| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: WIN7 eingeschränktes Konto nicht nutzbar / soll 100€ zahlen ?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.04.2013, 19:52
| #16 |
| /// TB-Ausbilder   |  WIN7 eingeschränktes Konto nicht nutzbar / soll 100€ zahlen ? So, Combofix sollte sich jetzt nachhaltig um diesen Sperrbildschirm gekümmert haben. Mach bitte im betroffenen Benutzerkonto ein neues OTL-Log: Starte bitte die OTL.exe.
__________________ cheers, Leo |
|
30.04.2013, 11:29
| #17 |
 | WIN7 eingeschränktes Konto nicht nutzbar / soll 100€ zahlen ? Danke; ich habe übrigens 2 Screenshots angehängt: 1) Beim Hochfahren hat er ein Modul vermisst.. kann ich diese Meldung nun jedes Mal erwarten, bekomme ich die irgendwie noch weg? 2) Beim Ausführen von OTL hatte ich AVG AntiVirus nicht abgeschaltet, und meldete 2 Funde, ich habe auf 'Entfernen' geklickt.. Hier nun der erste Bericht: Code:
ATTFilter OTL logfile created on: 4/30/2013 12:17:03 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\******* Surf\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 11.98 Gb Total Physical Memory | 9.10 Gb Available Physical Memory | 75.93% Memory free 23.96 Gb Paging File | 20.88 Gb Available in Paging File | 87.14% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 926.94 Gb Total Space | 789.29 Gb Free Space | 85.15% Space Free | Partition Type: NTFS Drive D: | 13.13 Gb Total Space | 1.62 Gb Free Space | 12.31% Space Free | Partition Type: NTFS Drive J: | 922.84 Gb Total Space | 807.86 Gb Free Space | 87.54% Space Free | Partition Type: NTFS Computer Name: *******-HP | User Name: ******* Neuer ******* | Logged in as *******istrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Users\******* Surf\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\******* Surf\AppData\Roaming\Traffic Travis v4\TrafficTravisV4.exe () PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries) PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Users\******* Surf\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Brother\bratimer.exe () PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe () PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.) PRC - C:\Program Files (x86)\XSManager\WTGService.exe () PRC - C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP) PRC - C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (HP) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe (Sanford, L.P.) PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.) PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) PRC - C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (SEIKO EPSON CORPORATION) PRC - C:\Program Files (x86)\Philips ToUcam Camera\GameCam SE\Program\RFTray.exe () PRC - C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe (Ulead Systems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Users\******* Surf\AppData\Roaming\Traffic Travis v4\TrafficTravisV4.exe () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll () MOD - C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll () MOD - C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll () MOD - C:\Users\******* Surf\AppData\Roaming\Traffic Travis v4\libeay32.dll () MOD - C:\Users\******* Surf\AppData\Roaming\Traffic Travis v4\ssleay32.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll () MOD - C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.Common.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll () MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\1031\nsextint.dll () MOD - C:\Program Files (x86)\Philips ToUcam Camera\GameCam SE\Program\RFTrayRes.dll () MOD - C:\Program Files (x86)\Philips ToUcam Camera\GameCam SE\Program\RFTray.exe () MOD - C:\Program Files (x86)\Philips ToUcam Camera\GameCam SE\Program\RfDownload.dll () MOD - C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 2 SE\U32MISC.dll () MOD - C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 2 SE\u32Spy.dll () ========== Services (SafeList) ========== SRV:64bit: - (EPSON_PM_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION) SRV:64bit: - (EpsonCustomerResearchParticipation) -- C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe (SEIKO EPSON CORPORATION) SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\STacSV64.exe (IDT, Inc.) SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (Printer Control) -- C:\Windows\SysNative\PrintCtrl.exe (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Garmin Core Update Service) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (BRA_Scheduler) -- C:\Program Files (x86)\Brother\bratimer.exe () SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe () SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.) SRV - (WTGService) -- C:\Program Files (x86)\XSManager\WTGService.exe () SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company) SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) SRV - (CLKMSVC10_38F51D56) -- c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe (CyberLink) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) SRV - (DATEV Update-Service) -- J:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe (DATEV eG) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (DymoPnpService) -- C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe (Sanford, L.P.) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) SRV - (AAV UpdateService) -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (cmntnet) -- C:\Windows\SysNative\drivers\cmntnet.sys (Wireless Data Device) DRV:64bit: - (cmnuusbser) -- C:\Windows\SysNative\drivers\cmnuusbser.sys (Wireless Device) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (pmxdrv) -- C:\Windows\SysNative\drivers\pmxdrv.sys () DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (tixhci) -- C:\Windows\SysNative\drivers\tixhci.sys (Texas Instruments Incorporated) DRV:64bit: - (tihub3) -- C:\Windows\SysNative\drivers\tihub3.sys (Texas Instruments Incorporated) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.) DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{136E043D-39D8-4884-88F7-B47A3B070908}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKLM\..\SearchScopes\{136E043D-39D8-4884-88F7-B47A3B070908}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.chatzum.com/?orig=DS&affid=62&cztbid=394286201&q={searchTerms} IE - HKCU\..\SearchScopes\{1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\..\SearchScopes\{136E043D-39D8-4884-88F7-B47A3B070908}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: "false" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@dymo.com/DymoLabelFramework: C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/19 16:33:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/19 16:33:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/12 17:53:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/12 17:53:33 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/29 19:04:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******* Neuer *******\AppData\Roaming\mozilla\Extensions [2013/04/29 17:28:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******* Neuer *******\AppData\Roaming\mozilla\Firefox\Profiles\qxs2ikp0.default\extensions [2013/03/09 15:10:47 | 000,001,609 | ---- | M] () -- C:\Users\******* Neuer *******\AppData\Roaming\mozilla\firefox\profiles\qxs2ikp0.default\searchplugins\ChatZumSearch.xml [2013/04/29 11:39:58 | 000,001,058 | ---- | M] () -- C:\Users\******* Neuer *******\AppData\Roaming\mozilla\firefox\profiles\qxs2ikp0.default\searchplugins\utorrentbarde-customized-web-search.xml [2013/04/30 12:10:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/11/05 12:31:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013/04/30 12:10:52 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\mozilla firefox\extensions\websitelogon@truesuite.com [2012/12/03 12:01:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\updated\extensions [2012/12/03 12:01:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012/12/03 12:01:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\updated\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012/12/03 12:01:09 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\mozilla firefox\updated\extensions\websitelogon@truesuite.com [2012/11/05 12:31:52 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/04/21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/09/12 16:59:18 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/04/21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/04/21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/04/21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/04/21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013/04/29 18:16:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) O2 - BHO: (IEHlprObj Class) - {DA5A2A9E-DF07-4a8e-B423-BC5CD4D1880C} - C:\Program Files\WebBoomerang\IEHelper.dll () O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard ) O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [PrintDisp] C:\Windows\SysNative\PrintDisp.exe (ActMask Co.,Ltd - hxxp://www.all2pdf.com) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [PE2CKFNT SE] C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe () O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare) O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHQE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus Photo PX730" File not found O4 - HKCU..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehavior******* = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~2\VideoGet\VideoGet\Plugins\VIDEOG~2.DLL () O9:64bit: - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~2\VideoGet\VideoGet\Plugins\VIDEOG~2.DLL () O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~2\VideoGet\VideoGet\Plugins\VIDEOG~1.DLL () O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~2\VideoGet\VideoGet\Plugins\VIDEOG~1.DLL () O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DC02DD9-EAAF-4808-9CC8-A515805F5335}: DhcpNameServer = 212.23.115.132 212.23.115.148 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D955C847-13C9-4AE2-A9D9-B6218CB8759A}: DhcpNameServer = 10.74.210.210 10.74.210.211 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F40FCA03-8D20-441F-BCF5-08EF17DC8385}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/04/30 01:40:05 | 000,000,000 | ---D | C] -- C:\FRST [2013/04/29 18:40:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/04/29 18:30:25 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/04/29 18:03:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/04/29 18:03:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/04/29 18:03:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/04/29 17:53:21 | 000,000,000 | ---D | C] -- C:\Users\******* Neuer *******\AppData\Local\CrashDumps [2013/04/29 17:51:56 | 000,000,000 | ---D | C] -- C:\Users\******* Neuer *******\AppData\Local\Diagnostics [2013/04/29 17:43:39 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/04/29 17:43:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/04/29 12:26:53 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013/04/29 12:21:13 | 000,000,000 | ---D | C] -- C:\Users\******* Neuer *******\AppData\Local\AuthenTec [2013/04/29 12:20:36 | 000,000,000 | ---D | C] -- C:\Users\******* Neuer *******\AppData\Roaming\Symantec [2013/04/29 11:53:01 | 000,000,000 | ---D | C] -- C:\Users\******* Neuer *******\AppData\Roaming\vlc [2013/04/29 11:31:56 | 000,000,000 | ---D | C] -- C:\Users\******* Neuer *******\AppData\Local\Scansoft [2013/04/29 10:07:33 | 000,000,000 | R--D | C] -- C:\Users\******* Neuer *******\AppData\Roaming\Brother [2013/04/21 15:17:09 | 000,000,000 | R--D | C] -- C:\*******s iPod [2013/04/12 23:20:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother [2013/04/12 23:19:22 | 000,073,728 | ---- | C] (Brother Industories Ltd. P&S Company) -- C:\Windows\SysWow64\BRCrypt.dll [2013/04/12 23:19:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BrFaxRx [2013/04/12 23:19:21 | 000,255,488 | ---- | C] (brother) -- C:\Windows\SysNative\NSSRH64.dll [2013/04/12 23:19:21 | 000,179,712 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrfxDA5b.dll [2013/04/12 23:19:21 | 000,167,936 | ---- | C] (brother) -- C:\Windows\SysWow64\NSSearch.dll [2013/04/12 23:19:21 | 000,118,784 | ---- | C] (Brother Industries,LTD.) -- C:\Windows\SysWow64\BrMfNt.dll [2013/04/12 23:19:21 | 000,083,968 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrNetSti.dll [2013/04/12 23:19:21 | 000,059,392 | ---- | C] (Brother Industries,Ltd.) -- C:\Windows\SysNative\BrWiaNCp.dll [2013/04/12 23:19:21 | 000,048,640 | ---- | C] (Brother Industries,Ltd) -- C:\Windows\SysNative\Brnsplg.dll [2013/04/12 23:19:12 | 000,005,632 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2L.dll [2013/04/12 23:16:23 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2.dll [2013/04/12 23:16:23 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2S.dll [2013/04/12 23:16:21 | 001,560,576 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrWi209c.dll [2013/04/12 23:16:20 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BROSNMP.DLL [2013/04/12 23:16:20 | 000,103,736 | ---- | C] (Brother Industries Ltd) -- C:\Windows\SysWow64\BRRBTOOL.EXE [2013/04/12 23:16:20 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BRLMW03A.DLL [2013/04/12 23:16:20 | 000,025,299 | ---- | C] (Brother Industries, Ltd) -- C:\Windows\SysWow64\BRLM03A.DLL [2013/04/12 23:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance [2013/04/12 23:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield [2013/04/12 23:13:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSoft PaperPort 11 [2013/04/12 23:12:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ScanSoft Shared [2013/04/12 23:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft [2013/04/12 23:12:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScanSoft [2013/04/12 23:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother [2013/04/10 19:00:48 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/04/10 19:00:48 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/04/10 19:00:47 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/04/10 19:00:47 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013/04/10 19:00:47 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013/04/10 19:00:47 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013/04/10 19:00:47 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013/04/10 19:00:47 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013/04/10 19:00:47 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013/04/10 19:00:47 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013/04/10 19:00:47 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013/04/10 19:00:47 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013/04/10 19:00:45 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/04/10 19:00:45 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/04/10 19:00:45 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/04/10 14:42:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun [2013/04/10 11:21:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.0 [2013/04/10 11:20:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibreOffice 4.0 [2013/04/10 10:59:48 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013/04/10 10:59:47 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013/04/10 10:59:47 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013/04/10 10:59:47 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013/04/10 10:59:47 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013/04/10 10:59:47 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013/04/10 10:59:37 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/04/10 10:59:37 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/04/10 10:59:37 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/04/10 10:59:37 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013/04/10 10:59:37 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013/04/10 10:59:37 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013/04/08 11:44:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013/04/04 10:41:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Garmin [2013/04/04 10:41:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache ========== Files - Modified Within 30 Days ========== [2013/04/30 12:18:05 | 000,030,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/04/30 12:18:05 | 000,030,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/04/30 12:10:53 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/04/30 12:10:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/04/30 12:10:29 | 1058,267,134 | -HS- | M] () -- C:\hiberfil.sys [2013/04/29 21:04:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/04/29 20:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/04/29 18:16:18 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/04/29 17:30:30 | 000,002,632 | ---- | M] () -- C:\ProgramData\z6dzb8.js [2013/04/29 17:28:11 | 000,000,159 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013/04/29 14:19:12 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml [2013/04/29 14:19:12 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml [2013/04/29 14:03:08 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/04/29 14:03:08 | 000,698,514 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/04/29 14:03:08 | 000,652,496 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/04/29 14:03:08 | 000,148,570 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/04/29 14:03:08 | 000,121,428 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/04/29 11:27:51 | 000,000,152 | ---- | M] () -- C:\ProgramData\z6dzb8.reg [2013/04/21 14:43:39 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI [2013/04/15 12:21:49 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/04/15 12:21:49 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/04/12 23:24:01 | 005,060,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/04/12 23:20:27 | 000,000,256 | ---- | M] () -- C:\Windows\Brpfx04a.ini [2013/04/12 23:20:27 | 000,000,093 | ---- | M] () -- C:\Windows\brpcfx.ini [2013/04/12 23:19:22 | 000,000,066 | ---- | M] () -- C:\Windows\Brfaxrx.ini [2013/04/12 23:19:22 | 000,000,050 | ---- | M] () -- C:\Windows\SysNative\BD9320CW.DAT [2013/04/12 21:07:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf [2013/04/12 12:47:55 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/04/10 11:21:06 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 4.0.lnk [2013/04/08 11:44:53 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2013/04/04 16:55:02 | 000,002,301 | ---- | M] () -- C:\Users\Public\Desktop\Steuer-Spar- Erklärung Selbstständige 2013.lnk [2013/04/04 10:41:25 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Garmin Express.lnk ========== Files Created - No Company Name ========== [2013/04/29 18:03:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/04/29 18:03:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/04/29 18:03:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/04/29 18:03:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/04/29 18:03:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/04/29 17:30:30 | 000,002,632 | ---- | C] () -- C:\ProgramData\z6dzb8.js [2013/04/29 17:28:00 | 000,000,159 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013/04/29 11:27:51 | 000,000,152 | ---- | C] () -- C:\ProgramData\z6dzb8.reg [2013/04/12 23:20:27 | 000,000,256 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2013/04/12 23:20:27 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2013/04/12 23:20:00 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2013/04/12 23:19:22 | 000,000,050 | ---- | C] () -- C:\Windows\SysNative\BD9320CW.DAT [2013/04/12 23:19:21 | 000,143,360 | ---- | C] () -- C:\Windows\SysNative\BrSNMP64.dll [2013/04/12 23:19:21 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll [2013/04/12 23:19:21 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2013/04/12 23:19:21 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2013/04/12 23:16:20 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2013/04/12 23:16:19 | 000,000,050 | ---- | C] () -- C:\Windows\SysNative\BRADC08A.DAT [2013/04/12 23:16:16 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2013/04/12 23:13:15 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini [2013/04/12 21:07:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf [2013/04/10 11:21:06 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 4.0.lnk [2013/04/04 10:41:25 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Garmin Express.lnk [2013/03/20 23:35:45 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ZLIB.DLL [2013/02/14 17:50:08 | 000,003,822 | ---- | C] () -- C:\Users\******* Neuer *******\AppData\Local\recently-used.xbel [2012/10/30 18:20:06 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012/10/29 18:32:59 | 000,000,680 | RHS- | C] () -- C:\Users\******* Neuer *******\ntuser.pol [2012/09/05 11:09:40 | 001,391,616 | ---- | C] () -- C:\Windows\SysWow64\ActPDF.dll [2012/08/20 22:46:42 | 000,000,434 | ---- | C] () -- C:\Windows\ULEAD32.INI [2012/05/30 18:03:20 | 000,397,312 | ---- | C] () -- C:\Windows\iwexec.exe [2012/05/30 18:03:14 | 000,088,576 | ---- | C] () -- C:\Windows\SysWow64\Lffpx90n.dll [2012/04/27 10:21:52 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe [2012/04/25 10:01:19 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2012/04/25 07:45:37 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI [2012/04/25 07:45:13 | 000,000,108 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI [2012/04/25 07:42:33 | 000,000,109 | ---- | C] () -- C:\Windows\Startup.INI [2012/04/25 07:32:48 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011/11/24 05:16:18 | 000,002,792 | ---- | C] () -- C:\Program Files\HP SimplePass 2011 [2011/11/24 05:08:24 | 000,000,196 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2011/06/21 10:07:00 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL [2011/05/13 10:04:16 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll [2011/05/13 10:03:16 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll [2011/05/13 10:01:22 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll [2011/05/13 10:01:00 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll ========== ZeroAccess Check ========== [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Geändert von hardyxy9 (30.04.2013 um 11:36 Uhr) |
|
30.04.2013, 11:31
| #18 |
| | WIN7 eingeschränktes Konto nicht nutzbar / soll 100€ zahlen ?Code:
ATTFilter OTL Extras logfile created on: 4/30/2013 12:17:03 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\******* Surf\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
11.98 Gb Total Physical Memory | 9.10 Gb Available Physical Memory | 75.93% Memory free
23.96 Gb Paging File | 20.88 Gb Available in Paging File | 87.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 926.94 Gb Total Space | 789.29 Gb Free Space | 85.15% Space Free | Partition Type: NTFS
Drive D: | 13.13 Gb Total Space | 1.62 Gb Free Space | 12.31% Space Free | Partition Type: NTFS
Drive J: | 922.84 Gb Total Space | 807.86 Gb Free Space | 87.54% Space Free | Partition Type: NTFS
Computer Name: *******-HP | User Name: ******* Neuer ******* | Logged in as *******istrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe CS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe CS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B8509CC-37F7-46CE-99F3-00CE22CCBDD6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0F0A6D58-9D04-4D69-9AB0-DB0A7D63AC0D}" = rport=445 | protocol=6 | dir=out | app=system |
"{117B1C2E-90E2-4D5D-92F5-75412DDF6786}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{16D7A1EE-07BF-486D-914A-AB99734C68A7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1C371BC2-4EE7-4068-8887-F9128D9BD866}" = lport=445 | protocol=6 | dir=in | app=system |
"{20EC722F-B7B1-4E3C-8B0F-0FACCFAD2BB8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2E7A4B1B-EB8F-42F6-8937-071D4BED4572}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{35FC5BF6-3F2C-4969-8090-BD270F29455E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3B287044-C682-4621-A0D9-061FA227F634}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4463D467-511B-43D0-B0B2-6422210ADF3B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5B82E96C-2BA0-4D07-9F2F-9A72BDF63FFA}" = rport=137 | protocol=17 | dir=out | app=system |
"{609F0025-4603-4C5E-BC3C-76E299FE845E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{65B8B436-ACC7-467E-B44B-EA9D65DAE13C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{72257A86-B1B6-4E7D-AA88-69C028216C1E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{72328FD2-FE86-47A8-A4A1-E96CA677FC09}" = lport=138 | protocol=17 | dir=in | app=system |
"{75569B86-9E02-4128-BD47-22A22DC1F5BE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7B2DD580-1EDC-45D5-885E-CFB38CFFAEF3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7B78891F-013C-4DBE-8187-DE05D59EF60C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8B3215BA-1421-4155-ABD1-178007F5F538}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8EF23A43-620E-4E42-99D7-C0CF2ACB6B5C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{91CAC85B-271C-47C7-B4AD-F718BBCCDFF3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{978405B5-9227-4D21-88F1-C5AA743152DE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{982DD31A-1EBC-4A8A-A568-2749EA0319AA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A006B7C8-790C-4EF8-A72C-BDD5BFBD8B96}" = lport=139 | protocol=6 | dir=in | app=system |
"{A46AE90C-0C80-46AF-BDC9-7E8EA1612B25}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A9978CD6-1788-4D96-B013-FE0CEC32656E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{AA066438-AD75-4D5A-B264-AD391EEE6F4A}" = rport=139 | protocol=6 | dir=out | app=system |
"{B877C8E9-48FA-47D6-A10D-457A1CE416D6}" = rport=138 | protocol=17 | dir=out | app=system |
"{CA75F088-0937-48D5-B077-691104C5864A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D4D97E95-BA51-4063-97D0-BA224E03ADCE}" = lport=137 | protocol=17 | dir=in | app=system |
"{D5F78378-563B-4CD1-A6F1-178A134F1AE4}" = lport=58432 | protocol=6 | dir=in | app=j:\datev\programm\sws\limaservice.exe |
"{D8AF3C27-9DD2-434E-95AA-B9076E3A00B5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DA7128E2-0422-4E52-BBFD-1CF9912FEF01}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DB3515F8-40AE-41C3-AB7D-B73C325B5482}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F7C4B358-75D6-4184-9A87-88A87CD7DAB5}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A91278B-0D81-44DA-BA6C-4B6717B64CF0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0FC6C419-276A-45DF-8ADA-639ACDF52D4C}" = protocol=17 | dir=in | app=c:\program files (x86)\expressdownloader\expressdownloader.exe |
"{11C07882-8D19-4774-B0F1-61A2183A2BF2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{1AFBA0E4-9A51-4651-ADD3-4185E7EF6211}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1E4E70AC-66C5-4CB8-B305-2BB9D8421D44}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{22580837-401A-409D-8337-2091595F0D2B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{289540C5-635D-426A-93C1-237233AE0416}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{2BD6B288-0CD5-4EBD-9680-5F30FDA3765A}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\auditorserver.exe |
"{2BE0329F-91E3-4854-81C3-6C33BF042298}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2E3A176E-D033-493B-8AE8-9B6942479791}" = protocol=6 | dir=in | app=c:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe |
"{2E9DD156-4181-4F7F-91DD-3A0174630821}" = protocol=6 | dir=in | app=c:\program files (x86)\expressdownloader\expressdl.exe |
"{32407DCE-478F-431A-99E8-9F4C9248FF8B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{36E6D74B-7376-42C4-AF71-99EA6F0B0982}" = protocol=6 | dir=in | app=c:\users\******* surf\appdata\roaming\dropbox\bin\dropbox.exe |
"{37369233-611D-4B4F-B927-43FB793CAFAC}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{39CEB60E-73A5-479D-97C0-971E47D6F3A5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3A155A3A-06B7-4AA2-AB41-D96B60122C9B}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl08j\faxrx.exe |
"{3B55F349-9B90-496A-AF5A-3EC6941CF347}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{3FD8FEC9-6BE4-40EC-950D-F72C34AF6D5E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{421B0D4D-0209-48B5-8158-1DC184922F4E}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{4349F59A-3480-4B2A-83B5-A7A8F6195814}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{45C15BEF-5F85-40C9-BF00-35C7362FAC8C}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\discover.exe |
"{45DCEAB4-B93B-4C58-B530-CB14F45F2B82}" = protocol=6 | dir=in | app=c:\program files (x86)\expressdownloader\expressdownloader.exe |
"{4692BB66-283E-471D-9ABF-C723D51118BB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{480A7F3D-0768-4645-8B89-46224C080785}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe |
"{481C5440-0F25-4EBB-B331-B1952759AD79}" = protocol=6 | dir=out | app=system |
"{48798660-A2BD-4953-A2C5-B5F6CCED504E}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl08j\faxrx.exe |
"{504F9F63-8E3A-4A9B-B95A-B94F854B93AD}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{5AA17E94-4CF3-41CC-90FC-24FD734E2F90}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5C98B513-C8E6-4A5C-A050-97292FFFD404}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
"{5CFAB63B-77A6-43FD-AAE2-CEC08A92E0A3}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{5D3924E9-F457-4DBE-B63A-81B2E88E5D1D}" = protocol=17 | dir=in | app=c:\program files (x86)\expressdownloader\expressdl.exe |
"{5EAF8DF2-3322-4C09-B8CE-8A1265244B7F}" = protocol=17 | dir=in | app=c:\users\*******\appdata\roaming\dropbox\bin\dropbox.exe |
"{619CE385-3478-4BCD-98D8-C4ABE8A509DB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{655A91B7-3A3E-4AA2-A004-936A90DC92BD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{683F3B46-30D2-4F6F-99C0-87CA017D6452}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{6A2CC0F6-CBDE-40CB-B7AF-6C1F36C718C6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{6A35EBD1-04AB-48A0-8742-AF4BA9D007DD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6BBC6A2A-E907-4FB6-8145-C6FCECC1C92F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6C2C26FB-7C41-4549-941E-28255564FBFA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{70FE9265-FEC5-4E27-BB87-47874E9BE547}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{73F257DE-92B3-4936-B905-624488A6531F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{785B1033-82C9-4550-BDED-5CCD98BCCAFF}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{79B09C43-3FDF-4E1C-817B-2B1162D3FB7E}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\br*******v3.exe |
"{79FBD4DE-9A2F-4888-99FC-9F27763BDE51}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{841E6940-5771-4802-8E01-7D28D979D727}" = protocol=17 | dir=out | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"{8603C3F9-DDBE-45F4-A937-11995E17A343}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{87F5BA3D-B62D-4B65-AB6C-F274831ED282}" = protocol=6 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe |
"{89E1A2D3-CE96-406D-946D-310592523755}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
"{8A1802E4-A34D-46C3-BB36-8454048E449F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{8E06D89B-4BC2-4C99-AF6B-6E14D0A8E448}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8FA5EB97-D739-4047-8763-A6971DFAF594}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{93A66CDB-BAF5-4E28-9F6E-6D508E668CD3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{94C2D0D8-9549-4567-9C7F-F274600E33AA}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{99C02660-B41A-4B7B-9428-F931AE336D0C}" = protocol=17 | dir=in | app=c:\users\******* surf\appdata\roaming\dropbox\bin\dropbox.exe |
"{9D1683DD-2380-4715-8BE6-12E4E4350383}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
"{A3D247C0-832D-4F22-B3A1-3ED680EA3E9A}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe |
"{AA339657-6618-468D-B1C8-A72B730E875C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{ACAA6ED7-BDBF-4897-975C-1FFE6EC2E8DE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B0D18616-0620-419F-A92D-6E90C65911F9}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\auditorserver.exe |
"{B3817A9C-4FD0-423F-BAB9-C74D574DA2FF}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{B3EDE312-82C2-4C93-9AB0-A8F634B29C42}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{BB0DFBDB-D88C-472C-8C76-300E0458DEBD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BCFEBE79-EF42-41C7-9878-A8C71933EDFB}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"{BDBF56E7-90E0-4798-B0A3-C1D1E48E8DB2}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\br*******v3.exe |
"{BF240AD5-9BC7-4D8D-8868-4F291C62C3F6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{BF7F13D3-0330-4383-86C2-5F6045AA5AE7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C2D58F4D-43EE-4AC0-A520-DB1FB9C475CB}" = protocol=17 | dir=in | app=c:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe |
"{C5AAEC65-19F4-4694-8025-E7C90ABA4A61}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CF8DE5FD-A7E2-4180-A337-6935F50A7122}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D3050424-332A-4503-830B-D6DD3AB8408B}" = protocol=6 | dir=out | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
"{D6F205DB-1175-4E5A-8513-D4840F6FCB0F}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"{DC117A26-B81D-464A-970B-0B9B0B258CDB}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"{DD121E53-B435-489E-A6A4-47886BB40C5F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DFDC31A1-EB10-4F43-A0AF-5A36BE4361DB}" = protocol=6 | dir=in | app=c:\users\*******\appdata\roaming\dropbox\bin\dropbox.exe |
"{E2D06C98-53EC-483B-B07D-515A730E2FD0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{E7841BC7-4320-4717-BC30-E8DBC72DFE10}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E7D9E46B-46F9-4299-A013-072598001DBB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{E8B80477-5BF5-4900-8256-ABD11EE96FA0}" = protocol=17 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe |
"{F1A064A1-217F-4981-BC08-7AA7318590D4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F328C25E-5B6A-46D1-956C-97D3B43188F4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{F58DAA6F-5057-46DA-934E-19A9BA9F4837}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{F992315F-3826-42B4-883C-42F743FC4AC8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FB835BEE-CCD6-4D33-A415-D3F59A47CD63}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FB90A9FC-0538-49C1-B0CE-8444EC9D6EC8}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{FBDCAABB-1119-4A0B-BE5C-E879CDE65CD1}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\discover.exe |
"{FCE50A0A-820A-4C56-BEEB-16EBAFCDB17D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{072E630F-CC08-472A-99FC-C2240EACE6DB}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{3558707B-C647-4A97-A69B-36D5093F6520}C:\users\*******\appdata\roaming\icq\application\icq7m\icq.exe" = protocol=6 | dir=in | app=c:\users\*******\appdata\roaming\icq\application\icq7m\icq.exe |
"TCP Query User{45A39CF0-FF63-4EF0-A67D-73C8CCEDAFC7}C:\users\******* surf\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\******* surf\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{46B383E5-6292-456B-8DFF-3534E2A516D5}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{533A37B6-CEBA-4B10-A3C6-D7A06220313F}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{7A290094-2ACE-494A-B926-FC765AD38A5C}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |
"TCP Query User{83DAD32A-66FF-4D6D-9F9E-C7CB179DA55F}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe |
"TCP Query User{B07358DB-BE45-4BAB-94A3-9A220C7BA28B}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{BC044F70-CC40-4ACD-84A8-9C1CAFA17D73}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{C0AC2A38-0FF8-445A-8613-7266913C3301}C:\users\******* surf\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\******* surf\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{CCD3AADA-CB78-4243-80A4-46F46D76C80C}C:\users\******* surf\appdata\roaming\ifiqg\qyut.exe" = protocol=6 | dir=in | app=c:\users\******* surf\appdata\roaming\ifiqg\qyut.exe |
"TCP Query User{E48BAAFD-7234-402C-9B83-85C796935899}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{ECAF0A28-F2AC-48BF-98D8-83E0551332C4}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |
"TCP Query User{FF3DC86B-A4A9-44C4-9416-0EE7977DCAB9}C:\users\*******\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\*******\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{3D662827-3EB8-4E98-9456-1A1F77626E98}C:\users\******* surf\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\******* surf\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{3E3DE64F-7561-4039-961E-2BA7FF638C1A}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |
"UDP Query User{43BCA85F-6B93-44E2-9F95-AF2336FBBBA0}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{4D4B8652-97B9-42FD-81AC-D19A2A10A713}C:\users\*******\appdata\roaming\icq\application\icq7m\icq.exe" = protocol=17 | dir=in | app=c:\users\*******\appdata\roaming\icq\application\icq7m\icq.exe |
"UDP Query User{58DD2C0E-DD88-426C-A292-97D5D9190C04}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe |
"UDP Query User{770F6E20-97EF-42B3-94BA-2AEB5A1B57D2}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{7D1791C4-20C4-4077-8A9F-5094E43C8354}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{7F837ED5-3106-46D6-BE9A-9ECCD893417E}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{AFCD705A-18B9-40F4-A58B-A0451AE2054E}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{B160DC47-D4F9-4A2E-AE17-6F1366B336C4}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{C9006E0A-A2AE-4569-A9B3-54A7A1A0DF0C}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |
"UDP Query User{CC3C6E82-6893-48A2-B627-F87A540D3F96}C:\users\******* surf\appdata\roaming\ifiqg\qyut.exe" = protocol=17 | dir=in | app=c:\users\******* surf\appdata\roaming\ifiqg\qyut.exe |
"UDP Query User{D2D88B72-3963-4EDE-9799-F3D09786B30B}C:\users\*******\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\*******\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{EFFE1277-B954-413F-9BE9-FFD5637620B1}C:\users\******* surf\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\******* surf\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E3CA1C4-1E90-401B-8CC0-911DF018D8D8}" = AllWebMenus PRO 5.3.908
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FD80311-508F-42C3-A004-4CC8D08231F5}" = AVG 2013
"{550331CC-C34B-494F-BCDA-37CE4EF6E924}" = Garmin Communicator Plugin x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
"{AD27BE4B-A261-4F0A-AB5A-476C83EDAED2}" = AVG 2013
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B26449A6-6007-4460-B4FE-C4776115BCEA}" = Epson Customer Research Participation
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 267.95
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 267.95
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.95
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{C91B24F6-1629-11E2-B696-21676188709B}" = PDF Split And Merge Basic
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Artensoft Photo Collage Maker_is1" = Artensoft Photo Collage Maker
"AVG" = AVG 2013
"EPSON PX730 Series" = Druckerdeinstallation für EPSON PX730 Series
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Retouch Pilot Free_is1" = Retouch Pilot Free 3.5.3
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00FF4EB6-6AAC-4E9D-A60A-8F388691BB27}" = HP SimplePass PE 2011
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09764316-ABC4-4469-AD5B-D3EACE45EE3D}" = Drivers For Free
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1062AD6C-80F4-4BC6-AB7C-A28892B497B8}" = LibreOffice 4.0.2.2
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1C41FC6B-00C9-11D4-8EB7-00500462F5BA}" = Reality Fusion VBall
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{229A9797-2EE6-4B96-9CEC-3E4710F611E0}" = Lexware Abschreibungsrechner
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30AB2FCD-FBF2-4bed-4444-13E6A1468621}_is1" = Ann Video Converter 4.5.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34681D92-5958-406A-A654-1B57E7A7B3DC}" = HP Support Assistant
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{41102DB9-776E-40FA-9085-4554C93A3719}" = Lexware Elster
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4451CEE8-8904-44B4-BADD-90878F269063}" = Lexware büro easy 2011
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C5D19EF-994D-8913-F5E0-C798380792AE}" = Market Samurai
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{515B238D-5EDC-4D9F-BA3E-66470D6FDDF7}" = PowerArchiver 2012
"{524CA1A3-FA5E-11D3-8EB7-00500462F5BA}" = Reality Fusion GameCam SE
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65135558-F1AE-4B9B-8C0B-180730ACA261}" = Garmin Express
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6BC4DC1E-3798-4CF4-9088-A6864DFAE1B2}" = Lexware online banking
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser
"{75C885D4-C758-4896-A3B4-90DA34B44C31}" = BR******* Professional 3
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C0CB7FD-BC33-4979-9B18-8089831C2513}" = EverDesk Google Edition
"{7DA64485-2CEE-4F7B-84AB-B287236703B6}" = HERMA Label Designer plus 1.1
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{876AB032-B2A4-41FF-AF87-DBC78454C1B0}" = Garmin Update Service
"{8A0947D0-A565-4694-85FB-F47049D8CD66}_is1" = Aiseesoft iTunes Backup Genius 2.1.2
"{8A158B7D-A6E3-49B6-8702-A6A10CCC6323}" = Garmin POI Loader
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EBB8452-274B-465D-8324-00B0832FBB02}" = SoftMaker Office Professional 2012
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91F8441B-E7A7-4513-9D7C-080B643D2FD6}_is1" = PresentationTube Recorder 1.0
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93337CC5-9BC4-4FB0-B82E-38EC63E149F3}_is1" = Leawo iTransfer version 1.4.0.1106
"{93765DFA-8A67-41FB-9FC0-B12341CA65F3}" = Elevated Installer
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1BBEE16-49B1-42F2-95B8-54C8C6A1C0C3}" = Brother MFL-Pro Suite MFC-9320CW
"{A4D00E12-F45D-4D43-8B10-0DDD83E8224D}" = Steuer-Spar-Erklärung Selbstständige 2013
"{A6DB62F9-ECEE-4716-B56B-D18673113AF6}" = Adobe CreatePDF Desktop Printer
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{C233BCC3-29C4-49C0-B955-0A94509FC4FC}" = Garmin Express Tray
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0194539-8118-4FD7-8ABA-912B2D479B48}" = Ulead Photo Explorer 6.0
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D35B72B6-F0E4-462B-BDEB-E08032B3B681}" = HP Setup
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}" = Garmin POI Loader
"{DB3147AB-4024-4773-8EC0-A1FE5B44933D}" = HP LinkUp
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E443A61D-26C7-43AA-A2C1-36CAE266B883}" = eM Client
"{e47a5c85-88a2-47d2-b380-fc2e763c2e6d}" = Garmin Express
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD071DBA-2994-4350-93BB-EC245D0D3C74}_is1" = iResizer 2.1
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FFF841F3-9A15-4F61-BD16-C19F132E5A27}" = Epson Easy Photo Print 2
"7-Zip" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Around the World in 80 Days_is1" = Around the World in 80 Days
"Audacity_is1" = Audacity 2.0.2
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"Camfrog 6.3" = Camfrog Video Chat 6.3
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CleverPrint_is1" = CleverPrint
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DATEVB00000482.0" = DATEV Installation V.2.8
"Digimarc MediaBridge Reader" = Digimarc MediaBridge Reader
"DYMO Label v.8" = DYMO Label v.8
"EasyBits Magic Desktop" = Magic Desktop
"EPSON PX730 Series Netg" = Netzwerkhandbuch EPSON PX730 Series
"EPSON PX730 Series Useg" = Benutzerhandbuch EPSON PX730 Series
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"EverDesk Google Edition" = EverDesk Google Edition
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"FileStream Web Boomerang" = FileStream Web Boomerang
"FlipBook Maker_is1" = FlipBook Maker 3.6.3
"Flow Architect Studio 3D" = Pixelplan - Flow Architect Studio 3D
"Free Video Converter_is1" = Free Video Converter V 3.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"Google Chrome" = Google Chrome
"GPL Ghostscript 9.05" = GPL Ghostscript
"HaaliMkx" = Haali Media Splitter
"Inkscape" = Inkscape 0.48.4
"InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"IrfanView" = IrfanView (remove only)
"Light Developer_is1" = Light Developer v7.1, build 12452
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PageCam3UnInstall" = PageCam 3.1
"PatchBeam" = PatchBeam
"PDF Blender" = PDF Blender
"PhotoMagic_is1" = PhotoMagic 1.0.0.0
"PhotoScape" = PhotoScape
"Pixelplan O4C Viewer Web" = Pixelplan - Pixelplan O4C Viewer Web
"PowerArchiver 2012 13.01.04" = PowerArchiver 2012
"RealPlayer 16.0" = RealPlayer
"Traffic Travis 4.1 Setup Wizard_is1" = Traffic Travis 4.1.0
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"Ulead Photo Express 2.0 SE" = Ulead Photo Express 2.0 SE
"uTorrent" = µTorrent
"VideoGet_is1" = Nuclear Coffee - VideoGet
"VideoLink Mail" = VideoLink Mail
"VIP Access SDK" = VIP Access SDK (1.0.1.4)
"VLC media player" = VLC media player 2.0.1
"Webocton - Scriptly_is1" = Webocton - Scriptly 0.8.95.6
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"Wondershare DVD Creator_is1" = Wondershare DVD Creator(Build 2.6.5)
"WPClipper_is1" = wpclipper-9.0
"WTA-0c4da2a4-127e-4981-8792-6f0336cc0265" = Virtual Villagers - The Secret City
"WTA-13275dd6-2efd-4948-b91b-4d5a3b3baf82" = Vacation Quest - The Hawaiian Islands
"WTA-142c8a84-58f6-48b7-96be-8da00c7ff024" = Jewel Quest Solitaire
"WTA-1daa3e6a-499f-4e4b-b94a-8aa3ba13dba8" = Plants vs. Zombies - Game of the Year
"WTA-235577f2-d693-4acc-88ba-2d6a18ddd604" = Farm Frenzy
"WTA-302b780a-01ae-400a-ad48-905811d34e7b" = Slingo Deluxe
"WTA-43ebcc01-799e-4741-af77-aed5dac5187c" = Chuzzle Deluxe
"WTA-4fe1ba36-6ba0-4275-9f24-6d7e63256943" = Penguins!
"WTA-52431ca9-7dba-41a0-866b-11d571c8ff5f" = Cake Mania
"WTA-57b36382-4aac-4aac-8a21-b6232e02c186" = Namco All-Stars: PAC-MAN
"WTA-597c9fff-5014-4758-9055-7a0bb5c0b19a" = FATE
"WTA-6852dfd1-6493-4a40-8351-88b02ec8fa4f" = Jewel Quest: The Sleepless Star - Collector's Edition
"WTA-863e423d-2ac9-46c4-a14f-ab9629ea5e69" = Mah Jong Medley
"WTA-921809fe-ce1a-408d-9f4e-86094fb0bc49" = Bounce Symphony
"WTA-92eb1cd5-48a2-44bb-b801-c700542979f1" = Bejeweled 3
"WTA-aea39541-275c-462a-ab88-d266bda3bb9a" = Blasterball 3
"WTA-b068a0cf-5e2d-4afa-893a-7ec15e846550" = Agatha Christie - Peril at End House
"WTA-b367d5b1-f99e-428c-a071-14cedc3d6587" = Polar Bowler
"WTA-c28db2a8-8ed0-4bbd-884c-c64674a16096" = Cradle of Rome 2
"WTA-cbab492f-9a2f-490b-a83b-2f89683459b5" = Mystery of Mortlake Mansion
"WTA-cbfd3959-4865-430b-81df-82e99b88fdc3" = Zuma Deluxe
"WTA-d5456a57-e623-49af-8dab-59f5a847d775" = Governor of Poker 2 Premium Edition
"WTA-f4f3aa1c-17de-48f9-b3ec-bfaa12a08314" = Chronicles of Albian
"XSManager" = XSManager
"ZinioReader4" = Zinio Reader 4
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 3/25/2013 10:09:18 AM | Computer Name = *******-HP | Source = MsiInstaller | ID = 11730
Description =
Error - 3/25/2013 1:13:48 PM | Computer Name = *******-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bratimer.exe, Version: 0.0.0.0, Zeitstempel:
0x50c6862f Name des fehlerhaften Moduls: bratimer.exe, Version: 0.0.0.0, Zeitstempel:
0x50c6862f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002624 ID des fehlerhaften Prozesses:
0xf54 Startzeit der fehlerhaften Anwendung: 0x01ce2949cdf06060 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Brother\bratimer.exe Pfad des fehlerhaften Moduls:
C:\Program Files (x86)\Brother\bratimer.exe Berichtskennung: 5b330c2c-956f-11e2-800d-386077677cb6
Error - 3/28/2013 7:43:50 AM | Computer Name = *******-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TrueSuiteService.exe, Version: 5.3.0.194,
Zeitstempel: 0x4df09290 Name des fehlerhaften Moduls: TrueSuiteService.exe, Version:
5.3.0.194, Zeitstempel: 0x4df09290 Ausnahmecode: 0xc0000417 Fehleroffset: 0x0001280a
ID
des fehlerhaften Prozesses: 0x38c Startzeit der fehlerhaften Anwendung: 0x01ce2ba97b13e79d
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Berichtskennung:
c1d0cb4d-979c-11e2-bbb7-386077677cb6
Error - 3/29/2013 8:36:32 AM | Computer Name = *******-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TrueSuiteService.exe, Version: 5.3.0.194,
Zeitstempel: 0x4df09290 Name des fehlerhaften Moduls: TrueSuiteService.exe, Version:
5.3.0.194, Zeitstempel: 0x4df09290 Ausnahmecode: 0xc0000417 Fehleroffset: 0x0001280a
ID
des fehlerhaften Prozesses: 0x304 Startzeit der fehlerhaften Anwendung: 0x01ce2c7a00ba1d47
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Berichtskennung:
48d5c5ff-986d-11e2-bd9a-386077677cb6
Error - 3/29/2013 10:48:31 AM | Computer Name = *******-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\*******
surf\downloads\esetsmartinstaller_enu.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 3/29/2013 2:21:32 PM | Computer Name = *******-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TrueSuiteService.exe, Version: 5.3.0.194,
Zeitstempel: 0x4df09290 Name des fehlerhaften Moduls: TrueSuiteService.exe, Version:
5.3.0.194, Zeitstempel: 0x4df09290 Ausnahmecode: 0xc0000417 Fehleroffset: 0x0001280a
ID
des fehlerhaften Prozesses: 0x3c4 Startzeit der fehlerhaften Anwendung: 0x01ce2caa3320aab3
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Berichtskennung:
7b130146-989d-11e2-b0eb-386077677cb6
Error - 3/31/2013 3:42:11 AM | Computer Name = *******-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TrueSuiteService.exe, Version: 5.3.0.194,
Zeitstempel: 0x4df09290 Name des fehlerhaften Moduls: TrueSuiteService.exe, Version:
5.3.0.194, Zeitstempel: 0x4df09290 Ausnahmecode: 0xc0000417 Fehleroffset: 0x0001280a
ID
des fehlerhaften Prozesses: 0x304 Startzeit der fehlerhaften Anwendung: 0x01ce2de337662d7b
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Berichtskennung:
7ec9ff99-99d6-11e2-8317-386077677cb6
Error - 3/31/2013 5:34:13 AM | Computer Name = *******-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TrueSuiteService.exe, Version: 5.3.0.194,
Zeitstempel: 0x4df09290 Name des fehlerhaften Moduls: TrueSuiteService.exe, Version:
5.3.0.194, Zeitstempel: 0x4df09290 Ausnahmecode: 0xc0000417 Fehleroffset: 0x0001280a
ID
des fehlerhaften Prozesses: 0x304 Startzeit der fehlerhaften Anwendung: 0x01ce2df2d5d9ffe6
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Berichtskennung:
25980201-99e6-11e2-8210-386077677cb6
Error - 3/31/2013 2:08:11 PM | Computer Name = *******-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TrueSuiteService.exe, Version: 5.3.0.194,
Zeitstempel: 0x4df09290 Name des fehlerhaften Moduls: TrueSuiteService.exe, Version:
5.3.0.194, Zeitstempel: 0x4df09290 Ausnahmecode: 0xc0000417 Fehleroffset: 0x0001280a
ID
des fehlerhaften Prozesses: 0x30c Startzeit der fehlerhaften Anwendung: 0x01ce2e3aab73006f
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Berichtskennung:
f2a2262c-9a2d-11e2-af76-386077677cb6
Error - 4/2/2013 7:23:11 AM | Computer Name = *******-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TrueSuiteService.exe, Version: 5.3.0.194,
Zeitstempel: 0x4df09290 Name des fehlerhaften Moduls: TrueSuiteService.exe, Version:
5.3.0.194, Zeitstempel: 0x4df09290 Ausnahmecode: 0xc0000417 Fehleroffset: 0x0001280a
ID
des fehlerhaften Prozesses: 0x308 Startzeit der fehlerhaften Anwendung: 0x01ce2f946991b358
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Berichtskennung:
b34dece0-9b87-11e2-b386-386077677cb6
[ Hewlett-Packard Events ]
Error - 1/31/2013 10:40:04 AM | Computer Name = *******-HP | Source = HPSF.exe | ID = 4000
Description =
[ System Events ]
Error - 4/29/2013 11:30:13 AM | Computer Name = *******-HP | Source = Service Control Manager | ID = 7034
Description = Dienst "TrueSuiteService" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 4/29/2013 11:54:44 AM | Computer Name = *******-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0"
wurde aufgrund folgenden Fehlers nicht gestartet: %%31
Error - 4/29/2013 12:06:43 PM | Computer Name = *******-HP | Source = Service Control Manager | ID = 7034
Description = Dienst "Brother BR*******Pro Scheduler" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 4/29/2013 12:09:20 PM | Computer Name = *******-HP | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 4/29/2013 12:12:21 PM | Computer Name = *******-HP | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 4/29/2013 12:16:26 PM | Computer Name = *******-HP | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 4/29/2013 12:34:01 PM | Computer Name = *******-HP | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 4/29/2013 12:35:33 PM | Computer Name = *******-HP | Source = Service Control Manager | ID = 7034
Description = Dienst "TrueSuiteService" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 4/29/2013 3:05:08 PM | Computer Name = *******-HP | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 4/30/2013 6:11:07 AM | Computer Name = *******-HP | Source = Service Control Manager | ID = 7034
Description = Dienst "TrueSuiteService" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
< End of report >
Danke auf jeden Fall schon für die tolle Hilfe!! Wie heißt der Schädling eigentlich ...? Geändert von hardyxy9 (30.04.2013 um 11:39 Uhr) |
|
30.04.2013, 13:18
| #19 |
| /// TB-Ausbilder | WIN7 eingeschränktes Konto nicht nutzbar / soll 100€ zahlen ? Hallo, noch nicht ganz grünes Licht. Dieses fehlende Modul, das nicht gestartet werden kann, ist noch ein Überrest der Infektion. Das sollten wir auch noch zum Verschwinden bringen. Schritt 1 Fixen mit OTL
Code:
ATTFilter :OTL
[2013/04/29 11:27:51 | 000,000,152 | ---- | C] () -- C:\ProgramData\z6dzb8.reg
[2013/04/29 17:30:30 | 000,002,632 | ---- | C] () -- C:\ProgramData\z6dzb8.js
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.chatzum.com/?orig=DS&affid=62&cztbid=394286201&q={searchTerms}
:commands
[emptytemp]
Schritt 2
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte  SecurityCheck und:
Schritt 5 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
02.05.2013, 12:06
| #20 |
| | WIN7 eingeschränktes Konto nicht nutzbar / soll 100€ zahlen ? Hier nun das erste Log nach dem ersten Fix, es ist jedoch nach dem Hochfahren noch einmal ein Modul vermisst worden, ich hänge den Screenshot hier an, und mache mit Schritt 2 weiter: Code:
ATTFilter All processes killed
========== OTL ==========
C:\ProgramData\z6dzb8.reg moved successfully.
File C:\ProgramData\z6dzb8.js not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57616 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: *****
->Temp folder emptied: 0 bytes
User: ***** ***** ADMIN
->Temp folder emptied: 2124 bytes
->Temporary Internet Files folder emptied: 6162904 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 66767334 bytes
->Flash cache emptied: 1187 bytes
User: ***** Surf
->Temp folder emptied: 709361 bytes
->Temporary Internet Files folder emptied: 63765761 bytes
->Java cache emptied: 63367858 bytes
->FireFox cache emptied: 1129824081 bytes
->Google Chrome cache emptied: 14360826 bytes
->Flash cache emptied: 88634 bytes
User: *****
->Temp folder emptied: 2604 bytes
->Temporary Internet Files folder emptied: 14450317 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 495978619 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 12934 bytes
User: Public
->Temp folder emptied: 0 bytes
User: TEMP
->Temp folder emptied: 0 bytes
User: TEMP.*****-HP
->Temp folder emptied: 0 bytes
User: TEMP.*****-HP.000
->Temp folder emptied: 0 bytes
User: TEMP.*****-HP.001
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8372 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78140 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 334 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1,770.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 05022013_125123
|
|
02.05.2013, 12:52
| #21 |
| /// TB-Ausbilder | WIN7 eingeschränktes Konto nicht nutzbar / soll 100€ zahlen ? Hi, ja da ist noch irgendwo ein Startpunkt für diese Malware, welche jetzt aber natürlich ins Leere geht, weil die Malware gelöscht ist, und darum diesen Fehler meldet. Aber das ist Überhaupt kein Problem. Mach einfach mit den nächsten Schritten weiter. Und wenn weder MBAM von ESET diesen Startpunkt finden, suchen wir nachher noch manuell danach.
__________________ --> WIN7 eingeschränktes Konto nicht nutzbar / soll 100€ zahlen ? |
|
02.05.2013, 12:57
| #22 |
| | WIN7 eingeschränktes Konto nicht nutzbar / soll 100€ zahlen ? Ok danke, hier das Log von Malwarebytes, ich mache dann mit Schritt 3 weiter:: Code:
ATTFilter Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.04.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16540 ***** Surf :: *****-HP [limitiert] Schutz: Deaktiviert 02.05.2013 13:45:07 mbam-log-2013-05-02 (13-45-07).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 237371 Laufzeit: 1 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ctfmon.exe (Trojan.Agent) -> Daten: C:\PROGRA~3\rundll32.exe C:\PROGRA~3\8bzd6z.dat,FG00 -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
02.05.2013, 13:03
| #23 |
| /// TB-Ausbilder | WIN7 eingeschränktes Konto nicht nutzbar / soll 100€ zahlen ? ... und MBAM hat den Eintrag, welche die Fehlermeldung erzeugt, bereits gefunden und gelöscht.. 
__________________ cheers, Leo |
|
02.05.2013, 15:46
| #24 |
| | WIN7 eingeschränktes Konto nicht nutzbar / soll 100€ zahlen ? danke.. das mit ESET online scanner dauert jetzt noch, ich bin nach 1,5 Std. versehentlich mit der Maus auf die Stop Taste gekommen, jetzt muss ich ihn wieder von vorne starten .. er zeigt mir jedoch an, bzw. hat angezeigt, dass mein Schädling wohl WIN32/Reveton.M trojan genannt wird..sehr interessant. |
|
02.05.2013, 15:58
| #25 | |
| /// TB-Ausbilder | WIN7 eingeschränktes Konto nicht nutzbar / soll 100€ zahlen ? Ja, der ESET-Scan dauert unter Umständen sowieso relativ lange (ist dafür aber gründlich). Zitat:
__________________ cheers, Leo |
|
02.05.2013, 17:37
| #26 |
| | WIN7 eingeschränktes Konto nicht nutzbar / soll 100€ zahlen ? Schritt 3 Eset Scanner Log file: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c9a709bdabcc0941ae03b62a6db0991b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-10 11:48:21
# local_time=2012-11-10 12:48:21 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 17235358 17235358 0 0
# compatibility_mode=5893 16776574 100 94 30441750 104170855 0 0
# compatibility_mode=8192 67108863 100 0 3764 3764 0 0
# scanned=288717
# found=8
# cleaned=0
# scan_time=7096
C:\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.5.29.1\~BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.5.29.1\~BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Users\******* Surf\Downloads\BestCodecsSetup(1).exe a variant of Win32/InstallBrain.M application (unable to clean) 00000000000000000000000000000000 I
C:\Users\******* Surf\Downloads\BestCodecsSetup(2).exe a variant of Win32/InstallBrain.M application (unable to clean) 00000000000000000000000000000000 I
C:\Users\******* Surf\Downloads\BestCodecsSetup.exe a variant of Win32/InstallBrain.M application (unable to clean) 00000000000000000000000000000000 I
C:\Users\*******\Downloads\PDFReaderSetup.exe a variant of Win32/InstallCore.AX application (unable to clean) 00000000000000000000000000000000 I
C:\Users\*******\Downloads\video_downloader(1).exe Win32/Adware.Bundlore application (unable to clean) 00000000000000000000000000000000 I
C:\Users\*******\Downloads\video_downloader.exe Win32/Adware.Bundlore application (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c9a709bdabcc0941ae03b62a6db0991b
# engine=13739
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-02 11:20:47
# local_time=2013-05-02 01:20:47 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1043 16777213 100 87 1807 54627631 0 0
# compatibility_mode=5893 16776574 100 94 45390792 119123497 0 0
# scanned=7020
# found=0
# cleaned=0
# scan_time=356
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c9a709bdabcc0941ae03b62a6db0991b
# engine=13739
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-02 01:26:37
# local_time=2013-05-02 03:26:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1043 16777213 100 87 9357 54635181 0 0
# compatibility_mode=5893 16776574 100 94 45401942 119131047 0 0
# scanned=189067
# found=5
# cleaned=0
# scan_time=5168
sh=5E3D57C508C4F9C258C2763D71A8EA9AEB6A31AA ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\Documents and Settings\******* Surf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk"
sh=5E3D57C508C4F9C258C2763D71A8EA9AEB6A31AA ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\Documents and Settings\******* Surf\Startmenü\Programs\Startup\msconfig.lnk"
sh=D9D55C4426649EC1A3F02DEC2168E3A91596188A ft=1 fh=c88259bf88f67c5b vn="Win32/Adware.Bundlore application" ac=I fn="C:\Documents and Settings\*******\Downloads\video_downloader(1).exe"
sh=D9D55C4426649EC1A3F02DEC2168E3A91596188A ft=1 fh=c88259bf88f67c5b vn="Win32/Adware.Bundlore application" ac=I fn="C:\Documents and Settings\*******\Downloads\video_downloader.exe"
sh=F01AAACDDB5813F9E51B3BBFB0CA4918C3B806DB ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\FRST\Quarantine\msconfig.lnk"
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c9a709bdabcc0941ae03b62a6db0991b
# engine=13739
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-02 04:32:07
# local_time=2013-05-02 06:32:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1043 16777213 100 87 20487 54646311 0 0
# compatibility_mode=5893 16776574 100 94 45413072 119142177 0 0
# scanned=456477
# found=11
# cleaned=0
# scan_time=10974
sh=5E3D57C508C4F9C258C2763D71A8EA9AEB6A31AA ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\Documents and Settings\******* Surf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk"
sh=5E3D57C508C4F9C258C2763D71A8EA9AEB6A31AA ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\Documents and Settings\******* Surf\Startmenü\Programs\Startup\msconfig.lnk"
sh=D9D55C4426649EC1A3F02DEC2168E3A91596188A ft=1 fh=c88259bf88f67c5b vn="Win32/Adware.Bundlore application" ac=I fn="C:\Documents and Settings\*******\Downloads\video_downloader(1).exe"
sh=D9D55C4426649EC1A3F02DEC2168E3A91596188A ft=1 fh=c88259bf88f67c5b vn="Win32/Adware.Bundlore application" ac=I fn="C:\Documents and Settings\*******\Downloads\video_downloader.exe"
sh=F01AAACDDB5813F9E51B3BBFB0CA4918C3B806DB ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\FRST\Quarantine\msconfig.lnk"
sh=383436A5B1129367F4790DCE01BC852527DD0111 ft=1 fh=ad0261aae75eb177 vn="a variant of Win32/Kryptik.AZYI trojan" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\7lorzd.dat.vir"
sh=383436A5B1129367F4790DCE01BC852527DD0111 ft=1 fh=ad0261aae75eb177 vn="a variant of Win32/Kryptik.AZYI trojan" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\8bzd6z.dat.vir"
sh=5E3D57C508C4F9C258C2763D71A8EA9AEB6A31AA ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\Users\******* Surf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk"
sh=5E3D57C508C4F9C258C2763D71A8EA9AEB6A31AA ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\Users\******* Surf\Startmenü\Programs\Startup\msconfig.lnk"
sh=D9D55C4426649EC1A3F02DEC2168E3A91596188A ft=1 fh=c88259bf88f67c5b vn="Win32/Adware.Bundlore application" ac=I fn="C:\Users\*******\Downloads\video_downloader(1).exe"
sh=D9D55C4426649EC1A3F02DEC2168E3A91596188A ft=1 fh=c88259bf88f67c5b vn="Win32/Adware.Bundlore application" ac=I fn="C:\Users\*******\Downloads\video_downloader.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.62 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` AVG AntiVirus Free Edition 2013 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 TuneUp Utilities 2013 TuneUp Utilities Language Pack (de-DE) Java 7 Update 9 Java version out of Date! Adobe Flash Player 11.7.700.169 Adobe Reader 10.1.6 Adobe Reader out of Date! Mozilla Firefox 16.0.2 Firefox out of Date! Google Chrome 26.0.1410.43 Google Chrome 26.0.1410.64 ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Code:
ATTFilter OTL logfile created on: 5/2/2013 6:46:41 PM - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\******** Surf\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 11.98 Gb Total Physical Memory | 9.13 Gb Available Physical Memory | 76.23% Memory free 23.96 Gb Paging File | 21.09 Gb Available in Paging File | 88.01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 926.94 Gb Total Space | 790.08 Gb Free Space | 85.24% Space Free | Partition Type: NTFS Drive D: | 13.13 Gb Total Space | 1.62 Gb Free Space | 12.31% Space Free | Partition Type: NTFS Drive F: | 149.05 Gb Total Space | 24.09 Gb Free Space | 16.16% Space Free | Partition Type: NTFS Drive J: | 922.84 Gb Total Space | 807.86 Gb Free Space | 87.54% Space Free | Partition Type: NTFS Computer Name: ********-HP | User Name: ******** Neuer ADMIN | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Users\******** Surf\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries) PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Users\******** Surf\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Brother\bratimer.exe () PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe () PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.) PRC - C:\Program Files (x86)\XSManager\WTGService.exe () PRC - C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP) PRC - C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (HP) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe (Sanford, L.P.) PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.) PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) PRC - C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (SEIKO EPSON CORPORATION) PRC - C:\Program Files (x86)\Philips ToUcam Camera\GameCam SE\Program\RFTray.exe () PRC - C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe (Ulead Systems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll () MOD - C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll () MOD - C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll () MOD - C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.Common.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll () MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\1031\nsextint.dll () MOD - C:\Program Files (x86)\Philips ToUcam Camera\GameCam SE\Program\RFTrayRes.dll () MOD - C:\Program Files (x86)\Philips ToUcam Camera\GameCam SE\Program\RFTray.exe () MOD - C:\Program Files (x86)\Philips ToUcam Camera\GameCam SE\Program\RfDownload.dll () MOD - C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 2 SE\U32MISC.dll () MOD - C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 2 SE\u32Spy.dll () ========== Services (SafeList) ========== SRV:64bit: - (EPSON_PM_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION) SRV:64bit: - (EpsonCustomerResearchParticipation) -- C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe (SEIKO EPSON CORPORATION) SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\STacSV64.exe (IDT, Inc.) SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (Printer Control) -- C:\Windows\SysNative\PrintCtrl.exe (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Garmin Core Update Service) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (BRA_Scheduler) -- C:\Program Files (x86)\Brother\bratimer.exe () SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe () SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.) SRV - (WTGService) -- C:\Program Files (x86)\XSManager\WTGService.exe () SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company) SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) SRV - (CLKMSVC10_38F51D56) -- c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe (CyberLink) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) SRV - (DATEV Update-Service) -- J:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe (DATEV eG) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (DymoPnpService) -- C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe (Sanford, L.P.) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) SRV - (AAV UpdateService) -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (cmntnet) -- C:\Windows\SysNative\drivers\cmntnet.sys (Wireless Data Device) DRV:64bit: - (cmnuusbser) -- C:\Windows\SysNative\drivers\cmnuusbser.sys (Wireless Device) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (pmxdrv) -- C:\Windows\SysNative\drivers\pmxdrv.sys () DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (tixhci) -- C:\Windows\SysNative\drivers\tixhci.sys (Texas Instruments Incorporated) DRV:64bit: - (tihub3) -- C:\Windows\SysNative\drivers\tihub3.sys (Texas Instruments Incorporated) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.) DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{136E043D-39D8-4884-88F7-B47A3B070908}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKLM\..\SearchScopes\{136E043D-39D8-4884-88F7-B47A3B070908}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2928652112-3187983571-3213460233-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 IE - HKU\S-1-5-21-2928652112-3187983571-3213460233-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4 IE - HKU\S-1-5-21-2928652112-3187983571-3213460233-1003\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2928652112-3187983571-3213460233-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKU\S-1-5-21-2928652112-3187983571-3213460233-1003\..\SearchScopes\{136E043D-39D8-4884-88F7-B47A3B070908}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKU\S-1-5-21-2928652112-3187983571-3213460233-1003\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKU\S-1-5-21-2928652112-3187983571-3213460233-1003\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKU\S-1-5-21-2928652112-3187983571-3213460233-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2928652112-3187983571-3213460233-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2928652112-3187983571-3213460233-1007\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2928652112-3187983571-3213460233-1007\..\SearchScopes\{1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-2928652112-3187983571-3213460233-1007\..\SearchScopes\{136E043D-39D8-4884-88F7-B47A3B070908}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKU\S-1-5-21-2928652112-3187983571-3213460233-1007\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKU\S-1-5-21-2928652112-3187983571-3213460233-1007\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKU\S-1-5-21-2928652112-3187983571-3213460233-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\TS_KeyLodaded\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 IE - HKU\TS_KeyLodaded\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\TS_KeyLodaded\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found IE - HKU\TS_KeyLodaded\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\TS_KeyLodaded\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKU\TS_KeyLodaded\..\SearchScopes\{136E043D-39D8-4884-88F7-B47A3B070908}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKU\TS_KeyLodaded\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE - HKU\TS_KeyLodaded\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKU\TS_KeyLodaded\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKU\TS_KeyLodaded\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\TS_KeyLodaded\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: "false" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@dymo.com/DymoLabelFramework: C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/19 16:33:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/19 16:33:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/12 17:53:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/12 17:53:33 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/29 19:04:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******** Neuer ADMIN\AppData\Roaming\mozilla\Extensions [2013/04/29 17:28:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******** Neuer ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\qxs2ikp0.default\extensions [2013/03/09 15:10:47 | 000,001,609 | ---- | M] () -- C:\Users\******** Neuer ADMIN\AppData\Roaming\mozilla\firefox\profiles\qxs2ikp0.default\searchplugins\ChatZumSearch.xml [2013/04/29 11:39:58 | 000,001,058 | ---- | M] () -- C:\Users\******** Neuer ADMIN\AppData\Roaming\mozilla\firefox\profiles\qxs2ikp0.default\searchplugins\utorrentbarde-customized-web-search.xml [2013/05/02 13:50:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/11/05 12:31:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013/05/02 13:50:52 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\mozilla firefox\extensions\websitelogon@truesuite.com [2012/12/03 12:01:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\updated\extensions [2012/12/03 12:01:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012/12/03 12:01:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\updated\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012/12/03 12:01:09 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\mozilla firefox\updated\extensions\websitelogon@truesuite.com [2012/11/05 12:31:52 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/04/21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/09/12 16:59:18 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/04/21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/04/21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/04/21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/04/21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013/04/29 18:16:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) O2 - BHO: (IEHlprObj Class) - {DA5A2A9E-DF07-4a8e-B423-BC5CD4D1880C} - C:\Program Files\WebBoomerang\IEHelper.dll () O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard ) O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [PrintDisp] C:\Windows\SysNative\PrintDisp.exe (ActMask Co.,Ltd - hxxp://www.all2pdf.com) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [PE2CKFNT SE] C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe () O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare) O4 - HKU\S-1-5-21-2928652112-3187983571-3213460233-1003..\Run: [DymoQuickPrint] C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe (Sanford, L.P.) O4 - HKU\S-1-5-21-2928652112-3187983571-3213460233-1003..\Run: [Epson Stylus Photo PX730(Netzwerk)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHQE.EXE /FU "C:\Users\HERMAN~1\AppData\Local\Temp\E_SAF32.tmp" /EF "HKCU" File not found O4 - HKU\S-1-5-21-2928652112-3187983571-3213460233-1003..\Run: [TrafficTravisv4] C:\Users\******** Surf\AppData\Roaming\Traffic Travis v4\TrafficTravisV4.exe () O4 - HKU\S-1-5-21-2928652112-3187983571-3213460233-1007..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHQE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus Photo PX730" File not found O4 - HKU\S-1-5-21-2928652112-3187983571-3213460233-1007..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries) O4 - HKU\TS_KeyLodaded..\Run: [DymoQuickPrint] C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe (Sanford, L.P.) O4 - HKU\TS_KeyLodaded..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found O4 - HKU\TS_KeyLodaded..\Run: [TrafficTravisv4] C:\Users\********\AppData\Roaming\Traffic Travis v4\TrafficTravisV4.exe File not found O4 - HKU\TS_KeyLodaded..\Run: [WebCamRT.exe] C:\Program Files (x86)\Philips ToUcam Camera\SpotLife\WebCamRT.exe /WinStart /regkey=Software\Spotlife\Spotlife.5\WebCamSettings File not found O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-PL313.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - Startup: C:\Users\******** Surf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found O4 - Startup: C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2928652112-3187983571-3213460233-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2928652112-3187983571-3213460233-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2928652112-3187983571-3213460233-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2928652112-3187983571-3213460233-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKU\S-1-5-21-2928652112-3187983571-3213460233-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2928652112-3187983571-3213460233-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2928652112-3187983571-3213460233-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-2928652112-3187983571-3213460233-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2928652112-3187983571-3213460233-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKU\TS_KeyLodaded\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\TS_KeyLodaded\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\TS_KeyLodaded\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\TS_KeyLodaded\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O7 - HKU\TS_KeyLodaded\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\TS_KeyLodaded\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~2\VideoGet\VideoGet\Plugins\VIDEOG~2.DLL () O9:64bit: - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~2\VideoGet\VideoGet\Plugins\VIDEOG~2.DLL () O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~2\VideoGet\VideoGet\Plugins\VIDEOG~1.DLL () O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~2\VideoGet\VideoGet\Plugins\VIDEOG~1.DLL () O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2928652112-3187983571-3213460233-1003\..Trusted Domains: netzaehler.de ([]https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DC02DD9-EAAF-4808-9CC8-A515805F5335}: DhcpNameServer = 212.23.115.132 212.23.115.148 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D955C847-13C9-4AE2-A9D9-B6218CB8759A}: DhcpNameServer = 10.74.210.210 10.74.210.211 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F40FCA03-8D20-441F-BCF5-08EF17DC8385}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/05/02 12:51:23 | 000,000,000 | ---D | C] -- C:\_OTL [2013/04/30 01:40:05 | 000,000,000 | ---D | C] -- C:\FRST [2013/04/29 18:40:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/04/29 18:30:25 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/04/29 18:03:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/04/29 18:03:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/04/29 18:03:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/04/29 17:53:21 | 000,000,000 | ---D | C] -- C:\Users\******** Neuer ADMIN\AppData\Local\CrashDumps [2013/04/29 17:51:56 | 000,000,000 | ---D | C] -- C:\Users\******** Neuer ADMIN\AppData\Local\Diagnostics [2013/04/29 17:43:39 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/04/29 17:43:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/04/29 12:26:53 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013/04/29 12:21:13 | 000,000,000 | ---D | C] -- C:\Users\******** Neuer ADMIN\AppData\Local\AuthenTec [2013/04/29 12:20:36 | 000,000,000 | ---D | C] -- C:\Users\******** Neuer ADMIN\AppData\Roaming\Symantec [2013/04/29 11:53:01 | 000,000,000 | ---D | C] -- C:\Users\******** Neuer ADMIN\AppData\Roaming\vlc [2013/04/29 11:31:56 | 000,000,000 | ---D | C] -- C:\Users\******** Neuer ADMIN\AppData\Local\Scansoft [2013/04/29 10:07:33 | 000,000,000 | R--D | C] -- C:\Users\******** Neuer ADMIN\AppData\Roaming\Brother [2013/04/21 15:17:09 | 000,000,000 | R--D | C] -- C:\********s iPod [2013/04/12 23:20:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother [2013/04/12 23:19:22 | 000,073,728 | ---- | C] (Brother Industories Ltd. P&S Company) -- C:\Windows\SysWow64\BRCrypt.dll [2013/04/12 23:19:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BrFaxRx [2013/04/12 23:19:21 | 000,255,488 | ---- | C] (brother) -- C:\Windows\SysNative\NSSRH64.dll [2013/04/12 23:19:21 | 000,179,712 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrfxDA5b.dll [2013/04/12 23:19:21 | 000,167,936 | ---- | C] (brother) -- C:\Windows\SysWow64\NSSearch.dll [2013/04/12 23:19:21 | 000,118,784 | ---- | C] (Brother Industries,LTD.) -- C:\Windows\SysWow64\BrMfNt.dll [2013/04/12 23:19:21 | 000,083,968 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrNetSti.dll [2013/04/12 23:19:21 | 000,059,392 | ---- | C] (Brother Industries,Ltd.) -- C:\Windows\SysNative\BrWiaNCp.dll [2013/04/12 23:19:21 | 000,048,640 | ---- | C] (Brother Industries,Ltd) -- C:\Windows\SysNative\Brnsplg.dll [2013/04/12 23:19:12 | 000,005,632 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2L.dll [2013/04/12 23:16:23 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2.dll [2013/04/12 23:16:23 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2S.dll [2013/04/12 23:16:21 | 001,560,576 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrWi209c.dll [2013/04/12 23:16:20 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BROSNMP.DLL [2013/04/12 23:16:20 | 000,103,736 | ---- | C] (Brother Industries Ltd) -- C:\Windows\SysWow64\BRRBTOOL.EXE [2013/04/12 23:16:20 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BRLMW03A.DLL [2013/04/12 23:16:20 | 000,025,299 | ---- | C] (Brother Industries, Ltd) -- C:\Windows\SysWow64\BRLM03A.DLL [2013/04/12 23:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance [2013/04/12 23:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield [2013/04/12 23:13:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSoft PaperPort 11 [2013/04/12 23:12:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ScanSoft Shared [2013/04/12 23:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft [2013/04/12 23:12:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScanSoft [2013/04/12 23:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother [2013/04/10 14:42:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun [2013/04/10 11:21:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.0 [2013/04/10 11:20:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibreOffice 4.0 [2013/04/08 11:44:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013/04/04 10:41:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Garmin [2013/04/04 10:41:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache ========== Files - Modified Within 30 Days ========== [2013/05/02 18:28:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/05/02 18:07:39 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/05/02 13:58:31 | 000,030,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/05/02 13:58:31 | 000,030,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/05/02 13:51:11 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/05/02 13:50:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/05/02 13:50:41 | 1058,267,134 | -HS- | M] () -- C:\hiberfil.sys [2013/05/02 13:22:58 | 000,712,264 | ---- | M] () -- C:\Windows\is-PL313.exe [2013/05/02 13:22:58 | 000,013,521 | ---- | M] () -- C:\Windows\is-PL313.msg [2013/05/02 13:22:58 | 000,000,381 | ---- | M] () -- C:\Windows\is-PL313.lst [2013/05/02 13:15:07 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/05/02 13:15:07 | 000,698,514 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/05/02 13:15:07 | 000,652,496 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/05/02 13:15:07 | 000,148,570 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/05/02 13:15:07 | 000,121,428 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/04/29 18:16:18 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/04/29 17:28:11 | 000,000,159 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013/04/29 14:19:12 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml [2013/04/29 14:19:12 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml [2013/04/21 14:43:39 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI [2013/04/12 23:24:01 | 005,060,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/04/12 23:20:27 | 000,000,256 | ---- | M] () -- C:\Windows\Brpfx04a.ini [2013/04/12 23:20:27 | 000,000,093 | ---- | M] () -- C:\Windows\brpcfx.ini [2013/04/12 23:19:22 | 000,000,066 | ---- | M] () -- C:\Windows\Brfaxrx.ini [2013/04/12 23:19:22 | 000,000,050 | ---- | M] () -- C:\Windows\SysNative\BD9320CW.DAT [2013/04/12 21:07:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf [2013/04/12 12:47:55 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/04/10 11:21:06 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 4.0.lnk [2013/04/08 11:44:53 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2013/04/04 16:55:02 | 000,002,301 | ---- | M] () -- C:\Users\Public\Desktop\Steuer-Spar- Erklärung Selbstständige 2013.lnk [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/04/04 10:41:25 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Garmin Express.lnk ========== Files Created - No Company Name ========== [2013/05/02 13:22:58 | 000,712,264 | ---- | C] () -- C:\Windows\is-PL313.exe [2013/05/02 13:22:58 | 000,013,521 | ---- | C] () -- C:\Windows\is-PL313.msg [2013/05/02 13:22:58 | 000,000,381 | ---- | C] () -- C:\Windows\is-PL313.lst [2013/04/29 18:03:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/04/29 18:03:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/04/29 18:03:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/04/29 18:03:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/04/29 18:03:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/04/29 17:28:00 | 000,000,159 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013/04/12 23:20:27 | 000,000,256 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2013/04/12 23:20:27 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2013/04/12 23:20:00 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2013/04/12 23:19:22 | 000,000,050 | ---- | C] () -- C:\Windows\SysNative\BD9320CW.DAT [2013/04/12 23:19:21 | 000,143,360 | ---- | C] () -- C:\Windows\SysNative\BrSNMP64.dll [2013/04/12 23:19:21 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll [2013/04/12 23:19:21 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2013/04/12 23:19:21 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2013/04/12 23:16:20 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2013/04/12 23:16:19 | 000,000,050 | ---- | C] () -- C:\Windows\SysNative\BRADC08A.DAT [2013/04/12 23:16:16 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2013/04/12 23:13:15 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini [2013/04/12 21:07:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf [2013/04/10 11:21:06 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 4.0.lnk [2013/04/04 10:41:25 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Garmin Express.lnk [2013/03/20 23:35:45 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ZLIB.DLL [2013/02/14 17:50:08 | 000,003,822 | ---- | C] () -- C:\Users\******** Neuer ADMIN\AppData\Local\recently-used.xbel [2012/10/30 18:20:06 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012/10/29 18:32:59 | 000,000,680 | RHS- | C] () -- C:\Users\******** Neuer ADMIN\ntuser.pol [2012/09/05 11:09:40 | 001,391,616 | ---- | C] () -- C:\Windows\SysWow64\ActPDF.dll [2012/08/20 22:46:42 | 000,000,434 | ---- | C] () -- C:\Windows\ULEAD32.INI [2012/05/30 18:03:20 | 000,397,312 | ---- | C] () -- C:\Windows\iwexec.exe [2012/05/30 18:03:14 | 000,088,576 | ---- | C] () -- C:\Windows\SysWow64\Lffpx90n.dll [2012/04/27 10:21:52 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe [2012/04/25 10:01:19 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2012/04/25 07:45:37 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI [2012/04/25 07:45:13 | 000,000,108 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI [2012/04/25 07:42:33 | 000,000,109 | ---- | C] () -- C:\Windows\Startup.INI [2012/04/25 07:32:48 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011/11/24 05:16:18 | 000,002,792 | ---- | C] () -- C:\Program Files\HP SimplePass 2011 [2011/11/24 05:08:24 | 000,000,196 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2011/06/21 10:07:00 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL [2011/05/13 10:04:16 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll [2011/05/13 10:03:16 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll [2011/05/13 10:01:22 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll [2011/05/13 10:01:00 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll ========== ZeroAccess Check ========== [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/01/14 16:41:02 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2013/01/14 16:41:02 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software [2012/12/12 16:51:24 | 000,000,000 | ---D | M] -- C:\Users\******** Neuer ADMIN\AppData\Roaming\AVG2013 [2012/12/02 00:37:45 | 000,000,000 | ---D | M] -- C:\Users\******** Neuer ADMIN\AppData\Roaming\Camfrog [2012/11/12 13:22:51 | 000,000,000 | ---D | M] -- C:\Users\******** Neuer ADMIN\AppData\Roaming\com.leawo.imediago [2013/03/23 10:13:14 | 000,000,000 | ---D | M] -- C:\Users\******** Neuer ADMIN\AppData\Roaming\DVDVideoSoft [2012/10/29 18:33:15 | 000,000,000 | ---D | M] -- C:\Users\******** Neuer ADMIN\AppData\Roaming\Epson [2013/04/04 10:41:31 | 000,000,000 | ---D | M] -- C:\Users\******** Neuer ADMIN\AppData\Roaming\Garmin [2013/02/14 13:30:29 | 000,000,000 | ---D | M] -- C:\Users\******** Neuer ADMIN\AppData\Roaming\inkscape [2013/01/23 20:06:24 | 000,000,000 | ---D | M] -- C:\Users\******** Neuer ADMIN\AppData\Roaming\IrfanView [2012/10/29 18:33:16 | 000,000,000 | ---D | M] -- C:\Users\******** Neuer ADMIN\AppData\Roaming\Lexware [2012/11/21 14:13:46 | 000,000,000 | ---D | M] -- C:\Users\******** Neuer ADMIN\AppData\Roaming\Light Developer [2013/03/20 23:36:11 | 000,000,000 | ---D | M] -- C:\Users\******** Neuer ADMIN\AppData\Roaming\Likno Software [2012/12/12 16:49:17 | 000,000,000 | ---D | M] -- C:\Users\******** Neuer ADMIN\AppData\Roaming\TuneUp Software [2013/01/19 16:44:20 | 000,000,000 | ---D | M] -- C:\Users\******** Neuer ADMIN\AppData\Roaming\uTorrent [2013/02/13 14:15:42 | 000,000,000 | ---D | M] -- C:\Users\******** Neuer ADMIN\AppData\Roaming\XSManager [2012/10/30 18:07:33 | 000,000,000 | ---D | M] -- C:\Users\******** Surf\AppData\Roaming\Affilorama [2013/01/03 22:58:38 | 000,000,000 | ---D | M] -- C:\Users\******** Surf\AppData\Roaming\AnSyS [2012/11/26 19:12:09 | 000,000,000 | ---D | M] -- C:\Users\******** Surf\AppData\Roaming\APP_NAME_NON_STRING [2013/03/11 18:25:16 | 000,000,000 | ---D | M] -- C:\Users\******** Surf\AppData\Roaming\Audacity [2013/03/09 15:10:33 | 000,000,000 | ---D | M] -- C:\Users\******** Surf\AppData\Roaming\Avery [2012/12/12 16:54:07 | 000,000,000 | ---D | M] -- C:\Users\******** Surf\AppData\Roaming\AVG2013 [2013/03/29 18:06:39 | 000,000,000 | ---D | M] -- C:\Users\******** Surf\AppData\Roaming\com.leawo.imediago [2013/05/02 13:51:40 | 000,000,000 | ---D | M] -- C:\Users\******** Surf\AppData\Roaming\Dropbox [2012/09/24 09:13:49 | 000,000,000 | ---D | M] -- C:\Users\******** Surf\AppData\Roaming\Epson [2012/09/24 09:13:59 | 000,000,000 | ---D | M] -- C:\Users\******** Surf\AppData\Roaming\Garmin [2013/02/09 18:11:55 | 000,000,000 | ---D | M] -- C:\Users\******** Surf\AppData\Roaming\Ifiqg [2013/02/15 11:16:35 | 000,000,000 | ---D | M] -- C:\Users\******** Surf\AppData\Roaming\inkscape [2012/11/04 12:54:43 | 000,000,000 | ---D | M] -- C:\Users\******** Surf\AppData\Roaming\IrfanView [2012/09/24 09:14:01 | 000,000,000 | ---D | M] -- C:\Users\******** Surf\AppData\Roaming\Lexware [2013/04/10 14:42:27 | 000,000,000 | ---D | M] -- C:\Users\******** Surf\AppData\Roaming\LibreOffice [2012/11/21 14:14:25 | 000,000,000 | ---D | M] -- C:\Users\******** Surf\AppData\Roaming\Light Developer [2012/11/13 12:39:09 | 000,000,000 | ---D | M] -- C:\Users\******** Surf\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1 [2012/09/24 11:58:29 | 000,000,000 | ---D | M] -- C:\Users\******** Surf\AppData\Roaming\OpenOffice.org [2013/03/14 11:01:09 | 000,000,000 | ---D | M] -- C:\Users\******** Surf\AppData\Roaming\PhotoScape [2013/01/03 12:30:00 | 000,000,000 | ---D | M] -- C:\Users\******** Surf\AppData\Roaming\RetouchPilot [2013/04/29 10:20:50 | 000,000,000 | ---D | M] -- C:\Users\******** Surf\AppData\Roaming\ScanSoft [2013/02/09 18:11:42 | 000,000,000 | ---D | M] -- C:\Users\******** Surf\AppData\Roaming\Seqa [2013/03/29 16:26:15 | 000,000,000 | ---D | M] -- C:\Users\******** Surf\AppData\Roaming\SoftMaker [2013/05/02 13:23:24 | 000,000,000 | ---D | M] -- C:\Users\******** Surf\AppData\Roaming\Traffic Travis v4 [2013/03/08 18:53:36 | 000,000,000 | ---D | M] -- C:\Users\******** Surf\AppData\Roaming\uTorrent [2013/02/06 19:07:40 | 000,000,000 | ---D | M] -- C:\Users\******** Surf\AppData\Roaming\Webocton - Scriptly [2013/02/13 14:25:57 | 000,000,000 | ---D | M] -- C:\Users\******** Surf\AppData\Roaming\XSManager [2013/04/29 10:20:54 | 000,000,000 | ---D | M] -- C:\Users\******** Surf\AppData\Roaming\Zeon [2012/10/29 23:19:45 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\.minecraft [2012/07/28 17:14:57 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\AnnVideo [2012/12/02 17:57:06 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\APP_NAME_NON_STRING [2012/12/12 21:47:01 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\AVG2013 [2012/07/28 17:24:41 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\DVDVideoSoft [2012/12/23 15:23:32 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Epson [2013/04/12 21:08:02 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\ExpressDownloader [2012/07/28 17:32:16 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\FreeVideoConverter [2012/07/01 19:43:23 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Garmin [2012/12/11 09:04:47 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\ICQ [2012/11/22 21:36:07 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\ICQ Search [2012/05/14 20:11:02 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Lexware [2012/06/03 17:49:15 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\OpenOffice.org [2012/07/28 16:52:05 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Pavtube [2012/12/04 21:54:29 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\PDF Architect [2012/07/13 19:01:38 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\PhotoScape [2013/04/04 20:16:51 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\TeamViewer [2012/07/28 17:33:02 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > Geändert von hardyxy9 (02.05.2013 um 17:54 Uhr) |
|
02.05.2013, 17:51
| #27 |
| /// TB-Ausbilder | WIN7 eingeschränktes Konto nicht nutzbar / soll 100€ zahlen ? Prima, dann räumen wir noch die Resten weg, schliessen die Lücken und räumen auf. Schritt 1
Code:
ATTFilter :files
C:\Users\******* Surf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
C:\Users\******* Surf\Startmenü\Programs\Startup\msconfig.lnk
C:\Users\*******\Downloads\video_downloader(1).exe
C:\Users\*******\Downloads\video_downloader.exe
Schritt 2 Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware zur Infizierung per Drive-by Download missbraucht werden können. Die aktuelle Version ist Java 7 Update 21.
Überleg dir also, ob du eine Java-Installation wirklich brauchst. Falls du Java weiterhin verwenden möchtest, dann:
Schritt 3 Die Version deines Adobe PDF Readers ist veraltet, wir müssen ihn updaten:
Schritt 4 Dein Firefox ist nicht mehr aktuell. Starte deinen Firefox als Administrator, klicke Hilfe --> Über Firefox und führe das angebotene Update durch. Wiederhole diesen Schritt, bis Firefox als aktuell angezeigt wird. Überprüfe dann mit diesem Plugin-Check, ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls. Cleanup Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
>> OK << Wir sind durch, deine Logs sehen für mich im Moment sauber aus.  Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst. Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann. Epilog: Tipps, Dos & Don'ts  Aktualität von System und SoftwareDas Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-SoftwareEine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im InternetNebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine HinweiseAbschliessend noch ein paar grundsätzliche Bemerkungen:
Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.
__________________ cheers, Leo |
|
03.05.2013, 16:00
| #28 |
| | WIN7 eingeschränktes Konto nicht nutzbar / soll 100€ zahlen ? Soo, auch hier ein herzliches Danke schön, und schönes Wochenende! |
|
03.05.2013, 17:08
| #29 |
| /// TB-Ausbilder | WIN7 eingeschränktes Konto nicht nutzbar / soll 100€ zahlen ? Dir auch ein schönes Wochenende. Freut mich, dass wir helfen konnten.  Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun. Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
|
| Themen zu WIN7 eingeschränktes Konto nicht nutzbar / soll 100€ zahlen ? |
| admin, angeblich, antivirus, avg, avg antivirus, bereinigt, eingeschränkte, eingeschränkten, eingeschränktes, erwischt, garnicht, gescannt, heute, komplette, konto, malwarebytes, nutzbar, plagegeist, rechner, rechte, rechten, seite, win, win7, zahlen |
Textbox. 
Linear-Darstellung
