:\Autos -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.10 09:34:16 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Roaming\Malwarebytes [2012.11.10 09:34:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.10 09:34:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.10 09:34:03 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.10 09:34:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.09 09:07:40 | 004,918,219 | ---- | C] (Phil Harvey) -- C:\Windows\exiftool.exe [2012.11.06 14:29:30 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Roaming\eXPert PDF Editor [2012.11.06 14:28:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visage [2012.11.06 14:28:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Visagesoft [2012.11.06 14:18:58 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Roaming\CAD-KAS [2012.11.06 14:18:51 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Editor 3.3 [2012.11.06 14:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Editor 3.3 [2012.11.06 14:18:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Editor 3 [2012.11.06 14:18:32 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\SysWow64\dhRichClient3.dll [2012.11.06 14:18:32 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Roaming\DesktopIconForAmazon [2012.10.31 12:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2012.10.31 10:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.10.31 10:05:41 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX [2012.10.31 10:05:41 | 000,100,864 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2012.10.31 10:05:40 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL [2012.10.31 10:05:40 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL [2012.10.31 10:05:40 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL [2012.10.31 10:05:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2012.10.31 10:05:02 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Local\Programs [2012.10.30 17:57:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.21 13:53:27 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Roaming\PC-FAX TX [2012.10.18 16:16:36 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Local\Apple Computer [2012.10.18 16:16:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.10.18 16:16:26 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2012.10.18 16:15:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.10.18 16:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.10.18 16:15:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.10.18 16:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012.10.18 16:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012.10.18 16:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012.10.18 16:14:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2012.10.17 10:04:09 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Local\kiwi.software.NET [2012.10.17 10:03:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\kiwi.software.NET [2012.10.17 10:03:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\kiwi.software.NET [2012.10.14 14:43:49 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Roaming\TeamViewer ========== Files - Modified Within 30 Days ========== [2012.11.10 16:11:09 | 000,000,000 | ---- | M] () -- C:\Users\Hans-Dieter\defogger_reenable [2012.11.10 16:04:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.10 15:29:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.10 13:45:50 | 000,864,265 | ---- | M] () -- C:\Windows\SysWow64\sig.bin [2012.11.10 13:45:50 | 000,046,106 | ---- | M] () -- C:\Windows\SysWow64\nmp.map [2012.11.10 13:29:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.10 09:34:04 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.10 07:49:03 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.10 07:49:03 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.10 07:41:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.10 07:41:35 | 504,717,311 | -HS- | M] () -- C:\hiberfil.sys [2012.11.09 08:50:34 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.09 08:50:34 | 000,655,802 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.09 08:50:34 | 000,616,348 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.09 08:50:34 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.09 08:50:34 | 000,106,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.08 18:30:55 | 000,002,374 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.11.08 18:24:21 | 004,918,219 | ---- | M] (Phil Harvey) -- C:\Windows\exiftool.exe [2012.11.08 12:49:35 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.11.08 12:49:35 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.11.06 14:28:25 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\eXPert PDF Editor.lnk [2012.11.06 14:18:51 | 000,087,704 | ---- | M] () -- C:\Windows\cadkasdeinst01.exe [2012.11.06 14:18:51 | 000,000,990 | ---- | M] () -- C:\Users\Hans-Dieter\Desktop\PDF Editor 3.3.lnk [2012.11.06 14:18:32 | 000,001,478 | ---- | M] () -- C:\Users\Hans-Dieter\Desktop\Amazon.lnk [2012.11.05 14:54:44 | 000,011,264 | ---- | M] () -- C:\Users\Hans-Dieter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.04 19:32:24 | 000,000,262 | ---- | M] () -- C:\Users\Hans-Dieter\Desktop\Run.lnk [2012.10.31 12:42:13 | 000,427,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.10.31 10:05:45 | 000,001,160 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk [2012.10.31 10:05:45 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.10.21 13:54:13 | 000,000,414 | ---- | M] () -- C:\Windows\Brpfx04a.ini [2012.10.21 13:54:13 | 000,000,000 | ---- | M] () -- C:\Windows\brdfxspd.dat [2012.10.21 13:53:27 | 000,000,166 | ---- | M] () -- C:\Windows\brpcfx.ini [2012.10.18 16:16:30 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.10.12 07:34:54 | 000,100,864 | ---- | M] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll ========== Files Created - No Company Name ========== [2012.11.10 16:11:09 | 000,000,000 | ---- | C] () -- C:\Users\Hans-Dieter\defogger_reenable [2012.11.10 09:34:04 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.06 14:28:25 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\eXPert PDF Editor.lnk [2012.11.06 14:18:51 | 000,087,704 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2012.11.06 14:18:51 | 000,000,990 | ---- | C] () -- C:\Users\Hans-Dieter\Desktop\PDF Editor 3.3.lnk [2012.11.06 14:18:32 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2012.11.06 14:18:32 | 000,001,478 | ---- | C] () -- C:\Users\Hans-Dieter\Desktop\Amazon.lnk [2012.11.04 19:32:24 | 000,000,262 | ---- | C] () -- C:\Users\Hans-Dieter\Desktop\Run.lnk [2012.10.31 10:05:45 | 000,001,160 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk [2012.10.31 10:05:45 | 000,000,991 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.10.18 16:16:30 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.09.27 16:25:58 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.09.27 12:45:11 | 000,011,264 | ---- | C] () -- C:\Users\Hans-Dieter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.26 13:45:48 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2012.09.26 09:04:37 | 000,000,414 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012.09.26 09:04:37 | 000,000,166 | ---- | C] () -- C:\Windows\brpcfx.ini [2012.09.26 09:04:31 | 000,003,303 | ---- | C] () -- C:\Windows\BRPARAM.INI [2012.09.26 09:03:43 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2012.09.26 09:03:43 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2012.09.26 09:03:42 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2012.09.26 09:03:41 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2012.09.26 06:20:08 | 000,864,265 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2012.09.25 16:59:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.09.27 10:16:20 | 000,304,128 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll [2011.09.27 10:14:14 | 000,133,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll [2011.09.27 10:13:58 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Extras.txt: OTL Extras logfile created on: 10.11.2012 16:16:56 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = E:\Downloads\firefox\Trojaner-Board 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,96 Gb Total Physical Memory | 3,80 Gb Available Physical Memory | 63,75% Memory free 11,92 Gb Paging File | 9,36 Gb Available in Paging File | 78,55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 205,97 Gb Total Space | 127,29 Gb Free Space | 61,80% Space Free | Partition Type: NTFS Drive D: | 425,58 Gb Total Space | 261,32 Gb Free Space | 61,40% Space Free | Partition Type: NTFS Drive E: | 554,98 Gb Total Space | 382,46 Gb Free Space | 68,91% Space Free | Partition Type: NTFS Drive I: | 662,53 Gb Total Space | 368,80 Gb Free Space | 55,67% Space Free | Partition Type: NTFS Computer Name: HDS-NEU | User Name: Hans-Dieter | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{038E0D54-5D80-4FD1-85C5-4EAAA6043A13}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{087E198D-6FB9-4261-AFD2-AF3172436139}" = lport=445 | protocol=6 | dir=in | app=system | "{0B96597E-7647-459E-9FB2-EBFC9B85D36D}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | "{12089A0F-68DC-41B3-BECA-2AD713C3E03A}" = lport=2869 | protocol=6 | dir=in | app=system | "{23027D3F-0276-4229-8894-88B72C9F41A4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{23718321-819D-4F88-88B7-EA3172D2B078}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{255749EC-11E8-4394-881A-20977369406F}" = rport=10243 | protocol=6 | dir=out | app=system | "{262EFCB3-6259-4488-AEDB-1D9982DFCCA1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3128D013-35B2-4FE0-AC8D-E05401904EF1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{412B00D3-D5BC-4023-8705-9D036CB5DF1E}" = rport=139 | protocol=6 | dir=out | app=system | "{4EA17CFD-7BB5-421C-BAA7-B5DF7051C591}" = lport=10243 | protocol=6 | dir=in | app=system | "{53F7B566-F8B2-423C-AED5-55CAC93E88B4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{58CF0ADB-6854-4606-B001-47D33F804318}" = lport=138 | protocol=17 | dir=in | app=system | "{61726A0A-D47E-44AA-A63F-A67488972CAF}" = rport=138 | protocol=17 | dir=out | app=system | "{64875DDC-0D3C-43C5-AAC8-1F1A3C5D696E}" = lport=139 | protocol=6 | dir=in | app=system | "{75F44617-C842-4B7F-AB38-02453570D20A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{7EDEB10C-74D0-4A90-AB37-2EBC95355756}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{8A34C33A-612E-4B45-A1BD-1623BF5F5284}" = lport=137 | protocol=17 | dir=in | app=system | "{8F344123-D5FE-4E1B-AD34-164C62D6B8E8}" = rport=137 | protocol=17 | dir=out | app=system | "{A787D977-8B10-4FE9-A607-02DAA0450887}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | "{B1676717-AF3A-454E-85F2-F6EE9A657DBC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D45C62B6-BD54-4677-A772-B4314EE52B75}" = rport=445 | protocol=6 | dir=out | app=system | "{DF93BBA0-BB0F-4421-B318-2AFA5ED4C9E2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E2E9E90D-B353-438F-899F-11B84C35968C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01B7D1AC-8C13-457A-B4D1-E74278444A1B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{030B055A-C9AF-4DC8-A2F7-FAB83FEBD363}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{098826DF-E77B-46D0-95F1-23BB980DC7BC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1107790B-09BC-4FEF-9085-CE08A7E31A2C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | "{114DE25C-8ED3-45E1-AEBC-B87134404738}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{1271F7EF-83C5-44ED-AB20-B469162F3214}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{151B2E39-61EE-452C-9DDF-F7164298C918}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{2563B735-D981-4E0E-8645-20D504123337}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{2E78D05F-8C5A-4EA8-A95B-6157FB0B6884}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{36077467-876E-4135-8F8E-155A319B79DD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{3B43F95A-68AD-4910-8448-148896582F27}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3E3D729F-4EBF-4CCF-B47E-3895D81B22C5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{450341DE-7232-49CF-BCD4-A10517834300}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{491318E3-88B2-4628-9FC0-508199A17A7F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{57CCFC88-A31F-48CE-B830-24A428FC21FC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | "{60F1BF04-1539-48B7-8B4D-A887F15B2D81}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{6BFD7A66-4AA6-46F8-86F7-0AD9972D6DEB}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl11a\faxrx.exe | "{6D24ECB9-8B5B-4C07-A8E7-7C4A2FC1EE4C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{6F090AE0-A5AE-4AA8-A0AB-294DF2BEDDB6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{799FB540-CDBF-4B2E-B91F-BDD9CF9DA1AA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | "{7D2A0EF3-A143-47F2-997E-9AF9CE36647E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{7EF42D75-4690-49ED-8778-C70CEB6C97F6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{7F6B7F4E-8534-4457-83D5-D1FB59766BDA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{80583741-9F14-4A3E-BC1B-4C48EDB91308}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{80EA029A-A0DE-4B82-ADFF-DF8F5D085F43}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{83ED9674-C469-4366-BD17-AABFE8986B4E}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | "{8C260E84-A6A7-4693-A04C-2547DDF138B6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | "{92DE0665-E992-45DB-87F2-328595B9C475}" = protocol=6 | dir=out | app=system | "{96F21FDD-6042-4B19-942F-183D62AEEB7C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{99653404-4753-40B4-8393-39F0565CB7BA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | "{9E00067E-D0AE-4C02-B7C3-766C51F3ED10}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{A1D7AAD2-99B7-41D1-A99F-7831F9B3B998}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{AA074DF3-1F5B-4586-9ED9-582720BD36BC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{AA3D6FA3-CE15-46C2-8DA4-29834DAD7A44}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | "{AAB120A3-93B3-4F6B-8DDF-1A00B9783D7C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AD2F087E-8B78-4C55-A961-1E6EAC38933B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{B5CCEFEE-E0AA-41AA-AB21-444E3334196D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B604BB09-B407-44E3-9199-73E9055C5EBD}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl11a\faxrx.exe | "{B757A6E9-6325-4DA8-BD87-E32FD382F324}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{C5E36D19-9318-43F4-AAAC-3BAC16712458}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E18D1F1C-4498-4BE5-960E-111AE3FD0FF4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{E614AA49-CA55-4A25-B466-929246581903}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | "{E9383476-AE82-45F8-A370-64AE070ED693}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | "{EDF6E06F-62F8-4CC9-8AF4-8A1259E53474}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "{F2C70E78-DD31-4CC1-AFDF-13A7F34BB997}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FDDB76EA-271D-4CF5-B4CA-131FDFB59999}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01DA217A-DB5F-B568-6932-42407D209516}" = ccc-utility64 "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{1CE06D2F-BA28-05FE-9E14-E2BB013E1AE3}" = ATI AVIVO64 Codecs "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64 "{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{727B5F1A-C702-E5AA-11BB-7A74A775F19D}" = ATI Catalyst Install Manager "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64 "{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-1000-0000000FF1CE}_Office14.SingleImage_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-1000-0000000FF1CE}_Office14.SingleImage_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-1000-0000000FF1CE}_Office14.SingleImage_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010 "{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010 "{90140000-0043-0407-1000-0000000FF1CE}_Office14.SingleImage_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-1000-0000000FF1CE}_Office14.SingleImage_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers "{D6E46FC2-B513-4B7D-8C8C-352F4735C541}" = Broadcom NetXtreme-I Netlink Driver and Management Installer "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem (06/09/2010 4.5) "62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) "DesktopIconAmazon" = Desktop Icon für Amazon "EEEE705096F837B7907659F100C9FE6DA001970F" = Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.7) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "Office14.SingleImage" = Microsoft Office Home and Student 2010 "PC-Doctor for Windows" = Dell Support Center "sp6" = Logitech SetPoint 6.32 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM "{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi "{0320AB41-0926-4218-A8A6-68AC84E6BB93}" = Nero Recode 11 "{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11 "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054A5F46-6DCE-4D09-8BC0-170428A4ED56}" = Acronis*True*Image*Home 2012 "{054A5F46-6DCE-4D09-8BC0-170428A4ED56}Visible" = Acronis*True*Image*Home 2012 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11 "{08C7A49D-2B12-46F6-8B41-26D3B0D1C01F}" = Visual Studio C++ 9.0 Runtime "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{0BAF04C4-9D21-2761-95A6-DE2DA9861323}" = CCC Help Spanish "{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11 "{0D8E6567-7082-48DB-A305-293873AC8B39}_is1" = Preispilot für Firefox "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11 "{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR "{1C1473A1-1A26-4C8F-9548-A52D03066CE7}" = Catalyst Control Center - Branding "{1D04B4D4-80C2-4F02-B5BE-3A5991FF6077}" = MetaEditor "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite "{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}" = Multimedia Card Reader "{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs "{24D3ACAC-E441-AF66-94CF-0C021A4EFBD8}" = Catalyst Control Center Localization All "{265245FC-4ECC-C35A-F2A9-3E915BFB2F6F}" = Catalyst Control Center Graphics Previews Common "{268679E8-7198-F2E6-5A71-F3D4C9A0C2FB}" = CCC Help Italian "{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35 "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth "{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder "{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = shopping-preise.de AddOn Firefox "{2C41394E-E15B-47DC-B33C-54D33EA85B68}" = Lexware online banking "{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in "{38B2B0F6-0C7F-ECE6-9A61-C546658508F4}" = ccc-core-static "{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM) "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1 "{3B69A712-4CBC-40B1-AE55-0203075FD093}" = Nokia Suite "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{4261174B-FCD7-CD19-E81C-24262EB5AF42}" = CCC Help Greek "{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1 "{4623BAA6-0B23-4D47-ABD0-73F2DA4FAF56}" = capella 7 "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C352349-421A-7E87-C7BD-DF27162B12CA}" = Catalyst Control Center Graphics Previews Vista "{51865D9D-8F63-46F2-87AB-9E72F93B618C}" = Welcome App (Start-up experience) "{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM) "{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM) "{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM) "{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic "{5CCF2E33-181B-BD49-57AE-B513D37C6909}" = CCC Help English "{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3 "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{649483EB-B464-1EE2-04E4-4BEC79B510D4}" = CCC Help German "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{6A646891-7B53-C462-0B71-401E519D198C}" = Catalyst Control Center InstallProxy "{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM) "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{7390478C-8581-415E-92E9-2997D9306B81}" = PC Connectivity Solution "{75F36A60-9969-C24F-5EB1-6DBC03F15196}" = CCC Help Russian "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79B3E8EE-35F2-4CCD-82D9-4A57F408E449}" = Nero 11 Platinum "{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2 "{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11 "{8015502B-6160-4C2C-9F40-8F90C651FC76}" = TAXMAN 2012 spezial "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{86107E2D-DFB9-46BC-99ED-07EACAEE0923}" = G Data InternetSecurity 2013 "{887D48C8-DA00-232B-3CB6-0FB086AD6FBB}" = CCC Help Chinese Standard "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8CF2328D-A3D1-B08C-E868-68CDA4025E1D}" = CCC Help Polish "{8EFB7927-48AD-4E6D-91B7-6B2BD6C3F380}" = Acronis*Disk*Director*11*Home "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90140000-1146-0000-0000-0000000FF1CE}" = Microsoft Office 2010 Primary Interop Assemblies "{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME "{915284CD-1A88-82B0-7ED8-08BCF1B8509A}" = CCC Help Norwegian "{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DC1A9BA-070A-455F-8AC3-62587524ADFB}" = Quicken 2011 - ServicePack 4 "{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1 "{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}" = Brother MFL-Pro Suite MFC-J625DW "{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples "{A37A1678-0971-4EF6-9609-1F2E67A738FC}" = eXPert PDF Editor "{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2 "{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver "{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1 "{A907A713-DA24-4352-8786-96C7A6944646}" = Quicken DELUXE Jubiläumsversion "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A984E262-1C7B-440E-BBBE-4A3FFCB9229C}" = Plus Pack für Acronis True Image Home 2012 "{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11 "{ABEE1201-0FEA-E62F-6CB9-5D54BEB5E4AA}" = CCC Help Dutch "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4 "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0 "{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts "{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11 "{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1 "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation "{B82EC7CD-5FB1-32A5-444A-8F896B734CC7}" = CCC Help Korean "{B89E66E6-659A-9078-2BDF-14E8C11928AA}" = CCC Help Chinese Traditional "{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM) "{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3 "{BAF6A826-DF92-8954-98F1-2CC67C6B419E}" = CCC Help Portuguese "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BD1F6F85-E64B-4801-A513-F18095577AEB}_is1" = E-Postbrief Add-In für Microsoft Word Version 1.17 "{BD6A872A-A0AE-36FC-9284-6E3595FB39ED}" = CCC Help Danish "{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11 "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C626B47C-8312-4D8C-89E1-16FE42EF34E6}" = Lotus Notes 6.5.1 de "{C9461813-98BB-5823-FFAB-11FBD1B124DF}" = CCC Help Japanese "{CB10C32F-807C-46E4-940C-E7820653B480}" = DDBAC "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM) "{D1AE1C98-646A-DC21-076A-0FD5957FCAD2}" = CCC Help Czech "{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM) "{D4A97EBC-ABA6-9F3A-1EE0-D5B6C36FDFB5}" = CCC Help Finnish "{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM) "{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump "{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software "{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11 "{E259DE5F-4980-4882-85D0-312F82721ED5}" = Quicken 2011 "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic "{E5AF275B-D4B1-EE5E-27BD-844C491B86CA}" = CCC Help Swedish "{E5FCC675-C479-3CAB-0B9E-CC1838417049}" = CCC Help Hungarian "{E9811C8F-D729-01D3-9347-DCE297354C0A}" = CCC Help French "{EA4340F5-7676-693D-A908-DF9D44771F7B}" = CCC Help Thai "{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM) "{EC637522-73A5-4428-8B46-65A621529CC7}" = Microsoft Location Finder "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS "{F09C03B6-CF93-5099-4ED7-CF47DB2027E6}" = CCC Help Turkish "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples "{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service "{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic "{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0 "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM) "{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11 "Acoustica_is1" = Acoustica 4.1 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0 "Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4 "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX "CameraWindowLauncher" = Canon Utilities CameraWindow "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "Core FTP LE 2.1" = Core FTP LE 2.1 "DPP" = Canon Utilities Digital Photo Professional 3.4 "dradio-Recorder_is1" = dradio-Recorder Version 3.02.6 "EOS Utility" = Canon Utilities EOS Utility "GeoSetter_is1" = GeoSetter 3.4.16 "Google Chrome" = Google Chrome "InstallShield_{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}" = Multimedia Card Reader "InstallShield_{E259DE5F-4980-4882-85D0-312F82721ED5}" = Quicken Deluxe 2011 "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "MozBackup" = MozBackup 1.5.1 "Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de) "Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MyCamera" = Canon Utilities MyCamera "MyTomTom" = MyTomTom 3.0.2.319 "Nokia PC Suite" = Nokia PC Suite "Nokia Suite" = Nokia Suite "PDF Editor 3" = PDF Editor 3 "PhotoStitch" = Canon Utilities PhotoStitch "Picasa 3" = Picasa 3 "Picture Style Editor" = Canon Utilities Picture Style Editor "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX "SMOz" = SMOz "TeamViewer 7" = TeamViewer 7 "UPM" = Universal Password Manager "WFTK" = Canon Utilities WFT-E1/E2/E3 Utility "XnView_is1" = XnView 1.99.1 "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 04.11.2012 04:27:38 | Computer Name = HDS-Neu | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 04.11.2012 04:27:38 | Computer Name = HDS-Neu | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 8049 Error - 04.11.2012 04:27:38 | Computer Name = HDS-Neu | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 8049 Error - 06.11.2012 03:08:00 | Computer Name = HDS-Neu | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 844 Startzeit: 01cdbbecf5c6a738 Endzeit: 47 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: Error - 06.11.2012 09:17:37 | Computer Name = HDS-Neu | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "E:\Downloads\pdf\SoftonicDownloader_fuer_expert-pdf.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 06.11.2012 09:17:42 | Computer Name = HDS-Neu | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "E:\Downloads\pdf\SoftonicDownloader_fuer_pdfcreator.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 07.11.2012 02:46:55 | Computer Name = HDS-Neu | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1d84 Startzeit: 01cdbcb3849195cb Endzeit: 31 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: Error - 10.11.2012 06:49:23 | Computer Name = HDS-Neu | Source = Application Hang | ID = 1002 Description = Programm Mail.exe, Version 6.10.0.3 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c04 Startzeit: 01cdbf103def9d03 Endzeit: 3 Anwendungspfad: C:\Program Files (x86)\T-Online\T-Online_Software_6\eMail\Mail.exe Berichts-ID: Error - 10.11.2012 11:13:52 | Computer Name = HDS-Neu | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\dradio-Recorder\phonostar.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 10.11.2012 11:14:04 | Computer Name = HDS-Neu | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Notifier.exe, Version: 6.4.0.2, Zeitstempel: 0x45a38d1f Name des fehlerhaften Moduls: eMailPlugIn.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x47d9e700 Ausnahmecode: 0xc0000005 Fehleroffset: 0x03af017c ID des fehlerhaften Prozesses: 0xf28 Startzeit der fehlerhaften Anwendung: 0x01cdbf103ee98d80 Pfad der fehlerhaften Anwendung: C:\PROGRA~2\T-Online\T-ONLI~1\Notifier\Notifier.exe Pfad des fehlerhaften Moduls: eMailPlugIn.dll Berichtskennung: 434ba723-2b49-11e2-bf1e-404e57434401 [ System Events ] Error - 04.10.2012 03:00:41 | Computer Name = HDS-Neu | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden. Error - 05.10.2012 01:37:41 | Computer Name = HDS-Neu | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden. Error - 05.10.2012 01:37:42 | Computer Name = HDS-Neu | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden. Error - 05.10.2012 01:37:42 | Computer Name = HDS-Neu | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620 Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "" können nicht gelesen werden. Error - 05.10.2012 01:37:43 | Computer Name = HDS-Neu | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden. Error - 05.10.2012 06:28:33 | Computer Name = HDS-Neu | Source = WMPNetworkSvc | ID = 866300 Description = Error - 05.10.2012 06:40:48 | Computer Name = HDS-Neu | Source = DCOM | ID = 10010 Description = Error - 06.10.2012 10:42:16 | Computer Name = HDS-Neu | Source = DCOM | ID = 10010 Description = Error - 07.10.2012 02:43:11 | Computer Name = HDS-Neu | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620 Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "" können nicht gelesen werden. Error - 09.10.2012 07:48:35 | Computer Name = HDS-Neu | Source = DCOM | ID = 10010 Description = < End of report > |
|
10.11.2012, 18:10
| #2 | |
| /// TB-Ausbilder   | Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Schritt 1 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 2  Bitte lade Junkware Removal Tool auf Deinen Desktop.
Schritt 3 Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
Bitte poste mit deiner nächsten Antwort
|
|
10.11.2012, 19:47
| #3 |
| | Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster Hallo, Matthias,
__________________danke für die schnelle Antwort. Ich habe zunächst sicherheitshalber eine Rückfrage hinsichtlich deiner Anleitung: Im Schritt 3 schreibst du, ich solle Combofix nur auf ausdrückliche Anweisung ausgeführt werden. Um nichts zu riskieren: Habe ich deine Anweisung oder benötige ich sie noch extra? Danke und Gruß Masin Hallo Matthias, habe mich nun doch entschlossen, alle drei Schritte deiner Anleitung auszuführen, die Logs folgen. Nur noch folgende Bemerkungen zum Ablauf: Schritt 2: Mein GData Internet Security 2013 ließ mich das Junkware Removal Tool nicht herunterladen, sondern sperrte die Website sofort. Vielleicht sollte der Hinweis zum Sperren der Schutzsoftware vor der Aufforderung zum Download erfolgen? Schritt 3: Combofix hängte sich zweimal während des Entpackens auf. Nach Abschluss aller drei Schritte habe ich die JRT.exe wieder vom Rechner gelöscht, weil GData sich mit dem Vorhandensein dieser Datei nicht abfinden wollte. Nun die Logs sowie Dank und Gruß! Masin # AdwCleaner v2.007 - Datei am 11/11/2012 um 08:59:57 erstellt # Aktualisiert am 06/11/2012 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzer : Hans-Dieter - HDS-NEU # Bootmodus : Normal # Ausgeführt unter : C:\Users\Hans-Dieter\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\searchplugins\Web Search.xml Ordner Gelöscht : C:\Users\Hans-Dieter\AppData\Roaming\pdfforge ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v16.0.2 (de) Profilname : default Datei : C:\Users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\prefs.js [OK] Die Datei ist sauber. -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\Hans-Dieter\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [1537 octets] - [11/11/2012 08:59:57] ########## EOF - C:\AdwCleaner[S1].txt - [1597 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 2.9.7 (11.10.2012) OS: Windows 7 Professional x64 Ran by Hans-Dieter on 11.11.2012 at 9:02:59,94 Blog: Malware Analysis and Removal ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 11.11.2012 at 9:07:34,78 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Combofix Logfile: Code:
ATTFilter ComboFix 12-11-09.02 - Hans-Dieter 11.11.2012 9:29.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.6103.4131 [GMT 1:00]
ausgeführt von:: c:\users\Hans-Dieter\Desktop\ComboFix.exe
AV: G Data InternetSecurity 2013 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data InternetSecurity 2013 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6032\AddOnDownloaded\087abda5-3ca9-433a-8a4e-6b9fc9285607.dll
c:\programdata\PCDr\6032\AddOnDownloaded\0f6f4769-e33b-4059-ac7e-958f5cedf6f3.dll
c:\programdata\PCDr\6032\AddOnDownloaded\16535d13-dd9f-48ff-8ae3-e3135157e6da.dll
c:\programdata\PCDr\6032\AddOnDownloaded\2f733848-355c-4a6f-89a5-08a4dcc89c5c.dll
c:\programdata\PCDr\6032\AddOnDownloaded\305a1406-381f-449d-9486-32504a38e5b0.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3b429c4f-8ba9-4a7d-bbb4-4548bb6d2539.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3c49c05a-0eb3-4044-a0f8-d4ea2a439295.dll
c:\programdata\PCDr\6032\AddOnDownloaded\45d3827c-bce8-440f-bcda-3bd183a7bac3.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4704833a-6508-40cc-b98b-5ebd235e52ca.dll
c:\programdata\PCDr\6032\AddOnDownloaded\5cd81d7c-326c-42d2-8929-1ee85c69dc1d.dll
c:\programdata\PCDr\6032\AddOnDownloaded\5f169f6e-cfce-411e-b266-aa53ac35ce83.dll
c:\programdata\PCDr\6032\AddOnDownloaded\7119bf4b-d404-4b31-8779-44fac71761fa.dll
c:\programdata\PCDr\6032\AddOnDownloaded\819a7f02-352c-4ccc-8fd0-40d8959b0b10.dll
c:\programdata\PCDr\6032\AddOnDownloaded\8c199aef-9eca-4ab6-863d-c9136ebec654.dll
c:\programdata\PCDr\6032\AddOnDownloaded\a875f6ee-9729-4447-8d2c-63bd2e6396c1.dll
c:\programdata\PCDr\6032\AddOnDownloaded\aacbd8d1-f46e-4872-a1aa-7197c56e7bee.dll
c:\programdata\PCDr\6032\AddOnDownloaded\af728edb-0984-4c06-9a4b-0878bcfa9a26.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b510dd11-341c-4dfa-9f1e-dd5ddcc444f4.dll
c:\programdata\PCDr\6032\AddOnDownloaded\cf9bce06-e765-4c6f-afa9-0d82a3adc417.dll
c:\programdata\PCDr\6032\AddOnDownloaded\dbecb802-efe1-453f-828f-29af4ab73508.dll
c:\programdata\PCDr\6032\AddOnDownloaded\dc959002-1065-4317-b1a1-f360412a88d3.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e1ce76af-328a-41dc-b2c4-0dd9771f6aa1.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e3e252fe-80ab-4f89-82a9-b607007220bd.dll
c:\programdata\PCDr\6032\AddOnDownloaded\eb115e4d-8592-4082-bffa-e65ae6b21e95.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ed26c1b3-d9f9-42e8-80e0-cd62e65fd901.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ed2cc678-a9e6-4ef7-89b6-9bada02d1a74.dll
c:\programdata\PCDr\6032\AddOnDownloaded\f28ef68b-8cc4-4c00-891d-473fb67bd0b0.dll
c:\users\Hans-Dieter\AppData\Local\assembly\tmp
E:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-11 bis 2012-11-11 ))))))))))))))))))))))))))))))
.
.
2012-11-11 08:38 . 2012-11-11 08:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-11 08:32 . 2012-11-11 08:32 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF2BC6CF-209D-4189-ADDF-B79C412A31A9}\offreg.dll
2012-11-10 18:17 . 2012-11-10 18:17 -------- d-----w- c:\windows\ERUNT
2012-11-10 18:17 . 2012-11-11 08:07 -------- d-----w- C:\JRT
2012-11-10 08:34 . 2012-11-10 08:34 -------- d-----w- c:\users\Hans-Dieter\AppData\Roaming\Malwarebytes
2012-11-10 08:34 . 2012-11-10 08:34 -------- d-----w- c:\programdata\Malwarebytes
2012-11-10 08:34 . 2012-11-10 08:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-10 08:34 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-09 08:07 . 2012-11-08 17:24 4918219 ----a-w- c:\windows\exiftool.exe
2012-11-09 06:40 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF2BC6CF-209D-4189-ADDF-B79C412A31A9}\mpengine.dll
2012-11-06 13:29 . 2012-11-06 13:47 -------- d-----w- c:\users\Hans-Dieter\AppData\Roaming\eXPert PDF Editor
2012-11-06 13:28 . 2012-11-06 13:28 -------- d-----w- c:\program files (x86)\Visagesoft
2012-11-06 13:18 . 2012-11-06 13:18 -------- d-----w- c:\users\Hans-Dieter\AppData\Roaming\CAD-KAS
2012-11-06 13:18 . 2012-11-06 13:18 87704 ----a-w- c:\windows\cadkasdeinst01.exe
2012-11-06 13:18 . 2012-11-06 13:20 -------- d-----w- c:\program files (x86)\PDF Editor 3
2012-11-06 13:18 . 2012-11-06 13:18 -------- d-----w- c:\users\Hans-Dieter\AppData\Roaming\DesktopIconForAmazon
2012-11-06 13:18 . 2011-05-13 13:16 493056 ----a-w- c:\windows\SysWow64\dhRichClient3.dll
2012-11-06 13:18 . 2011-03-25 21:42 338432 ----a-w- c:\windows\SysWow64\sqlite36_engine.dll
2012-10-31 11:32 . 2012-10-31 11:32 -------- d-----w- c:\program files\Common Files\DESIGNER
2012-10-31 09:05 . 2012-10-12 06:34 100864 ----a-w- c:\windows\system32\pdfcmon.dll
2012-10-31 09:05 . 2012-05-05 10:54 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2012-10-31 09:05 . 2012-10-31 09:05 -------- d-----w- c:\program files (x86)\PDFCreator
2012-10-31 09:05 . 2012-05-05 10:54 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2012-10-31 09:05 . 1998-07-06 17:55 158208 ----a-w- c:\windows\SysWow64\MSCMCDE.DLL
2012-10-31 09:05 . 1998-07-06 17:55 64512 ----a-w- c:\windows\SysWow64\MSCC2DE.DLL
2012-10-31 09:05 . 2012-10-31 09:05 -------- d-----w- c:\users\Hans-Dieter\AppData\Local\Programs
2012-10-21 12:53 . 2012-10-21 12:54 -------- d-----w- c:\users\Hans-Dieter\AppData\Roaming\PC-FAX TX
2012-10-18 15:16 . 2012-10-18 15:16 -------- d-----w- c:\users\Hans-Dieter\AppData\Local\Apple Computer
2012-10-18 15:16 . 2012-08-21 11:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-10-18 15:15 . 2012-10-18 15:15 -------- d-----w- c:\program files\iPod
2012-10-18 15:15 . 2012-10-18 15:16 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-18 15:15 . 2012-10-18 15:16 -------- d-----w- c:\program files\iTunes
2012-10-18 15:15 . 2012-10-18 15:16 -------- d-----w- c:\program files (x86)\iTunes
2012-10-18 15:14 . 2012-10-18 15:14 -------- d-----w- c:\program files\Common Files\Apple
2012-10-18 15:14 . 2012-10-18 15:14 -------- d-----w- c:\program files\Bonjour
2012-10-18 15:14 . 2012-10-18 15:14 -------- d-----w- c:\program files (x86)\Bonjour
2012-10-17 09:04 . 2012-10-17 09:04 -------- d-----w- c:\users\Hans-Dieter\AppData\Local\kiwi.software.NET
2012-10-17 09:03 . 2012-10-17 09:03 -------- d-----w- c:\program files (x86)\kiwi.software.NET
2012-10-14 13:43 . 2012-10-14 14:24 -------- d-----w- c:\users\Hans-Dieter\AppData\Roaming\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-08 11:49 . 2012-09-26 14:03 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-08 11:49 . 2012-09-26 10:15 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-10 20:23 . 2012-09-26 14:42 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-03 08:16 . 2012-09-25 15:54 60320 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2012-10-03 05:47 . 2012-09-25 15:54 126880 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2012-10-03 05:47 . 2012-09-25 15:54 64416 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys
2012-10-03 05:47 . 2012-09-25 15:54 54176 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2012-10-01 12:48 . 2012-10-01 12:48 53248 ----a-r- c:\users\Hans-Dieter\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-10-01 12:48 . 2012-10-01 12:43 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-09-28 13:42 . 2012-09-28 13:42 227216 ----a-w- c:\windows\SysWow64\ddBACCTM.cpl
2012-09-28 13:42 . 2012-09-28 13:42 825232 ----a-w- c:\windows\SysWow64\Ddbaccpl.cpl
2012-09-27 11:58 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-09-27 11:58 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-09-26 16:26 . 2012-09-26 16:26 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-09-26 16:26 . 2012-09-26 16:26 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-26 16:26 . 2012-09-26 16:26 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-09-26 16:26 . 2012-09-26 16:26 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-09-26 16:26 . 2012-09-26 16:26 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-09-26 16:26 . 2012-09-26 16:26 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-09-26 16:26 . 2012-09-26 16:26 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-09-26 16:26 . 2012-09-26 16:26 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-09-26 16:26 . 2012-09-26 16:26 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-09-26 16:26 . 2012-09-26 16:26 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-09-26 16:26 . 2012-09-26 16:26 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-09-26 16:26 . 2012-09-26 16:26 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-09-26 16:26 . 2012-09-26 16:26 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-09-26 16:26 . 2012-09-26 16:26 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-09-26 16:26 . 2012-09-26 16:26 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-09-26 16:26 . 2012-09-26 16:26 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-09-26 16:26 . 2012-09-26 16:26 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-09-26 16:26 . 2012-09-26 16:26 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-09-26 16:26 . 2012-09-26 16:26 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-09-26 16:26 . 2012-09-26 16:26 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-09-26 16:26 . 2012-09-26 16:26 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-09-26 16:26 . 2012-09-26 16:26 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-09-26 16:26 . 2012-09-26 16:26 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-09-26 16:26 . 2012-09-26 16:26 222208 ----a-w- c:\windows\system32\msls31.dll
2012-09-26 16:26 . 2012-09-26 16:26 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-09-26 16:26 . 2012-09-26 16:26 197120 ----a-w- c:\windows\system32\msrating.dll
2012-09-26 16:26 . 2012-09-26 16:26 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-09-26 16:26 . 2012-09-26 16:26 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-09-26 16:26 . 2012-09-26 16:26 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-09-26 16:26 . 2012-09-26 16:26 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-26 16:26 . 2012-09-26 16:26 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-09-26 16:26 . 2012-09-26 16:26 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-09-26 16:26 . 2012-09-26 16:26 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-09-26 16:26 . 2012-09-26 16:26 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-09-26 16:26 . 2012-09-26 16:26 82432 ----a-w- c:\windows\system32\icardie.dll
2012-09-26 16:26 . 2012-09-26 16:26 816640 ----a-w- c:\windows\system32\jscript.dll
2012-09-26 16:26 . 2012-09-26 16:26 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-09-26 16:26 . 2012-09-26 16:26 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-09-26 16:26 . 2012-09-26 16:26 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-09-26 16:26 . 2012-09-26 16:26 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-09-26 16:26 . 2012-09-26 16:26 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-09-26 16:26 . 2012-09-26 16:26 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-09-26 16:26 . 2012-09-26 16:26 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-09-26 16:26 . 2012-09-26 16:26 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-09-26 16:26 . 2012-09-26 16:26 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-09-26 16:26 . 2012-09-26 16:26 448512 ----a-w- c:\windows\system32\html.iec
2012-09-26 16:26 . 2012-09-26 16:26 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-09-26 16:26 . 2012-09-26 16:26 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-09-26 16:26 . 2012-09-26 16:26 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-09-26 16:26 . 2012-09-26 16:26 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-09-26 16:26 . 2012-09-26 16:26 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-09-26 16:26 . 2012-09-26 16:26 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-09-26 16:26 . 2012-09-26 16:26 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-09-26 16:26 . 2012-09-26 16:26 248320 ----a-w- c:\windows\system32\ieui.dll
2012-09-26 16:26 . 2012-09-26 16:26 237056 ----a-w- c:\windows\system32\url.dll
2012-09-26 16:26 . 2012-09-26 16:26 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-09-26 16:26 . 2012-09-26 16:26 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-09-26 16:26 . 2012-09-26 16:26 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-09-26 16:26 . 2012-09-26 16:26 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-09-26 16:26 . 2012-09-26 16:26 160256 ----a-w- c:\windows\system32\wextract.exe
2012-09-26 16:26 . 2012-09-26 16:26 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-09-26 16:26 . 2012-09-26 16:26 149504 ----a-w- c:\windows\system32\occache.dll
2012-09-26 16:26 . 2012-09-26 16:26 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-09-26 16:26 . 2012-09-26 16:26 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-09-26 16:26 . 2012-09-26 16:26 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-09-26 16:26 . 2012-09-26 16:26 12288 ----a-w- c:\windows\system32\mshta.exe
2012-09-26 16:26 . 2012-09-26 16:26 114176 ----a-w- c:\windows\system32\admparse.dll
2012-09-26 16:26 . 2012-09-26 16:26 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-09-26 16:26 . 2012-09-26 16:26 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-09-26 16:26 . 2012-09-26 16:26 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-09-26 16:26 . 2012-09-26 16:26 103936 ----a-w- c:\windows\system32\inseng.dll
2012-09-26 12:46 . 2012-09-26 12:46 129784 ------w- c:\windows\SysWow64\pxafs.dll
2012-09-26 12:46 . 2012-09-26 12:46 116472 ------w- c:\windows\SysWow64\pxcpyi64.exe
2012-09-26 12:46 . 2012-09-26 12:46 10488 ------w- c:\windows\system32\drivers\cdralw2k.sys
2012-09-26 12:46 . 2012-09-26 12:46 10488 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2012-09-26 12:46 . 2012-09-26 12:46 52856 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2012-09-26 12:46 . 2012-09-26 12:46 118520 ------w- c:\windows\SysWow64\pxinsi64.exe
2012-09-26 09:16 . 2012-09-26 09:16 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-26 09:16 . 2012-09-26 09:16 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-26 08:37 . 2012-09-26 08:37 367200 ----a-w- c:\windows\system32\drivers\afcdp.sys
2012-09-26 08:37 . 2012-09-26 08:37 1294432 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2012-09-26 08:37 . 2012-09-26 08:37 994912 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-09-26 08:37 . 2012-09-26 08:37 211552 ----a-w- c:\windows\system32\drivers\vididr.sys
2012-09-26 08:37 . 2012-09-26 08:37 146528 ----a-w- c:\windows\system32\drivers\vsflt67.sys
2012-09-26 08:37 . 2012-09-26 08:37 320096 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-09-26 08:37 . 2012-09-26 08:37 137312 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2012-09-25 15:54 . 2012-09-25 15:54 64376 ----a-w- c:\windows\system32\drivers\HookCentre.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dradio-RecorderTimer"="c:\program files (x86)\dradio-Recorder\phonostarTimer.exe" [2012-04-03 41472]
"Microsoft Location Finder"="c:\program files (x86)\Microsoft Location Finder\LocationFinder.exe" [2006-11-14 121640]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2012-09-17 995352]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2012-01-27 1470968]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2011-05-19 2629632]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-06-28 5993216]
"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2012-06-28 1173712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2012-01-13 1493288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-10 98304]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-01-27 237568]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-9-26 113664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Lexware Info Service.lnk - c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2011-7-31 189808]
Quicken 2011 Zahlungserinnerung.lnk - c:\program files (x86)\Lexware\Quicken\2011\billmind.exe [2010-11-24 198000]
Quicken Jubiläumsversion Zahlungserinnerung.lnk - c:\windows\Installer\{A907A713-DA24-4352-8786-96C7A6944646}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe [2012-9-29 40960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-09-04 25584]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\drivers\vpcuxd.sys [2010-11-20 16384]
R4 Cosptsvfcrls;Cosptsvfcrls; [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-09-26 137312]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2012-10-03 54176]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2012-09-26 52856]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-09-26 211552]
S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys [2012-09-26 146528]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2012-10-03 126880]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [2012-10-03 64416]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2012-09-25 64376]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-09-26 3491792]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-10 203776]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2012-08-23 1542680]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [2012-01-27 468472]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2012-08-30 2011568]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 OS Selector;Acronis OS Selector Activator;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2011-11-15 2155848]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-06-28 5924712]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-08-28 92632]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-09-26 367200]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
S3 AVMCOWAN;AVM ISDN CoNDIS WAN CAPI Driver;c:\windows\system32\DRIVERS\AVMCOWAN.sys [2009-06-10 79872]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
S3 FPCIBASE;AVM FRITZ!Card PCI;c:\windows\system32\DRIVERS\fpcibase.sys [2009-06-10 899328]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2012-06-04 1766464]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2012-10-03 60320]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2012-03-29 470008]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-01-28 36720]
S3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\AutorunsDisabled\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-26 11:49]
.
2012-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-26 11:19]
.
2012-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-26 11:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-06-28 403688]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} - hxxp://bmontessori12.dyndns.org:1120/RtspVaPgDec.cab
FF - ProfilePath - c:\users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-09-12 14:40; fb_add_on@avm.de; c:\users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\extensions\fb_add_on@avm.de
FF - ExtSQL: 2012-09-25 19:46; {BCC877E7-7F3F-4632-8338-DAEE4475DE35}; c:\users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\extensions\{BCC877E7-7F3F-4632-8338-DAEE4475DE35}.xpi
FF - ExtSQL: 2012-09-26 11:16; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-03 07:47; {906305f7-aafc-45e9-8bbd-941950a84dad}; c:\program files (x86)\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
FF - ExtSQL: 2012-10-18 15:35; maps@ovi.com; c:\users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\extensions\maps@ovi.com
FF - ExtSQL: 2012-11-06 14:18; extension@preispilot.com; c:\users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\extensions\extension@preispilot.com.xpi
FF - ExtSQL: 2012-11-06 14:18; mail@shopping-preise.de; c:\users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\extensions\mail@shopping-preise.de
FF - ExtSQL: 2012-11-06 14:18; firejump@firejump.net; c:\users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\extensions\firejump@firejump.net
FF - ExtSQL: !HIDDEN! 2012-11-06 14:18; mail@shopping-preise.de; c:\users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\extensions\mail@shopping-preise.de
FF - ExtSQL: !HIDDEN! 2012-11-06 14:18; firejump@firejump.net; c:\users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\extensions\firejump@firejump.net
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-ControlCenter4 - c:\program files (x86)\ControlCenter4\BrCcBoot.exe
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-11 09:42:06
ComboFix-quarantined-files.txt 2012-11-11 08:42
.
Vor Suchlauf: 11 Verzeichnis(se), 143.753.400.320 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 144.133.267.456 Bytes frei
.
- - End Of File - - 45C56C0255CF0093A86B2EAD23B5A9A9
|
|
11.11.2012, 12:18
| #4 |
| /// TB-Ausbilder | Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster Servus, danke für die Hinweise bezüglich JRT.  Gibts noch Probleme mit http://ad.adserverplus.com/ in Firefox? Starte bitte OTL.exe und drücke den Quick Scan Button. Poste die OTL.txt hier in deinen Thread. |
|
11.11.2012, 12:45
| #5 |
| | Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster Hallo, Matthias, danke für die schnelle Antwort. Nein, seit Abschluß der Prozedur gab es keine Probleme, aber kann ich denn schon sicher sein, dass sie beseitigt sind? Es wäre schön, wenn du mir dazu was sagen und vor allem auch Hinweise geben könntest, wie ich sowas künftig verhindern kann. Leider hat ja mein GData auch keinen Alarm geschlagen, aber vielleicht geht das bei diesem Hijacker-Virus auch gar nicht. Auf jeden Fall vielen Dank für die schnelle (und hoffentlich nachhaltige) Hilfe. Das OTL-Log folgt.OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.11.2012 12:27:25 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hans-Dieter\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,96 Gb Total Physical Memory | 3,30 Gb Available Physical Memory | 55,44% Memory free 11,92 Gb Paging File | 8,66 Gb Available in Paging File | 72,68% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 205,97 Gb Total Space | 133,68 Gb Free Space | 64,90% Space Free | Partition Type: NTFS Drive D: | 425,58 Gb Total Space | 261,32 Gb Free Space | 61,40% Space Free | Partition Type: NTFS Drive E: | 554,98 Gb Total Space | 382,45 Gb Free Space | 68,91% Space Free | Partition Type: NTFS Drive I: | 662,53 Gb Total Space | 368,98 Gb Free Space | 55,69% Space Free | Partition Type: NTFS Computer Name: HDS-NEU | User Name: Hans-Dieter | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\HANS-D~1\AppData\Local\Temp\~e5d141.tmp (Macrovision Europe Ltd.) PRC - C:\Users\Hans-Dieter\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\IrfanView\i_view32.exe (Irfan Skiljan) PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) PRC - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis) PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe () PRC - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) PRC - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe (Google Inc.) PRC - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) PRC - C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe () PRC - C:\Program Files (x86)\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe (Deutsche Telekom AG) PRC - C:\Program Files (x86)\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe (Deutsche Telekom AG) PRC - C:\Program Files (x86)\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe (Deutsche Telekom AG) PRC - C:\Program Files (x86)\T-Online\T-Online_Software_6\eMail\Mail.exe (Deutsche Telekom AG, www.t-online.de) PRC - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) PRC - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.) PRC - C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () PRC - C:\Program Files (x86)\T-Online\T-Online_Software_6\Notifier\Notifier.exe (fun communications GmbH, hxxp://www.fun.de) PRC - C:\Program Files (x86)\Microsoft Location Finder\LocationFinder.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Adobe\Photoshop CS\Photoshop.exe (Adobe Systems, Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Users\HANS-D~1\AppData\Local\Temp\~ef0a3f\~df394b.tmp () MOD - C:\Users\HANS-D~1\AppData\Local\Temp\~ef055f\~de4ae7.tmp () MOD - C:\Users\HANS-D~1\AppData\Local\Temp\~ef055f\~df394b.tmp () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\IrfanView\Languages\Deutsch.dll () MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll () MOD - C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe () MOD - C:\Program Files (x86)\Google\Picasa3\Picasa3i18n.dll () MOD - C:\Program Files (x86)\Google\Picasa3\plugins\ytITivo.yti () MOD - C:\Program Files (x86)\Google\Picasa3\qtsupport.dll () MOD - C:\Program Files (x86)\Google\Picasa3\plugins\CDVDR\CDVDR.yti () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\T-Online\T-Online_Software_6\eMail\libexpat.dll () MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll () MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtCore4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtSvg4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtGUI4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtXml4.dll () MOD - C:\Program Files (x86)\T-Online\T-Online_Software_6\Notifier\libcurl.dll () MOD - C:\Program Files (x86)\T-Online\T-Online_Software_6\Notifier\libexpat.dll () MOD - C:\Program Files (x86)\Adobe\Photoshop CS\Photoshop.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe (G Data Software AG) SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (syncagentsrv) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis) SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (GDFwSvc) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe (G Data Software AG) SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) SRV - (AVKService) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (OS Selector) -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe () SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG) DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG) DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG) DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis) DRV:64bit: - (tdrpman) -- C:\Windows\SysNative\drivers\tdrpman.sys (Acronis) DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis) DRV:64bit: - (vididr) -- C:\Windows\SysNative\drivers\vididr.sys (Acronis) DRV:64bit: - (vidsflt67) -- C:\Windows\SysNative\drivers\vsflt67.sys (Acronis) DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis) DRV:64bit: - (fltsrv) -- C:\Windows\SysNative\drivers\fltsrv.sys (Acronis) DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (NBVol) -- C:\Windows\SysNative\drivers\NBVol.sys (Nero AG) DRV:64bit: - (NBVolUp) -- C:\Windows\SysNative\drivers\NBVolUp.sys (Nero AG) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (FPCIBASE) -- C:\Windows\SysNative\drivers\fpcibase.sys (AVM Berlin) DRV:64bit: - (AVMCOWAN) -- C:\Windows\SysNative\drivers\avmcowan.sys (AVM GmbH) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (Null) -- C:\Windows\SysWow64\NULL () DRV - (PCDSRVC{1E208CE0-FB7451FF-06020200}_0) -- c:\Programme\Dell Support Center\pcdsrvc_x64.pkms (PC-Doctor, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D1 E6 22 1C E7 BC CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: {bb6bc1bb-f824-4702-90cd-35e2fb24f25d}:1.5.1.1 FF - prefs.js..extensions.enabledAddons: fb_add_on@avm.de:1.6.3 FF - prefs.js..extensions.enabledAddons: {BCC877E7-7F3F-4632-8338-DAEE4475DE35}:0.20 FF - prefs.js..extensions.enabledAddons: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.2.2 FF - prefs.js..extensions.enabledAddons: maps@ovi.com:5.10.3.0 FF - prefs.js..extensions.enabledAddons: {906305f7-aafc-45e9-8bbd-941950a84dad}:1.1.11215.1124 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files (x86)\dradio-Recorder\npphonostarDetectNP.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.30 17:57:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.07 10:43:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@shopping-preise.de: C:\Users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\extensions\mail@shopping-preise.de [2012.11.06 14:18:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\extensions\firejump@firejump.net [2012.11.06 14:18:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\extensions\extension@preispilot.com FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.30 17:57:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.11 13:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Extensions [2012.10.11 13:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.11.10 19:21:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions [2012.10.08 17:38:41 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2012.09.25 17:42:52 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2012.09.25 17:42:51 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions\fb_add_on@avm.de [2012.11.06 14:18:32 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions\firejump@firejump.net [2012.11.06 14:18:32 | 000,000,000 | ---D | M] (Shopping-preise.de) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions\mail@shopping-preise.de [2012.10.18 14:35:29 | 000,000,000 | ---D | M] (Nokia Maps 3D browser plugin) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions\maps@ovi.com [2012.11.07 17:04:18 | 000,111,107 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\extension@preispilot.com.xpi [2012.09.25 18:46:06 | 000,009,282 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\{BCC877E7-7F3F-4632-8338-DAEE4475DE35}.xpi [2012.07.26 07:33:30 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.07.25 07:44:14 | 000,000,003 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\maps@ovi.com\plugins\package.XPI [2012.08.27 10:13:16 | 000,001,348 | ---- | M] () -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\searchplugins\wikipdia-fr.xml [2012.10.31 09:39:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.10.30 17:57:12 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2012.10.30 17:57:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.30 17:57:17 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Hans-Dieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Hans-Dieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Hans-Dieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.11.11 09:39:39 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG) O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKCU..\Run: [dradio-RecorderTimer] C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe () O4 - HKCU..\Run: [Microsoft Location Finder] C:\Program Files (x86)\Microsoft Location Finder\LocationFinder.exe (Microsoft Corporation) O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} hxxp://bmontessori12.dyndns.org:1119/VatDec.cab (VatCtrl Class) O16 - DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} hxxp://bmontessori12.dyndns.org:1120/RtspVaPgDec.cab (RtspVaPgCtrlNew Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C8BD92B-6F2C-4827-852A-084480244670}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.11.10 15:28:29 | 000,000,000 | ---D | M] - E:\Autos -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.11 12:26:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hans-Dieter\Desktop\OTL.exe [2012.11.11 09:49:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.11.10 19:35:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.11.10 19:35:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.11.10 19:35:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.11.10 19:32:26 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.11.10 19:30:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.11.10 19:25:34 | 004,998,937 | R--- | C] (Swearware) -- C:\Users\Hans-Dieter\Desktop\ComboFix.exe [2012.11.10 19:17:03 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2012.11.10 19:17:00 | 000,000,000 | ---D | C] -- C:\JRT [2012.11.10 09:34:16 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Roaming\Malwarebytes [2012.11.10 09:34:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.10 09:34:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.10 09:34:03 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.10 09:34:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.09 09:07:40 | 004,918,219 | ---- | C] (Phil Harvey) -- C:\Windows\exiftool.exe [2012.11.06 14:29:30 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Roaming\eXPert PDF Editor [2012.11.06 14:28:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visage [2012.11.06 14:28:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Visagesoft [2012.11.06 14:18:58 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Roaming\CAD-KAS [2012.11.06 14:18:51 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Editor 3.3 [2012.11.06 14:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Editor 3.3 [2012.11.06 14:18:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Editor 3 [2012.11.06 14:18:32 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\SysWow64\dhRichClient3.dll [2012.11.06 14:18:32 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Roaming\DesktopIconForAmazon [2012.10.31 12:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2012.10.31 10:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.10.31 10:05:41 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX [2012.10.31 10:05:41 | 000,100,864 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2012.10.31 10:05:40 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL [2012.10.31 10:05:40 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL [2012.10.31 10:05:40 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL [2012.10.31 10:05:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2012.10.31 10:05:02 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Local\Programs [2012.10.30 17:57:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.21 13:53:27 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Roaming\PC-FAX TX [2012.10.18 16:16:36 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Local\Apple Computer [2012.10.18 16:16:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.10.18 16:16:26 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2012.10.18 16:15:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.10.18 16:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.10.18 16:15:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.10.18 16:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012.10.18 16:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012.10.18 16:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012.10.18 16:14:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2012.10.17 10:04:09 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Local\kiwi.software.NET [2012.10.17 10:03:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\kiwi.software.NET [2012.10.17 10:03:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\kiwi.software.NET [2012.10.14 14:43:49 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Roaming\TeamViewer ========== Files - Modified Within 30 Days ========== [2012.11.11 12:29:03 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.11 12:04:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.11 11:31:37 | 000,865,944 | ---- | M] () -- C:\Windows\SysWow64\sig.bin [2012.11.11 11:31:37 | 000,046,155 | ---- | M] () -- C:\Windows\SysWow64\nmp.map [2012.11.11 09:57:05 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.11 09:57:05 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.11 09:49:18 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.11 09:48:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.11 09:48:52 | 504,717,311 | -HS- | M] () -- C:\hiberfil.sys [2012.11.11 09:39:39 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.11.10 19:18:46 | 004,998,937 | R--- | M] (Swearware) -- C:\Users\Hans-Dieter\Desktop\ComboFix.exe [2012.11.10 18:25:19 | 000,541,569 | ---- | M] () -- C:\Users\Hans-Dieter\Desktop\adwcleaner.exe [2012.11.10 16:11:09 | 000,000,000 | ---- | M] () -- C:\Users\Hans-Dieter\defogger_reenable [2012.11.10 09:34:04 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.10 09:18:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hans-Dieter\Desktop\OTL.exe [2012.11.09 08:50:34 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.09 08:50:34 | 000,655,802 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.09 08:50:34 | 000,616,348 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.09 08:50:34 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.09 08:50:34 | 000,106,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.08 18:30:55 | 000,002,374 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.11.08 18:24:21 | 004,918,219 | ---- | M] (Phil Harvey) -- C:\Windows\exiftool.exe [2012.11.08 12:49:35 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.11.08 12:49:35 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.11.06 14:28:25 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\eXPert PDF Editor.lnk [2012.11.06 14:18:51 | 000,087,704 | ---- | M] () -- C:\Windows\cadkasdeinst01.exe [2012.11.06 14:18:51 | 000,000,990 | ---- | M] () -- C:\Users\Hans-Dieter\Desktop\PDF Editor 3.3.lnk [2012.11.06 14:18:32 | 000,001,478 | ---- | M] () -- C:\Users\Hans-Dieter\Desktop\Amazon.lnk [2012.11.05 14:54:44 | 000,011,264 | ---- | M] () -- C:\Users\Hans-Dieter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.04 19:32:24 | 000,000,262 | ---- | M] () -- C:\Users\Hans-Dieter\Desktop\Run.lnk [2012.10.31 12:42:13 | 000,427,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.10.31 10:05:45 | 000,001,160 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk [2012.10.31 10:05:45 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.10.21 13:54:13 | 000,000,414 | ---- | M] () -- C:\Windows\Brpfx04a.ini [2012.10.21 13:54:13 | 000,000,000 | ---- | M] () -- C:\Windows\brdfxspd.dat [2012.10.21 13:53:27 | 000,000,166 | ---- | M] () -- C:\Windows\brpcfx.ini [2012.10.18 16:16:30 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk ========== Files Created - No Company Name ========== [2012.11.11 08:55:02 | 000,541,569 | ---- | C] () -- C:\Users\Hans-Dieter\Desktop\adwcleaner.exe [2012.11.10 19:35:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.11.10 19:35:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.11.10 19:35:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.11.10 19:35:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.11.10 19:35:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.11.10 16:11:09 | 000,000,000 | ---- | C] () -- C:\Users\Hans-Dieter\defogger_reenable [2012.11.10 09:34:04 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.06 14:28:25 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\eXPert PDF Editor.lnk [2012.11.06 14:18:51 | 000,087,704 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2012.11.06 14:18:51 | 000,000,990 | ---- | C] () -- C:\Users\Hans-Dieter\Desktop\PDF Editor 3.3.lnk [2012.11.06 14:18:32 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2012.11.06 14:18:32 | 000,001,478 | ---- | C] () -- C:\Users\Hans-Dieter\Desktop\Amazon.lnk [2012.11.04 19:32:24 | 000,000,262 | ---- | C] () -- C:\Users\Hans-Dieter\Desktop\Run.lnk [2012.10.31 10:05:45 | 000,001,160 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk [2012.10.31 10:05:45 | 000,000,991 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.10.18 16:16:30 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.09.27 16:25:58 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.09.27 12:45:11 | 000,011,264 | ---- | C] () -- C:\Users\Hans-Dieter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.26 13:45:48 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2012.09.26 09:04:37 | 000,000,414 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012.09.26 09:04:37 | 000,000,166 | ---- | C] () -- C:\Windows\brpcfx.ini [2012.09.26 09:04:31 | 000,003,303 | ---- | C] () -- C:\Windows\BRPARAM.INI [2012.09.26 09:03:43 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2012.09.26 09:03:43 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2012.09.26 09:03:42 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2012.09.26 09:03:41 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2012.09.26 06:20:08 | 000,865,944 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2012.09.25 16:59:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.09.27 10:16:20 | 000,304,128 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll [2011.09.27 10:14:14 | 000,133,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll [2011.09.27 10:13:58 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
|
11.11.2012, 13:08
| #6 | ||
| /// TB-Ausbilder | Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster Servus, Zitat:
 Zitat:
Die meisten AV-Programme oder SecuritySuiten erkennen diese Schädlinge nicht, da sie dem Computer nicht wirklichen Schaden zufügen können. Sie sind eher ziemlich nervig. AdwCleaner ist ein gutes Programm, das in solchen Fällen Abhilfe schaffen kann. So, nun zu den Kontrollscans. Wenn die sauber sind, dann gebe ich dir im Anschluss noch ein paar wertvolle Tipps. Schritt 1
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte SecurityCheck
Bitte poste mit deiner nächsten Antwort
|
|
11.11.2012, 15:14
| #7 |
| | Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster Kurzer Zwischenbericht: Der Online-Scanner läuft jetzt ca. 1 h, Stand: 11%. Es kann also noch etwas dauern, bis ich liefern kann. Aber das kennst Du sicher...  Gruß Masin |
|
11.11.2012, 15:51
| #8 |
| /// TB-Ausbilder | Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster Servus, vielen Dank für die Rückmeldung. Poste einfach die Logdateien, sobald du alles zusammen hast. |
|
11.11.2012, 15:55
| #9 |
| | Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster Geht klar. Gruß Masin |
|
11.11.2012, 16:20
| #10 |
| /// TB-Ausbilder | Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster |
|
12.11.2012, 08:33
| #11 |
| | Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster Guten Morgen, Matthias, Nun ist es endlich geschafft, fast 10 Stunden hat's gedauert. Muss ich Bedenken haben, weil mein Rechner ja ca. 18 Stunden völlig ungeschützt im Netz stand? Es folgen die Logs, bin gespannt auf deine Auswertung. Schönen Tag! Masin Malwarebytes Anti-Malware (Test) 1.65.1.1000 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.11.11.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Hans-Dieter :: HDS-NEU [Administrator] Schutz: Aktiviert 11.11.2012 14:03:21 mbam-log-2012-11-11 (14-03-21).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 208493 Laufzeit: 2 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=284fe10b949d6440a66d32a3e4c61300 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-11-11 10:49:35 # local_time=2012-11-11 11:49:35 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=4096 16777215 100 0 4051022 4051022 0 0 # compatibility_mode=5893 16776573 100 94 20318 104269317 0 0 # compatibility_mode=8192 67108863 100 0 3696 3696 0 0 # scanned=621101 # found=19 # cleaned=0 # scan_time=34708 D:\DASI HDD Notebook\Daten1\Download\QUAD_Registry_Cleaner_Installer.exe a variant of Win32/Adware.QUADRegClean application (unable to clean) 00000000000000000000000000000000 I D:\DASI HDD Notebook\Daten1\Download\SoftonicDownloader47309.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I D:\DASI HDD Notebook\Daten1\Download\SoftonicDownloader_fuer_expert-pdf.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I D:\DASI HDD Notebook\Daten1\Download\vlc-1.1.5-win32.exe Win32/StartPage.OIE trojan (unable to clean) 00000000000000000000000000000000 I E:\SoftonicDownloader_fuer_expert-pdf.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I E:\downl\SoftonicDownloader_fuer_dropit.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I E:\Downloads\Geo\cnet2_pictomio_exe(1).exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I E:\Downloads\Geo\cnet2_pictomio_exe.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I E:\Downloads\OCR\SoftonicDownloader_fuer_abbyy-finereader.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I E:\Downloads\OCR\SoftonicDownloader_fuer_cognitive-openocr.exe Win32/SoftonicDownloader.D application (unable to clean) 00000000000000000000000000000000 I E:\Downloads\pdf\SoftonicDownloader_fuer_expert-pdf.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I E:\Downloads\pdf\SoftonicDownloader_fuer_pdfcreator.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I E:\Downloads\Video\Setup58_FreeFlvConverter.exe Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I E:\Downloads\Video\Setup_696FreeFlvConverter.exe Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I E:\Downloads\Video\SoftonicDownloader_for_kmplayer.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I E:\Downloads\VLC\VLCMediaPlayerSetup.exe a variant of Win32/Somoto.A application (unable to clean) 00000000000000000000000000000000 I E:\Downloads\windows\registrybooster.exe a variant of Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I E:\Downloads\windows\SoftonicDownloader_fuer_iconphile.exe a variant of Win32/SoftonicDownloader.E application (unable to clean) 00000000000000000000000000000000 I E:\Grafik\PosPanoramaPro_SetUp.exe Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I Results of screen317's Security Check version 0.99.54 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` G Data InternetSecurity 2013 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.65.1.1000 Java(TM) 6 Update 35 Java(TM) 6 Update 2 Java version out of Date! Adobe Flash Player 11.5.502.110 Adobe Reader X (10.1.4) Mozilla Firefox (Firefox.) Mozilla Thunderbird (15.0.1) Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe G Data InternetSecurity Firewall GDFirewallTray.exe G Data InternetSecurity Firewall GDFwSvcx64.exe T-Online T-Online_Software_6 eMail Mail.exe T-Online T-ONLI~1 BASIS-~1 Basis2\PROFIL~1.EXE T-Online T-ONLI~1 BASIS-~1 Basis2\kernel.exe T-Online T-ONLI~1 BASIS-~1 Basis2\sc_watch.exe T-Online T-ONLI~1 Notifier Notifier.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
12.11.2012, 17:20
| #12 |
| /// TB-Ausbilder | Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster Servus, halte dich von Softonic fern, damit handelst du dir nämlich sonst nur wieder lauter Müll ein. Schritt 1 Schließe wie beim ESET Online Scanner alle externen Laufwerke (bei dir D:\ und E:\) an den Rechner an!
Code:
ATTFilter :OTL
:files
D:\DASI HDD Notebook\Daten1\Download\QUAD_Registry_Cleaner_Installer.exe
D:\DASI HDD Notebook\Daten1\Download\SoftonicDownloader47309.exe
D:\DASI HDD Notebook\Daten1\Download\SoftonicDownloader_fuer_expert-pdf.exe
D:\DASI HDD Notebook\Daten1\Download\vlc-1.1.5-win32.exe
E:\SoftonicDownloader_fuer_expert-pdf.exe
E:\downl\SoftonicDownloader_fuer_dropit.exe
E:\Downloads\Geo\cnet2_pictomio_exe(1).exe
E:\Downloads\Geo\cnet2_pictomio_exe.exe
E:\Downloads\OCR\SoftonicDownloader_fuer_abbyy-finereader.exe
E:\Downloads\OCR\SoftonicDownloader_fuer_cognitive-openocr.exe
E:\Downloads\pdf\SoftonicDownloader_fuer_expert-pdf.exe
E:\Downloads\pdf\SoftonicDownloader_fuer_pdfcreator.exe
E:\Downloads\Video\Setup58_FreeFlvConverter.exe
E:\Downloads\Video\Setup_696FreeFlvConverter.exe
E:\Downloads\Video\SoftonicDownloader_for_kmplayer.exe
E:\Downloads\VLC\VLCMediaPlayerSetup.exe
E:\Downloads\windows\registrybooster.exe
E:\Downloads\windows\SoftonicDownloader_fuer_iconphile.exe
E:\Grafik\PosPanoramaPro_SetUp.exe
:Commands
[reboot]
Schritt 2 Downloade Dir bitte delfix auf deinen Desktop.
Bitte poste mit deiner nächsten Antwort
|
|
12.11.2012, 17:41
| #13 |
| | Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster Hallo Matthias, danke für deine Antwort und die weitere Anleitung. Das mit Softonic hatte ich mir fast schon gedacht, als ich heute morgen das Log las. Hier die beiden neuen Logs, vorher noch zwei Bemerkungen: - der Suchlauf von Delfix dauerte nur weniger als eine Sekunde, - ich habe heute eine kleine Spende überwiesen für die vorbildliche Arbeit eures Boards. Gestaltung der Website, die Anleitungen und die schnelle Reaktionszeit werden selbst von professionellen Firmen kaum getoppt. Danke und Gruß Masin ========== OTL ========== ========== FILES ========== D:\DASI HDD Notebook\Daten1\Download\QUAD_Registry_Cleaner_Installer.exe moved successfully. D:\DASI HDD Notebook\Daten1\Download\SoftonicDownloader47309.exe moved successfully. D:\DASI HDD Notebook\Daten1\Download\SoftonicDownloader_fuer_expert-pdf.exe moved successfully. D:\DASI HDD Notebook\Daten1\Download\vlc-1.1.5-win32.exe moved successfully. E:\SoftonicDownloader_fuer_expert-pdf.exe moved successfully. E:\downl\SoftonicDownloader_fuer_dropit.exe moved successfully. E:\Downloads\Geo\cnet2_pictomio_exe(1).exe moved successfully. E:\Downloads\Geo\cnet2_pictomio_exe.exe moved successfully. E:\Downloads\OCR\SoftonicDownloader_fuer_abbyy-finereader.exe moved successfully. E:\Downloads\OCR\SoftonicDownloader_fuer_cognitive-openocr.exe moved successfully. E:\Downloads\pdf\SoftonicDownloader_fuer_expert-pdf.exe moved successfully. E:\Downloads\pdf\SoftonicDownloader_fuer_pdfcreator.exe moved successfully. E:\Downloads\Video\Setup58_FreeFlvConverter.exe moved successfully. E:\Downloads\Video\Setup_696FreeFlvConverter.exe moved successfully. E:\Downloads\Video\SoftonicDownloader_for_kmplayer.exe moved successfully. E:\Downloads\VLC\VLCMediaPlayerSetup.exe moved successfully. E:\Downloads\windows\registrybooster.exe moved successfully. E:\Downloads\windows\SoftonicDownloader_fuer_iconphile.exe moved successfully. E:\Grafik\PosPanoramaPro_SetUp.exe moved successfully. ========== COMMANDS ========== OTL by OldTimer - Version 3.2.69.0 log created on 11122012_172959 # AdwCleaner v6.2 - Datei am 12/11/2012 um 17:34:57 erstellt # Aktualisiert am 11/11/2012 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzer : Hans-Dieter - HDS-NEU # Ausgeführt unter : C:\Users\Hans-Dieter\Desktop\delfix.exe # Option [Suche] ~~~~~~ Ordner ~~~~~~ Gefunden : C:\Qoobox Gefunden : C:\JRT Gefunden : C:\_OTL ~~~~~~ Datei(en) ~~~~~~ Gefunden : C:\AdwCleaner[S1].txt Gefunden : C:\ComboFix.txt Gefunden : C:\Users\Hans-Dieter\Desktop\adwcleaner.exe Gefunden : C:\Users\Hans-Dieter\Desktop\AdwCleaner[S1].txt Gefunden : C:\Users\Hans-Dieter\Desktop\ComboFix.exe Gefunden : C:\Users\Hans-Dieter\Desktop\ComboFix.txt Gefunden : C:\Users\Hans-Dieter\Desktop\Extras.Txt Gefunden : C:\Users\Hans-Dieter\Desktop\JRT.txt Gefunden : C:\Users\Hans-Dieter\Desktop\OTL.Txt Gefunden : C:\Users\Hans-Dieter\Desktop\OTL.exe Gefunden : C:\Users\Hans-Dieter\Desktop\SecurityCheck.exe Gefunden : C:\Windows\grep.exe Gefunden : C:\Windows\PEV.exe Gefunden : C:\Windows\NIRCMD.exe Gefunden : C:\Windows\MBR.exe Gefunden : C:\Windows\SED.exe Gefunden : C:\Windows\SWREG.exe Gefunden : C:\Windows\SWSC.exe Gefunden : C:\Windows\SWXCACLS.exe Gefunden : C:\Windows\Zip.exe ~~~~~~ Registrierungsdatenbank ~~~~~~ Schlüssel gefunden : HKLM\SOFTWARE\OldTimer Tools Schlüssel gefunden : HKLM\SOFTWARE\AdwCleaner Schlüssel gefunden : HKLM\SOFTWARE\Swearware Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe ~~~~~~ Sonstiges ~~~~~~ ************************* DelFix[R1].txt - [1579 octets] - [12/11/2012 17:34:57] ########## EOF - C:\DelFix[R1].txt - [1703 octets] ########## |
|
12.11.2012, 18:13
| #14 |
| /// TB-Ausbilder | Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster Servus, im Namem des Teams sage ich vielen Dank für die Spende. Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber. Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Schritt 2 Deinstalliere bitte deine aktuelle Version von Adobe Reader Start--> Systemsteuerung--> Software / Programme deinstallieren--> Adobe Reader und lade dir die neue Version von Hier herunter- Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome. Schritt 3
Prüfe bitte auch (regelmässig) ob folgende Links fehlende Updates bei deinen Plugins zeigen: Schritt 4 Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall
 Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Schritt 5
Schritt 6 Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
13.11.2012, 08:53
| #15 |
| | Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster Hallo Matthias, dank deiner Hilfe ist das Problem ja nun wohl beseitigt. Unten ist noch die DelFix[S1].txt. Abschließend noch ein paar Bemerkungen zu den von dir empfohlenen Maßnahmen. Die Schritte 1 bis 5 sind völlig klar. Zum Schritt 6 ist folgendes zu sagen: Selbstverständlich versuche ich, mein System ständig auf dem Laufenden zu halten, Windows Update ist eine Selbstverständlichkeit, immer aktuelle Versionen von Browser (Firefox) und anderer Software ist auch klar. Für letzteres empfiehlst du Secunia Online. Hier wird mir ein Upgrade von relativ teuren Programmen wie Photoshop bzw. Dreamweaver empfohlen, obwohl ich annehme, dass diese älteren Versionen auch sicher sind und die neueren Versionen im wesentlichen einen höheren Funktionsumfang haben. Ist das richtig? Bei meinem FTP-Programm Core FTP LE fordert Secunia mich auf, den Support zu kontaktieren und Daten zusenden (she. Anhang). Nach Betätigen des Sende-Buttons passiert jetzt schon fast 30 min gar nichts. Werde mich wohl mal direkt an Secunia wenden. Zu deinen wichtigsten Hinweisen gehört zweifellos die Warnung vor Softonic. Ich habe zwar in der Vergangenheit fast immer daran gedacht, das Installieren unerwünschter Software wie Toolbars usw. zu deaktivieren, aber wohl nicht immer. Nun also nochmal besten Dank für eure und insbesondere deine Mühe. Ich habe mir auch euer Angebot angesehen, sich in eurer Akademie ausbilden zu lassen und hätte schon Lust dazu, aber sicher nicht mehr in meinem Alter (67). Weiterhin viel Erfolg mit eurem Board! Beste Grüße Masin # AdwCleaner v6.2 - Datei am 12/11/2012 um 18:51:43 erstellt # Aktualisiert am 11/11/2012 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzer : Hans-Dieter - HDS-NEU # Ausgeführt unter : C:\Users\Hans-Dieter\Desktop\delfix.exe # Option [Löschen] ~~~~~~ Ordner ~~~~~~ Gelöscht : C:\JRT Gelöscht : C:\_OTL ~~~~~~ Datei(en) ~~~~~~ Gelöscht : C:\AdwCleaner[S1].txt Gelöscht : C:\ComboFix.txt Gelöscht : C:\Users\Hans-Dieter\Desktop\adwcleaner.exe Gelöscht : C:\Users\Hans-Dieter\Desktop\AdwCleaner[S1].txt Gelöscht : C:\Users\Hans-Dieter\Desktop\ComboFix.txt Gelöscht : C:\Users\Hans-Dieter\Desktop\Extras.Txt Gelöscht : C:\Users\Hans-Dieter\Desktop\JRT.txt Gelöscht : C:\Users\Hans-Dieter\Desktop\OTL.Txt Gelöscht : C:\Users\Hans-Dieter\Desktop\OTL.exe Gelöscht : C:\Users\Hans-Dieter\Desktop\SecurityCheck.exe ~~~~~~ Registrierungsdatenbank ~~~~~~ Schlüssel gelöscht : HKLM\SOFTWARE\OldTimer Tools Schlüssel gelöscht : HKLM\SOFTWARE\AdwCleaner Schlüssel gelöscht : HKLM\SOFTWARE\Swearware ~~~~~~ Sonstiges ~~~~~~ -> Prefetch Geleert ************************* DelFix[R1].txt - [1700 octets] - [12/11/2012 17:34:57] DelFix[S1].txt - [1199 octets] - [12/11/2012 18:51:43] ########## EOF - C:\DelFix[S1].txt - [1323 octets] ########## Geändert von masin (13.11.2012 um 09:22 Uhr) |
|
| Themen zu Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster |
| 7-zip, akamai, antivirus, bho, bonjour, brief, canon, desktop, document, email, error, expert pdf, fehler, firefox, flash player, format, helper, home, iexplore.exe, install.exe, logfile, mozilla, plug-in, problem, registry, richtlinie, rundll, scan, security, senden, software, svchost.exe, visual studio, windows |
Textbox.
Linear-Darstellung
