| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Incredibar entfernen!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.05.2013, 16:05
| #1 |
 |  Incredibar entfernen! Auch ein anderes Notebook in unserem Haushalt weißt einen "Schädling" auf, Incredibar  Könnte bitte jemand so lieb sein und mir bei der Beseitigung helfen? Hier die Logs aus OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.05.2013 16:49:50 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Sebastian\Eigene Dateien\Downloads Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1022,11 Mb Total Physical Memory | 256,64 Mb Available Physical Memory | 25,11% Memory free 2,40 Gb Paging File | 1,57 Gb Available in Paging File | 65,37% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 133,43 Gb Total Space | 112,64 Gb Free Space | 84,42% Space Free | Partition Type: NTFS Drive D: | 15,60 Gb Total Space | 7,13 Gb Free Space | 45,72% Space Free | Partition Type: FAT32 Computer Name: | User Name: | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.04 16:48:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sebastian\Eigene Dateien\Downloads\OTL.exe PRC - [2013.05.02 21:43:25 | 006,095,408 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgmfapx.exe PRC - [2013.04.07 10:55:02 | 000,015,152 | ---- | M] () -- C:\WINDOWS\system32\jmdp\stij.exe PRC - [2013.04.07 10:54:58 | 001,156,400 | ---- | M] () -- C:\WINDOWS\system32\dmwu.exe PRC - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe PRC - [2013.01.31 13:27:02 | 000,188,760 | ---- | M] () -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe PRC - [2012.11.19 18:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgtray.exe PRC - [2012.06.23 22:28:06 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.05.24 13:28:56 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2012.05.04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe PRC - [2012.01.17 11:07:58 | 000,505,736 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe PRC - [2012.01.17 11:07:54 | 000,252,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.11.28 15:12:12 | 000,222,720 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe PRC - [2006.10.24 11:14:44 | 001,441,280 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe PRC - [2006.10.20 00:43:00 | 000,814,080 | ---- | M] (ODSoft multimedia) -- C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe PRC - [2006.08.02 01:38:30 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe PRC - [2006.08.02 01:32:44 | 000,696,320 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe PRC - [2006.08.02 01:27:54 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe PRC - [2006.07.10 20:02:46 | 000,086,016 | ---- | M] () -- C:\Programme\Launch Manager\WButton.exe PRC - [2006.04.24 15:25:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe PRC - [2006.04.05 18:36:52 | 000,565,248 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe PRC - [2005.07.25 14:36:40 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe PRC - [2005.03.16 14:52:02 | 000,204,800 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\OSD.exe PRC - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE ========== Modules (No Company Name) ========== MOD - [2013.05.04 16:42:32 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll MOD - [2013.05.04 16:40:31 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll MOD - [2013.05.03 00:15:36 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2013.05.03 00:15:35 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2013.05.03 00:15:34 | 000,486,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll MOD - [2013.05.03 00:15:26 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll MOD - [2013.05.03 00:15:24 | 000,131,072 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll MOD - [2013.05.03 00:15:20 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2013.05.03 00:15:11 | 000,010,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll MOD - [2013.05.03 00:15:07 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MOD - [2013.05.03 00:15:06 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll MOD - [2013.05.03 00:15:05 | 005,062,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll MOD - [2013.05.03 00:15:04 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll MOD - [2013.05.03 00:15:02 | 005,246,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll MOD - [2013.04.07 10:55:02 | 000,015,152 | ---- | M] () -- C:\WINDOWS\system32\jmdp\stij.exe MOD - [2013.04.07 10:54:58 | 001,156,400 | ---- | M] () -- C:\WINDOWS\system32\dmwu.exe MOD - [2013.04.07 10:54:20 | 000,306,176 | ---- | M] () -- C:\WINDOWS\system32\jmdp\lmrn.dll MOD - [2013.04.07 10:52:34 | 000,027,136 | ---- | M] () -- C:\WINDOWS\system32\ImHttpComm.dll MOD - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe MOD - [2013.03.22 16:08:36 | 002,520,016 | ---- | M] () -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll MOD - [2013.02.05 09:25:06 | 000,362,029 | ---- | M] () -- C:\WINDOWS\system32\jmdp\sqlite3.dll MOD - [2013.01.31 13:27:02 | 000,188,760 | ---- | M] () -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe MOD - [2012.06.23 22:28:06 | 002,042,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.02.21 00:29:25 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll MOD - [2011.02.04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008.03.25 06:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll MOD - [2006.08.02 01:26:20 | 000,118,784 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll MOD - [2006.08.02 01:24:54 | 000,348,160 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\IntStngs.dll MOD - [2006.07.10 20:02:46 | 000,086,016 | ---- | M] () -- C:\Programme\Launch Manager\WButton.exe MOD - [2006.06.23 14:07:08 | 001,167,360 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\acAuth.dll MOD - [2006.06.08 01:42:24 | 000,098,304 | ---- | M] () -- C:\Programme\Sceneo\Bonavista\Services\PVR\tvtvRemote.dll MOD - [2005.07.25 14:36:40 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe MOD - [2004.04.23 17:01:00 | 000,299,008 | ---- | M] () -- C:\WINDOWS\system32\midas.dll ========== Services (SafeList) ========== SRV - [2013.04.07 10:54:58 | 001,156,400 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\dmwu.exe -- (IBUpdaterService) SRV - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect) SRV - [2013.01.31 13:27:02 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater) SRV - [2012.11.02 04:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Programme\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.23 22:28:06 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.24 13:28:56 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2012.05.04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2007.01.31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8) SRV - [2006.11.06 15:21:10 | 000,210,432 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.24 11:14:44 | 001,441,280 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe -- (srvcPVR) SRV - [2006.04.24 15:25:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2005.10.06 19:13:10 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS) SRV - [2005.04.04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) SRV - [2001.11.12 15:31:48 | 000,020,480 | ---- | M] (X10) [Disabled | Stopped] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Wbutton.sys -- (Wbutton) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (mailKmd) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013.04.11 03:18:40 | 000,302,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2012.12.10 04:28:36 | 000,142,176 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2012.11.08 04:49:26 | 000,250,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2012.04.19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2012.01.31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2011.12.23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011.12.23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2011.12.23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter) DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE) DRV - [2006.10.12 14:57:34 | 001,053,824 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PhilCap.sys -- (PhilCap) DRV - [2006.10.10 09:54:34 | 000,138,240 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent) DRV - [2006.10.10 09:54:32 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port) DRV - [2006.10.10 09:54:32 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem) DRV - [2006.10.10 09:54:32 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic) DRV - [2006.09.22 14:14:10 | 004,381,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) DRV - [2006.08.02 02:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2006.06.17 21:36:32 | 000,083,968 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2006.04.05 18:47:20 | 000,891,008 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial) DRV - [2005.12.22 18:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2005.11.28 12:45:16 | 000,007,040 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10hid.sys -- (X10Hid) DRV - [2005.11.16 21:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2005.11.01 19:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2005.05.19 17:52:58 | 000,017,792 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10ufx2.sys -- (XUIF) DRV - [2003.04.28 12:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-1985724923-4270092327-515847459-1007\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www2.delta-search.com/?affID=121845&tt=gc_&babsrc=HP_ss&mntrId=70AC0018DEA0D0B8 IE - HKU\S-1-5-21-1985724923-4270092327-515847459-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-1985724923-4270092327-515847459-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-1985724923-4270092327-515847459-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www2.delta-search.com/?affID=121845&tt=gc_&babsrc=HP_ss&mntrId=70AC0018DEA0D0B8 IE - HKU\S-1-5-21-1985724923-4270092327-515847459-1007\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1985724923-4270092327-515847459-1007\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - No CLSID value found IE - HKU\S-1-5-21-1985724923-4270092327-515847459-1007\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1985724923-4270092327-515847459-1007\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1985724923-4270092327-515847459-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-1985724923-4270092327-515847459-1007\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www2.delta-search.com/?q={searchTerms}&affID=121845&tt=gc_&babsrc=SP_ss&mntrId=70AC0018DEA0D0B8 IE - HKU\S-1-5-21-1985724923-4270092327-515847459-1007\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = hxxp://www.searchqu.com/web?src=ieb&q={SearchTerms} IE - HKU\S-1-5-21-1985724923-4270092327-515847459-1007\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb203?a=6PQzodXzkC&search={searchTerms}&i=26 IE - HKU\S-1-5-21-1985724923-4270092327-515847459-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.order.1: "Delta Search" FF - prefs.js..browser.search.selectedEngine: "Delta Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www2.delta-search.com/?affID=121845&tt=gc_&babsrc=HP_ss&mntrId=70AC0018DEA0D0B8" FF - prefs.js..extensions.enabledAddons: ffxtlbr@incredibar.com:1.5.0 FF - prefs.js..extensions.enabledAddons: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2189 FF - prefs.js..extensions.enabledAddons: toolbar@gmx.net:2.3.4 FF - prefs.js..extensions.enabledAddons: {FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}:2.0.0.568 FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1410 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Programme\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programme\AVG\AVG2012\Firefox4\ [2013.05.02 21:56:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Programme\Web Assistant\Firefox [2013.05.02 21:48:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Programme\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.30 21:24:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Programme\Web Assistant\Firefox [2013.05.02 21:48:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.23 22:28:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.06.13 00:19:12 | 000,000,000 | ---D | M] [2010.01.31 17:31:00 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Extensions [2013.05.04 16:39:06 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Firefox\Profiles\zna6yptg.default\extensions [2010.05.01 22:32:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Firefox\Profiles\zna6yptg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.06.03 23:45:10 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Firefox\Profiles\zna6yptg.default\extensions\ffxtlbr@incredibar.com [2013.05.02 22:30:00 | 000,515,433 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Firefox\Profiles\zna6yptg.default\extensions\toolbar@gmx.net.xpi [2013.05.02 22:58:47 | 000,001,050 | ---- | M] () -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Firefox\Profiles\zna6yptg.default\searchplugins\11-suche.xml [2013.05.02 22:31:31 | 000,006,506 | ---- | M] () -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Firefox\Profiles\zna6yptg.default\searchplugins\babylon.xml [2013.05.02 22:29:45 | 000,006,503 | ---- | M] () -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Firefox\Profiles\zna6yptg.default\searchplugins\BrowserProtect.xml [2013.05.02 22:31:01 | 000,001,294 | ---- | M] () -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Firefox\Profiles\zna6yptg.default\searchplugins\delta.xml [2013.05.02 22:58:47 | 000,002,418 | ---- | M] () -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Firefox\Profiles\zna6yptg.default\searchplugins\englische-ergebnisse.xml [2013.05.02 22:58:47 | 000,010,701 | ---- | M] () -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Firefox\Profiles\zna6yptg.default\searchplugins\gmx-suche.xml [2013.05.02 22:58:47 | 000,002,432 | ---- | M] () -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Firefox\Profiles\zna6yptg.default\searchplugins\lastminute.xml [2013.05.04 16:40:03 | 000,002,120 | ---- | M] () -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Firefox\Profiles\zna6yptg.default\searchplugins\MyStart Search.xml [2013.05.02 22:58:47 | 000,005,682 | ---- | M] () -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Firefox\Profiles\zna6yptg.default\searchplugins\webde-suche.xml [2012.03.18 15:01:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.05.31 22:26:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\SEBASTIAN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZNA6YPTG.DEFAULT\EXTENSIONS\{5A95A9E0-59DD-4314-BD84-4D18CA83A0E2} File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\SEBASTIAN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZNA6YPTG.DEFAULT\EXTENSIONS\FFXTLBR@DELTA.COM File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\SEBASTIAN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZNA6YPTG.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM [2012.07.30 21:24:17 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAMME\AVG\AVG2012\FIREFOX\DONOTTRACK [2013.05.02 21:48:13 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAMME\WEB ASSISTANT\FIREFOX [2012.06.23 22:28:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2012.06.23 22:28:02 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.05.02 22:29:45 | 000,006,503 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml [2012.06.23 22:28:02 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.23 22:28:02 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.23 22:28:02 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.23 22:28:02 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.23 22:28:02 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.03.24 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll () O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKU\S-1-5-21-1985724923-4270092327-515847459-1007\..\Toolbar\ShellBrowser: (no name) - {61628E2A-4FF9-4454-992D-D92A8CD27399} - No CLSID value found. O3 - HKU\S-1-5-21-1985724923-4270092327-515847459-1007\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe (Wistron) O4 - HKLM..\Run: [InstantOn] C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe () O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [LanguageShortcut] C:\Programme\Home Cinema\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LMgrOSD] C:\Programme\Launch Manager\OSD.exe (Wistron) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia) O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Wbutton] C:\Programme\Launch Manager\Wbutton.exe () O4 - HKU\.DEFAULT..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\S-1-5-18..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\S-1-5-21-1985724923-4270092327-515847459-1007..\Run: [EPSON Stylus DX9400F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-1985724923-4270092327-515847459-1007..\Run: [TVBroadcast] C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1985724923-4270092327-515847459-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O15 - HKU\S-1-5-21-1985724923-4270092327-515847459-1007\..Trusted Domains: fachschaft-zahnmedizin.de ([www] https in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-1985724923-4270092327-515847459-1007\..Trusted Domains: uni-muenchen.de ([bow.dent.med] https in Vertrauenswürdige Sites) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163614636698 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B3DBA61-64CC-4E53-9AEE-8406768791B5}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\dokume~1\alluse~1\anwend~1\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.11.15 19:12:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.02 23:45:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.05.02 22:32:45 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys [2013.05.02 22:32:45 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys [2013.05.02 22:32:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\AnySend [2013.05.02 22:32:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AnySend [2013.05.02 22:31:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sebastian\Startmenü\Programme\BrowserProtect [2013.05.02 22:30:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect [2013.05.02 22:30:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\DSite [2013.05.02 22:29:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer [2013.05.02 22:29:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon [2013.05.02 22:29:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Babylon [2013.05.02 21:56:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AVG [2013.05.02 21:53:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\jmdp [2013.05.02 21:49:09 | 000,632,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll [2013.05.02 21:49:09 | 000,554,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll [2013.05.02 21:49:09 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcm80.dll [2013.05.02 21:49:08 | 000,773,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr100.dll [2013.05.02 21:49:08 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp100.dll [2013.05.02 21:49:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ARFC [2013.05.02 21:48:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WNLT [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\Sebastian\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Sebastian\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.04 16:50:00 | 119,247,602 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2013.05.04 16:49:21 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.05.04 16:42:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.05.04 16:40:50 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2013.05.04 16:39:49 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.05.04 16:39:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.05.04 16:39:10 | 1071,828,992 | -HS- | M] () -- C:\hiberfil.sys [2013.05.04 16:39:10 | 000,317,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.05.03 00:15:47 | 000,464,810 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.05.03 00:15:47 | 000,446,152 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.05.03 00:15:47 | 000,087,006 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.05.03 00:15:47 | 000,073,358 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.05.03 00:07:29 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.05.02 23:41:38 | 000,000,873 | ---- | M] () -- C:\WINDOWS\uninst.ini [2013.05.02 22:33:29 | 000,001,232 | ---- | M] () -- C:\WINDOWS\pstudio.ini [2013.05.02 22:33:27 | 000,000,028 | ---- | M] () -- C:\WINDOWS\album.ini [2013.05.02 22:31:40 | 000,000,000 | ---- | M] () -- C:\end [2013.05.02 22:31:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat [2013.05.02 21:56:19 | 000,000,702 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG 2012.lnk [2013.04.11 03:18:40 | 000,302,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [2013.04.07 10:54:58 | 001,156,400 | ---- | M] () -- C:\WINDOWS\System32\dmwu.exe [2013.04.07 10:52:34 | 000,027,136 | ---- | M] () -- C:\WINDOWS\System32\ImHttpComm.dll [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\Sebastian\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Sebastian\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.02 23:41:38 | 000,000,873 | ---- | C] () -- C:\WINDOWS\uninst.ini [2013.05.02 22:31:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat [2013.05.02 22:31:23 | 000,000,000 | ---- | C] () -- C:\end [2013.05.02 21:49:08 | 001,156,400 | ---- | C] () -- C:\WINDOWS\System32\dmwu.exe [2013.05.02 21:49:08 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\ImHttpComm.dll [2012.07.30 21:34:51 | 000,010,455 | ---- | C] () -- C:\Dokumente und Einstellungen\Sebastian\TheresaS_elster_2048.pfx [2012.03.18 18:09:07 | 000,000,062 | ---- | C] () -- C:\WINDOWS\pcvcdbr.INI [2012.03.18 18:09:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcvcdvw.INI [2012.02.16 01:15:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2008.07.15 13:59:33 | 000,018,944 | ---- | C] () -- C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.05.12 09:13:35 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2007.05.12 08:24:24 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Default.PLS [2007.05.12 08:24:22 | 000,000,142 | ---- | C] () -- C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2006.11.15 19:08:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 124 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0B4227B4 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.05.2013 16:49:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Sebastian\Eigene Dateien\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1022,11 Mb Total Physical Memory | 256,64 Mb Available Physical Memory | 25,11% Memory free
2,40 Gb Paging File | 1,57 Gb Available in Paging File | 65,37% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 133,43 Gb Total Space | 112,64 Gb Free Space | 84,42% Space Free | Partition Type: NTFS
Drive D: | 15,60 Gb Total Space | 7,13 Gb Free Space | 45,72% Space Free | Partition Type: FAT32
Computer Name: STOIBER-PRIVAT | User Name: Sebastian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1985724923-4270092327-515847459-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:enabled:Remoteunterstützung -- (Microsoft Corporation)
"C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:enabled:Windows Messenger -- (Microsoft Corporation)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax -- (Microsoft Corporation)
"C:\Programme\NetMeeting\Conf.exe" = C:\Programme\NetMeeting\Conf.exe:*:enabled:NetMeeting -- (Microsoft Corporation)
"C:\Programme\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe" = C:\Programme\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe:*:enabled:Nero MediaHome -- (Nero AG)
"C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe:*:enabled:Nero Home -- (Nero AG)
"C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroUpgrade.exe" = C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroUpgrade.exe:*:enabled:Nero Upgrade -- (Nero AG)
"C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe" = C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe:*:enabled:Nero Setup -- (Nero AG)
"C:\Programme\Sceneo\Bonavista\VMedia\BVD.exe" = C:\Programme\Sceneo\Bonavista\VMedia\BVD.exe:*:enabled:Sceneo Bonavista -- (Buhl Data Service GmbH)
"C:\Programme\Sonavis\TVsweeper\\TVsweeper.exe" = C:\Programme\Sonavis\TVsweeper\\TVsweeper.exe:*:enabled:TVsweeper
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:enabled:Remoteunterstützung -- (Microsoft Corporation)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax -- (Microsoft Corporation)
"C:\Programme\NetMeeting\Conf.exe" = C:\Programme\NetMeeting\Conf.exe:*:enabled:NetMeeting -- (Microsoft Corporation)
"C:\Programme\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe" = C:\Programme\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe:*:enabled:Nero MediaHome -- (Nero AG)
"C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe:*:enabled:Nero Home -- (Nero AG)
"C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroUpgrade.exe" = C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroUpgrade.exe:*:enabled:Nero Upgrade -- (Nero AG)
"C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe" = C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe:*:enabled:Nero Setup -- (Nero AG)
"C:\Programme\Sceneo\Bonavista\VMedia\BVD.exe" = C:\Programme\Sceneo\Bonavista\VMedia\BVD.exe:*:enabled:Sceneo Bonavista -- (Buhl Data Service GmbH)
"C:\Programme\Sonavis\TVsweeper\\TVsweeper.exe" = C:\Programme\Sonavis\TVsweeper\\TVsweeper.exe:*:enabled:TVsweeper
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\Internet Explorer\IEXPLORE.EXE" = C:\Programme\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen -- (Microsoft Corporation)
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Programme\AVG\AVG10\avgmfapx.exe" = C:\Programme\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG-Installationsprogramm
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programme\AVG\AVG2012\avgmfapx.exe" = C:\Programme\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG-Installationsprogramm -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\WINDOWS\system32\dmwu.exe" = C:\WINDOWS\system32\dmwu.exe:*:Enabled:dmwu -- ()
"C:\WINDOWS\system32\ARFC\wrtc.exe" = C:\WINDOWS\system32\ARFC\wrtc.exe:*:Enabled:wrtc -- ()
"C:\Programme\AVG\AVG2012\avgnsx.exe" = C:\Programme\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG2012\avgdiagex.exe" = C:\Programme\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnose 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG2012\avgemcx.exe" = C:\Programme\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal eMail-Scanner -- (AVG Technologies CZ, s.r.o.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02091327-B124-4216-9D71-58C0E24F5392}" = Nokia PC Suite
"{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}" = PC Connectivity Solution
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2792F12C-3515-4D69-8083-B557AF35F06F}" = LightScribe 1.4.89.1
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.568
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BFFC6B8-4EC0-4240-858C-998FD4077983}" = Nokia Connectivity Cable Driver
"{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows-Journal-Viewer
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo Bonavista
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5B12F363-E816-4204-99F0-6F3B0817D588}" = AVG 2012
"{5B8072B3-A576-4C0B-99BC-FAA7145A1031}" = Nero 7 Essentials
"{66DF4C55-0D5A-4784-B06A-E21376139400}" = AVG 2012
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows-Sicherungsprogramm
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A70800000002}" = Adobe Reader 7.0.8 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.3.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}" = PowerCinema Linux 5.0
"{E0A1559B-9886-11D4-8D06-0050DA284A39}" = Scan Manager 5.2
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FAF88B432344413595BB2DED98385684}" = DivX User Guide
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
"4CFD94C379217A02D5EA067615FF789CD731BCDB" = Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArcSoft PhotoBase" = ArcSoft PhotoBase
"ArcSoft PhotoStudio 2000" = ArcSoft PhotoStudio 2000
"AVG" = AVG 2012
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Canon ScanGear Toolbox 3.0" = Canon ScanGear Toolbox 3.0
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ElsterFormular" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"EPSON Stylus CX9300F_DX9400F Benutzerhandbuch" = EPSON Stylus CX9300F_DX9400F Handbuch
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSNINST" = MSN
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OmniPagePro9.0DeinstKey" = OmniPage Pro 9.0
"PhotoStitch" = Canon Utilities PhotoStitch
"ProInst" = Intel(R) PROSet/Wireless Software
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tweak UI 2.10" = Tweak UI
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Media Center Edition Screen Saver Screen Saver" = Windows XP Media Center Edition Screen Saver Screen Saver
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
"WMCSetup" = Windows Media Connect
"WNLT" = IB Updater Service
"X10Hardware" = X10 Hardware(TM)
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.02.2013 16:44:12 | Computer Name = STOIBER-PRIVAT | Source = COM+ | ID = 135761
Description = In der Laufzeitumgebung wurde ein inkonsistenter interner Status erkannt.
Dies deutet auf eine potenzielle Instabilität des Prozesses hin. Diese Instabilität
wird durch die in der COM+-Anwendung ausgeführten benutzerdefinierten Komponenten,
die von ihnen verwendeten Komponenten oder durch andere Faktoren verursacht. Fehler
in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 80070422: InitEventCollector
fail
Error - 15.02.2013 16:45:05 | Computer Name = STOIBER-PRIVAT | Source = COM+ | ID = 135761
Description = In der Laufzeitumgebung wurde ein inkonsistenter interner Status erkannt.
Dies deutet auf eine potenzielle Instabilität des Prozesses hin. Diese Instabilität
wird durch die in der COM+-Anwendung ausgeführten benutzerdefinierten Komponenten,
die von ihnen verwendeten Komponenten oder durch andere Faktoren verursacht. Fehler
in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 80070422: InitEventCollector
fail
Error - 15.02.2013 16:45:09 | Computer Name = STOIBER-PRIVAT | Source = COM+ | ID = 135761
Description = In der Laufzeitumgebung wurde ein inkonsistenter interner Status erkannt.
Dies deutet auf eine potenzielle Instabilität des Prozesses hin. Diese Instabilität
wird durch die in der COM+-Anwendung ausgeführten benutzerdefinierten Komponenten,
die von ihnen verwendeten Komponenten oder durch andere Faktoren verursacht. Fehler
in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 80070422: InitEventCollector
fail
Error - 02.05.2013 15:43:07 | Computer Name = STOIBER-PRIVAT | Source = COM+ | ID = 135761
Description = In der Laufzeitumgebung wurde ein inkonsistenter interner Status erkannt.
Dies deutet auf eine potenzielle Instabilität des Prozesses hin. Diese Instabilität
wird durch die in der COM+-Anwendung ausgeführten benutzerdefinierten Komponenten,
die von ihnen verwendeten Komponenten oder durch andere Faktoren verursacht. Fehler
in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 80070422: InitEventCollector
fail
Error - 02.05.2013 15:42:24 | Computer Name = STOIBER-PRIVAT | Source = COM+ | ID = 135761
Description = In der Laufzeitumgebung wurde ein inkonsistenter interner Status erkannt.
Dies deutet auf eine potenzielle Instabilität des Prozesses hin. Diese Instabilität
wird durch die in der COM+-Anwendung ausgeführten benutzerdefinierten Komponenten,
die von ihnen verwendeten Komponenten oder durch andere Faktoren verursacht. Fehler
in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 80070422: InitEventCollector
fail
Error - 02.05.2013 15:42:35 | Computer Name = STOIBER-PRIVAT | Source = COM+ | ID = 135761
Description = In der Laufzeitumgebung wurde ein inkonsistenter interner Status erkannt.
Dies deutet auf eine potenzielle Instabilität des Prozesses hin. Diese Instabilität
wird durch die in der COM+-Anwendung ausgeführten benutzerdefinierten Komponenten,
die von ihnen verwendeten Komponenten oder durch andere Faktoren verursacht. Fehler
in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 80070422: InitEventCollector
fail
Error - 04.05.2013 10:40:22 | Computer Name = STOIBER-PRIVAT | Source = COM+ | ID = 135761
Description = In der Laufzeitumgebung wurde ein inkonsistenter interner Status erkannt.
Dies deutet auf eine potenzielle Instabilität des Prozesses hin. Diese Instabilität
wird durch die in der COM+-Anwendung ausgeführten benutzerdefinierten Komponenten,
die von ihnen verwendeten Komponenten oder durch andere Faktoren verursacht. Fehler
in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 80070422: InitEventCollector
fail
Error - 04.05.2013 10:40:57 | Computer Name = STOIBER-PRIVAT | Source = COM+ | ID = 135761
Description = In der Laufzeitumgebung wurde ein inkonsistenter interner Status erkannt.
Dies deutet auf eine potenzielle Instabilität des Prozesses hin. Diese Instabilität
wird durch die in der COM+-Anwendung ausgeführten benutzerdefinierten Komponenten,
die von ihnen verwendeten Komponenten oder durch andere Faktoren verursacht. Fehler
in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 80070422: InitEventCollector
fail
Error - 04.05.2013 10:41:09 | Computer Name = STOIBER-PRIVAT | Source = COM+ | ID = 135761
Description = In der Laufzeitumgebung wurde ein inkonsistenter interner Status erkannt.
Dies deutet auf eine potenzielle Instabilität des Prozesses hin. Diese Instabilität
wird durch die in der COM+-Anwendung ausgeführten benutzerdefinierten Komponenten,
die von ihnen verwendeten Komponenten oder durch andere Faktoren verursacht. Fehler
in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 80070422: InitEventCollector
fail
Error - 04.05.2013 10:46:24 | Computer Name = STOIBER-PRIVAT | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: PresentationFramework, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
. Error code = 0x80070020
[ System Events ]
Error - 04.05.2013 10:41:09 | Computer Name = STOIBER-PRIVAT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "COMSysApp"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
Error - 04.05.2013 10:41:22 | Computer Name = STOIBER-PRIVAT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ServiceLayer"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {ACF50018-41F8-476D-85FD-CD953DAE4A49}
Error - 04.05.2013 10:41:24 | Computer Name = STOIBER-PRIVAT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ServiceLayer"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {ACF50018-41F8-476D-85FD-CD953DAE4A49}
Error - 04.05.2013 10:41:31 | Computer Name = STOIBER-PRIVAT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ServiceLayer"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {ACF50018-41F8-476D-85FD-CD953DAE4A49}
Error - 04.05.2013 10:41:39 | Computer Name = STOIBER-PRIVAT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ServiceLayer"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {ACF50018-41F8-476D-85FD-CD953DAE4A49}
Error - 04.05.2013 10:41:41 | Computer Name = STOIBER-PRIVAT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ServiceLayer"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {ACF50018-41F8-476D-85FD-CD953DAE4A49}
Error - 04.05.2013 10:41:43 | Computer Name = STOIBER-PRIVAT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ServiceLayer"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {ACF50018-41F8-476D-85FD-CD953DAE4A49}
Error - 04.05.2013 10:41:44 | Computer Name = STOIBER-PRIVAT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ServiceLayer"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {ACF50018-41F8-476D-85FD-CD953DAE4A49}
Error - 04.05.2013 10:41:46 | Computer Name = STOIBER-PRIVAT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ServiceLayer"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {ACF50018-41F8-476D-85FD-CD953DAE4A49}
Error - 04.05.2013 10:41:48 | Computer Name = STOIBER-PRIVAT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ServiceLayer"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {ACF50018-41F8-476D-85FD-CD953DAE4A49}
< End of report >
Geändert von Philie (04.05.2013 um 16:46 Uhr) |
|
04.05.2013, 19:53
| #2 |
| /// Malwareteam / Visitor  | Incredibar entfernen! Hi Philie
__________________Ich bin gespannt ob Zoek auch hier der Lösung sein kann? Systemscan mit ZOEK Bitte lade die zoek.exe von hier: http://hijackthis.nl/smeenk/
|
|
04.05.2013, 21:10
| #3 |
| | Incredibar entfernen! Gesagt getan!
__________________Code:
ATTFilter
Zoek.exe Version 4.0.0.2 Updated 03-May-2013
Tool run by Sebastian on 04.05.2013 at 21:59:19,40.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
==== Older Logs ======================
C:\zoek-results04.05.2013-2157.log 214 bytes
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Files \ Folders ======================
"C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\DSite" deleted
"C:\WINDOWS\System32\jmdp" deleted
"C:\WINDOWS\System32\ARFC" deleted
==== Files Recently Created / Modified ======================
====== C:\WINDOWS ====
2013-05-02 21:41:38 8BC5260197A59C02A6E103B2A71AC421 873 ----a-w- C:\WINDOWS\uninst.ini
====== C:\DOKUME~1\SEBAST~1\LOKALE~1\Temp ====
====== C:\WINDOWS\system32 =====
2013-05-02 20:31:36 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\WINDOWS\System32\TempWmicBatchFile.bat
2013-05-02 19:49:09 C9564CF4976E7E96B4052737AA2492B4 632656 ----a-w- C:\WINDOWS\System32\msvcr80.dll
2013-05-02 19:49:09 1D109ED0D660654EA7FF1574558031C4 479232 ----a-w- C:\WINDOWS\System32\msvcm80.dll
2013-05-02 19:49:09 188E68005ED62F32248032C65CB4DE96 1870 ----a-w- C:\WINDOWS\System32\Microsoft.VC80.CRT.manifest
2013-05-02 19:49:09 0B3595A4FF0B36D68E5FC67FD7D70FDC 554832 ----a-w- C:\WINDOWS\System32\msvcp80.dll
2013-05-02 19:49:08 BC83108B18756547013ED443B8CDB31B 421200 ----a-w- C:\WINDOWS\System32\msvcp100.dll
2013-05-02 19:49:08 0E37FBFA79D349D672456923EC5FBBE3 773968 ----a-w- C:\WINDOWS\System32\msvcr100.dll
====== C:\WINDOWS\system32\drivers =====
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Programme =====
======= C: =====
2013-05-04 15:47:57 3EE541C63CCFA2CDAFE95E8FAABEC55B 1572 ----a-w- C:\DelFix.txt
====== C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten ======
2013-05-02 20:32:38 -------- d-----w- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\AnySend
2013-05-02 20:32:19 -------- d-----w- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AnySend
====== C:\Dokumente und Einstellungen\Sebastian ======
====== C: exe-files ==
2013-05-04 15:54:30 788FCDDD88240A85039F7F561093B118 448512 ----a-w- C:\Dokumente und Einstellungen\Sebastian\Eigene Dateien\Downloads\TFC.exe
2013-05-02 22:08:43 200400F735A399A6047010CC60C04D94 234872 -c----w- C:\WINDOWS\ie7updates\KB2817183-IE7\spuninst\spuninst.exe
2013-05-02 22:08:37 F77E696991FED3B92E09AC0CE91E9BCA 643104 -c----w- C:\WINDOWS\ie7updates\KB2817183-IE7\iexplore.exe
2013-05-02 22:08:37 B595B309F354262DE45FC8CEC18BB9CD 70656 -c----w- C:\WINDOWS\ie7updates\KB2817183-IE7\ie4uinit.exe
2013-05-02 22:08:37 2ED7BCA268D0661B6EAC9B9C20576767 13824 -c----w- C:\WINDOWS\ie7updates\KB2817183-IE7\ieudinit.exe
2013-05-02 20:34:45 B0E3575D67B3B5B2E28EE107AC8161C6 6268080 ----a-w- C:\Dokumente und Einstellungen\Sebastian\Eigene Dateien\Downloads\speedupmypc.exe
2013-05-02 20:27:40 905BCE7FCB2EC120BCA61583DC5E8EE1 685624 ----a-w- C:\Dokumente und Einstellungen\Sebastian\Eigene Dateien\Downloads\AnySendSetup.exe
2013-05-02 20:03:47 A04143549394CC3ED6CCD75778230185 161992 ----a-w- C:\Dokumente und Einstellungen\Sebastian\Eigene Dateien\Downloads\7ZipSetup.exe
2013-05-02 19:44:00 74E337FFEB2B34043F8499D2F3DE03A8 59784 ----atw- C:\Programme\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe
2013-05-02 19:44:00 376ECCCE33C2C232112DE830E3C81763 59784 ----atw- C:\Programme\Google\Update\1.3.21.135\GoogleUpdateBroker.exe
2013-05-02 19:43:59 984CC93BB0EF86A0B4825269D8379D81 774424 ----a-w- C:\Programme\Google\Update\1.3.21.135\GoogleUpdateSetup.exe
2013-05-02 19:43:50 BECDDA0990DEBD72A30096533521AD73 213384 ----atw- C:\Programme\Google\Update\1.3.21.135\GoogleCrashHandler.exe
2013-05-02 19:43:50 B676429E44F2F8ACC3BAE7C89F46B212 281480 ----atw- C:\Programme\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
2013-05-02 19:43:49 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Programme\Google\Update\1.3.21.135\GoogleUpdate.exe
2013-05-02 19:43:37 984CC93BB0EF86A0B4825269D8379D81 774424 ----a-w- C:\Programme\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.135\GoogleUpdateSetup.exe
2013-05-02 19:43:25 96741889929C52F21BD6221489ADD0FB 6095408 ----a-w- C:\Programme\AVG\AVG2012\avgmfapx.exe
=== C: other files ==
2013-05-02 20:32:45 B4D7B7AD8A9F7C063C5CC3E2C1A0724E 12928 -c----w- C:\WINDOWS\system32\dllcache\usb8023x.sys
2013-05-02 20:32:45 B4D7B7AD8A9F7C063C5CC3E2C1A0724E 12928 ------w- C:\WINDOWS\Driver Cache\i386\usb8023x.sys
2013-05-02 20:32:45 2A7A8AD9D39A2FAF9D9293B5DAFF3A4B 12928 -c----w- C:\WINDOWS\system32\dllcache\usb8023.sys
2013-05-02 20:31:36 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\WINDOWS\system32\TempWmicBatchFile.bat
2013-05-02 19:51:58 B4B9E960ED7FF22C09A63C85DE4087F4 274144 ----a-w- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2012\IDS\config\internalList.zip
==== Startup Registry Enabled ======================
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
"PcSync"="C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
[HKEY_USERS\S-1-5-21-1985724923-4270092327-515847459-1007\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe"
"TVBroadcast"="C:\Programme\Sceneo\Bonavista\SERVICES\ODSBC\ODSBCApp.exe"
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe /background"
"EPSON Stylus DX9400F Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE /FU C:\WINDOWS\TEMP\E_SA5.tmp /EF HKCU"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
"PcSync"="C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup"
"RTHDCPL"="RTHDCPL.EXE"
"SkyTel"="SkyTel.EXE"
"Alcmtr"="ALCMTR.EXE"
"LaunchAp"="C:\Programme\Launch Manager\LaunchAp.exe"
"CtrlVol"="C:\Programme\Launch Manager\CtrlVol.exe"
"LMgrOSD"="C:\Programme\Launch Manager\OSD.exe"
"Wbutton"="C:\Programme\Launch Manager\Wbutton.exe"
"SMSERIAL"="C:\WINDOWS\sm56hlpr.exe"
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe"
"IntelZeroConfig"="C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
"IntelWireless"="C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless"
"NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe"
"LanguageShortcut"="C:\Programme\Home Cinema\PowerDVD\Language\Language.exe"
"InstantOn"="C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c "
"GrooveMonitor"="C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
"PCSuiteTrayApplication"="C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup"
"AVG_TRAY"="C:\Programme\AVG\AVG2012\avgtray.exe"
"APSDaemon"="C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe"
"QuickTime Task"="C:\Programme\QuickTime\QTTask.exe -atboottime"
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe"
"TVBroadcast"="C:\Programme\Sceneo\Bonavista\SERVICES\ODSBC\ODSBCApp.exe"
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe /background"
"EPSON Stylus DX9400F Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE /FU C:\WINDOWS\TEMP\E_SA5.tmp /EF HKCU"
==== Task Scheduler Jobs ======================
C:\WINDOWS\tasks\AppleSoftwareUpdate.job --a------ C:\Programme\Apple Software Update\SoftwareUpdate.exe [01.06.2011 17:57]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Programme\Google\Update\GoogleUpdate.exe [25.05.2012 23:50]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Programme\Google\Update\GoogleUpdate.exe [25.05.2012 23:50]
==== Firefox Extensions ======================
ProfilePath: C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Firefox\Profiles\zna6yptg.default
- AVG Do Not Track - C:\Programme\AVG\AVG2012\Firefox\DoNotTrack
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- GMX MailCheck - %ProfilePath%\extensions\toolbar@gmx.net.xpi
==== Firefox Plugins ======================
Profilepath: C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Firefox\Profiles\zna6yptg.default
E0FF893763BA82BAABB869A351F0C455 - C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll - Google Update
A5C14075B571AF1C9592595BE724D9D2 - c:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll - Silverlight Plug-In
D8EBF6A12964A58C10914DA54E175538 - C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.2
F9BBFA16FB90CE6C281FA769FCBFCFF4 - C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.2
EBFEBE105BA936529CB7D35640E358A6 - C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.2
3245033EBD85FE35C8B3255F1350C7EF - C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.2
B0974502837C3DF3665A11C1B79F0EB1 - C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.2
9F272BED5CE931D6D1444FAC6ECF3B6B - C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.2
26D2308F97CED4E9090B7A20DC869F9E - C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll - QuickTime Plug-in 7.7.2
7A1E2AF50DDCDD49C114C1099DBEF6E1 - C:\WINDOWS\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.50.255
D0DA6B2FB50A0667CF4BACC2AEFEA009 - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U5
D28AD1CB902AC6D228532812D3850C7D - C:\Programme\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
5789773089BC334C56CC31833F20DAF6 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll - Shockwave Flash
47AFF25B68CE4885FEC6CFDEF8FEBB5C - C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll - Java Deployment Toolkit 6.0.290.11
24E990B1E6D55428001843CF7217DD81 - C:\Programme\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox
3571F132FF4D3E61C8C913C2C5DE9929 - C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll - DivX Player Netscape Plugin
2135BD9615F6FCAA160E390F88F0956D - C:\Programme\DivX\DivX Web Player\npdivx32.dll - DivX Web Player
8BA469072B5A692B659F856C7E97A230 - C:\Programme\Canon\ZoomBrowser EX\Program\NPCIG.dll - NPCIG.dll
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
6C7B4DAF6190083D8771E1262FD9FFD2 - C:\Programme\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll - Adobe Acrobat
D8EBF6A12964A58C10914DA54E175538 - C:\Programme\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.2
F9BBFA16FB90CE6C281FA769FCBFCFF4 - C:\Programme\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.2
EBFEBE105BA936529CB7D35640E358A6 - C:\Programme\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.2
3245033EBD85FE35C8B3255F1350C7EF - C:\Programme\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.2
B0974502837C3DF3665A11C1B79F0EB1 - C:\Programme\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.2
9F272BED5CE931D6D1444FAC6ECF3B6B - C:\Programme\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.2
26D2308F97CED4E9090B7A20DC869F9E - C:\Programme\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.2
2135BD9615F6FCAA160E390F88F0956D - C:\Programme\Opera\program\plugins\npdivx32.dll - DivX Web Player
3459C7D985157FBE6CAE19DA0935364C - C:\Programme\Opera\program\plugins\npqtplugin7.dll - QuickTime Plug-in 7.5 (861)
318E048793772D4134D63FC4AD778665 - C:\Programme\Opera\program\plugins\npqtplugin6.dll - QuickTime Plug-in 7.5 (861)
75CC2DA77833C869D29B045A8D57DC5B - C:\Programme\Opera\program\plugins\npqtplugin5.dll - QuickTime Plug-in 7.5 (861)
82EF79A6F74FC0F888A02C2C4C86FBC2 - C:\Programme\Opera\program\plugins\npqtplugin4.dll - QuickTime Plug-in 7.5 (861)
327363962F4F3DC5C60BCCDD3E6D4FD4 - C:\Programme\Opera\program\plugins\npqtplugin3.dll - QuickTime Plug-in 7.5 (861)
7510F4EA228BD5C4BE90180112F25E6A - C:\Programme\Opera\program\plugins\npqtplugin2.dll - QuickTime Plug-in 7.5 (861)
F2A667B94AC4CE736818A56EAFC84630 - C:\Programme\Opera\program\plugins\npqtplugin.dll - QuickTime Plug-in 7.5 (861)
47AFF25B68CE4885FEC6CFDEF8FEBB5C - C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll - Java Deployment Toolkit 6.0.290.11
2AA3703D87E1327A2290C9D416D89A28 - c:\Programme\Microsoft Silverlight\5.1.20125.0\npctrlui.dll - Microsoft® Silverlight
F630B4A9D9C1AAF6BBABBB41E9BD45B5 - C:\WINDOWS\system32\npptools.dll - Betriebssystem Microsoft® Windows®
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
ndibdjnfmopecpmkdieinmbadjfpblof - C:\Programme\AVG\AVG2012\Chrome\donottrack.crx[20.04.2012 06:18]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
"ICQ Search"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"ICQ Search"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512 Url="hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5 emptied successfully
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\zna6yptg.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
After Reboot
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\DOKUME~1\SEBAST~1\LOKALE~1\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\RECYCLER successfully emptied
==== Deleting Files / Folders ======================
"C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat" not found
|
|
04.05.2013, 21:47
| #4 |
| /// Malwareteam / Visitor | Incredibar entfernen! Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Mach auch eine neue Scan mit OTL und poste mir der neue Log  |
|
04.05.2013, 22:50
| #5 |
| | Incredibar entfernen! bittesehr! AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.300 - Datei am 04/05/2013 um 23:19:54 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer :
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Sebastian\Eigene Dateien\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v7.0.6000.17128
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v13.0.1 (de)
Datei : C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Firefox\Profiles\zna6yptg.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [802 octets] - [04/05/2013 23:19:54]
########## EOF - C:\AdwCleaner[S1].txt - [861 octets] ##########
--- --- --- OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.05.2013 23:34:02 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Sebastian\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1022,11 Mb Total Physical Memory | 491,34 Mb Available Physical Memory | 48,07% Memory free 2,40 Gb Paging File | 1,98 Gb Available in Paging File | 82,56% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 133,43 Gb Total Space | 114,01 Gb Free Space | 85,45% Space Free | Partition Type: NTFS Drive D: | 15,60 Gb Total Space | 7,13 Gb Free Space | 45,72% Space Free | Partition Type: FAT32 Computer Name: | User Name:| Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.04 23:33:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sebastian\Desktop\OTL.exe PRC - [2013.05.02 01:33:29 | 004,858,456 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2013.05.02 01:33:29 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.06.23 22:28:06 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.05.24 13:28:56 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2012.05.04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe PRC - [2012.01.17 11:07:54 | 000,252,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.11.28 15:12:12 | 000,222,720 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe PRC - [2006.10.24 11:14:44 | 001,441,280 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe PRC - [2006.10.20 00:43:00 | 000,814,080 | ---- | M] (ODSoft multimedia) -- C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe PRC - [2006.08.02 01:38:30 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe PRC - [2006.08.02 01:32:44 | 000,696,320 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe PRC - [2006.07.10 20:02:46 | 000,086,016 | ---- | M] () -- C:\Programme\Launch Manager\WButton.exe PRC - [2006.04.24 15:25:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe PRC - [2006.04.05 18:36:52 | 000,565,248 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe PRC - [2005.07.25 14:36:40 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe PRC - [2005.03.16 14:52:02 | 000,204,800 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\OSD.exe PRC - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE ========== Modules (No Company Name) ========== MOD - [2013.05.04 21:38:42 | 002,082,816 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\13050401\algo.dll MOD - [2012.06.23 22:28:06 | 002,042,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll MOD - [2011.02.04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008.03.25 06:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll MOD - [2006.09.16 22:19:36 | 000,126,976 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2006.08.02 01:26:20 | 000,118,784 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll MOD - [2006.08.02 01:24:54 | 000,348,160 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\IntStngs.dll MOD - [2006.07.10 20:02:46 | 000,086,016 | ---- | M] () -- C:\Programme\Launch Manager\WButton.exe MOD - [2006.06.08 01:42:24 | 000,098,304 | ---- | M] () -- C:\Programme\Sceneo\Bonavista\Services\PVR\tvtvRemote.dll MOD - [2005.07.25 14:36:40 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe MOD - [2004.04.23 17:01:00 | 000,299,008 | ---- | M] () -- C:\WINDOWS\system32\midas.dll ========== Services (SafeList) ========== SRV - [2013.05.04 22:53:43 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.02 01:33:29 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.23 22:28:06 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.24 13:28:56 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2012.05.04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2007.01.31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8) SRV - [2006.11.06 15:21:10 | 000,210,432 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.24 11:14:44 | 001,441,280 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe -- (srvcPVR) SRV - [2006.04.24 15:25:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2005.10.06 19:13:10 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS) SRV - [2005.04.04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) SRV - [2001.11.12 15:31:48 | 000,020,480 | ---- | M] (X10) [Disabled | Stopped] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Wbutton.sys -- (Wbutton) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (mailKmd) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013.05.02 16:52:41 | 000,174,664 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm) DRV - [2013.05.02 01:34:09 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2013.05.02 01:34:09 | 000,368,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2013.05.02 01:34:09 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2013.05.02 01:34:09 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt) DRV - [2013.05.02 01:34:08 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2013.05.02 01:34:08 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2013.05.02 01:34:07 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE) DRV - [2006.10.12 14:57:34 | 001,053,824 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PhilCap.sys -- (PhilCap) DRV - [2006.10.10 09:54:34 | 000,138,240 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent) DRV - [2006.10.10 09:54:32 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port) DRV - [2006.10.10 09:54:32 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem) DRV - [2006.10.10 09:54:32 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic) DRV - [2006.09.22 14:14:10 | 004,381,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) DRV - [2006.08.02 02:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2006.06.17 21:36:32 | 000,083,968 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2006.04.05 18:47:20 | 000,891,008 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial) DRV - [2005.12.22 18:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2005.11.28 12:45:16 | 000,007,040 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10hid.sys -- (X10Hid) DRV - [2005.11.16 21:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2005.11.01 19:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2005.05.19 17:52:58 | 000,017,792 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10ufx2.sys -- (XUIF) DRV - [2003.04.28 12:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1985724923-4270092327-515847459-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-1985724923-4270092327-515847459-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-1985724923-4270092327-515847459-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-1985724923-4270092327-515847459-1007\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1985724923-4270092327-515847459-1007\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1985724923-4270092327-515847459-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1985724923-4270092327-515847459-1007\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1985724923-4270092327-515847459-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: toolbar@gmx.net:2.5.1 FF - prefs.js..extensions.enabledAddons: wrc@avast.com:8.0.1488 FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1410 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Programme\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2013.05.04 22:39:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.23 22:28:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.06.13 00:19:12 | 000,000,000 | ---D | M] [2010.01.31 17:31:00 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Extensions [2013.05.04 17:16:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Firefox\Profiles\zna6yptg.default\extensions [2010.05.01 22:32:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Firefox\Profiles\zna6yptg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.05.02 22:30:00 | 000,515,433 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Firefox\Profiles\zna6yptg.default\extensions\toolbar@gmx.net.xpi [2013.05.02 22:58:47 | 000,002,418 | ---- | M] () -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Firefox\Profiles\zna6yptg.default\searchplugins\englische-ergebnisse.xml [2013.05.02 22:58:47 | 000,010,701 | ---- | M] () -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Firefox\Profiles\zna6yptg.default\searchplugins\gmx-suche.xml [2013.05.02 22:58:47 | 000,002,432 | ---- | M] () -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Firefox\Profiles\zna6yptg.default\searchplugins\lastminute.xml [2013.05.02 22:58:47 | 000,005,682 | ---- | M] () -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Firefox\Profiles\zna6yptg.default\searchplugins\webde-suche.xml [2012.03.18 15:01:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.05.31 22:26:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.05.04 22:39:51 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAMME\AVAST SOFTWARE\AVAST\WEBREP\FF [2012.06.23 22:28:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2012.06.23 22:28:02 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.23 22:28:02 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.23 22:28:02 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.23 22:28:02 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.23 22:28:02 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.23 22:28:02 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.03.24 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKU\S-1-5-21-1985724923-4270092327-515847459-1007\..\Toolbar\ShellBrowser: (no name) - {61628E2A-4FF9-4454-992D-D92A8CD27399} - No CLSID value found. O3 - HKU\S-1-5-21-1985724923-4270092327-515847459-1007\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe (Wistron) O4 - HKLM..\Run: [InstantOn] C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe () O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [LanguageShortcut] C:\Programme\Home Cinema\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LMgrOSD] C:\Programme\Launch Manager\OSD.exe (Wistron) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia) O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Wbutton] C:\Programme\Launch Manager\Wbutton.exe () O4 - HKU\.DEFAULT..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\S-1-5-18..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\S-1-5-21-1985724923-4270092327-515847459-1007..\Run: [EPSON Stylus DX9400F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-1985724923-4270092327-515847459-1007..\Run: [TVBroadcast] C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1985724923-4270092327-515847459-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O15 - HKU\S-1-5-21-1985724923-4270092327-515847459-1007\..Trusted Domains: fachschaft-zahnmedizin.de ([www] https in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-1985724923-4270092327-515847459-1007\..Trusted Domains: uni-muenchen.de ([bow.dent.med] https in Vertrauenswürdige Sites) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163614636698 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1367700849064 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B5CC2A6-BDDA-43A9-833F-E7C9398BBB9C}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\dokume~1\alluse~1\anwend~1\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.11.15 19:12:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.04 23:33:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sebastian\Desktop\OTL.exe [2013.05.04 22:53:42 | 000,691,592 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.05.04 22:40:15 | 000,368,944 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2013.05.04 22:40:15 | 000,056,080 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2013.05.04 22:40:15 | 000,049,760 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2013.05.04 22:40:15 | 000,029,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2013.05.04 22:40:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus [2013.05.04 22:40:14 | 000,765,736 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2013.05.04 22:40:14 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys [2013.05.04 22:40:13 | 000,229,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2013.05.04 22:39:36 | 000,041,664 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2013.05.04 22:39:04 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software [2013.05.04 22:38:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [2013.05.04 22:24:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\TuneUp Software [2013.05.04 22:04:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp [2013.05.04 20:56:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles [2013.05.04 17:47:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2013.05.02 22:32:45 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys [2013.05.02 22:32:45 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys [2013.05.02 22:32:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\AnySend [2013.05.02 22:32:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AnySend [2013.05.02 21:49:09 | 000,632,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll [2013.05.02 21:49:09 | 000,554,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll [2013.05.02 21:49:09 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcm80.dll [2013.05.02 21:49:08 | 000,773,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr100.dll [2013.05.02 21:49:08 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp100.dll [1 C:\Dokumente und Einstellungen\Sebastian\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Sebastian\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.04 23:33:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sebastian\Desktop\OTL.exe [2013.05.04 23:22:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.05.04 23:22:42 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2013.05.04 23:22:30 | 000,000,314 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2013.05.04 23:21:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.05.04 23:21:53 | 1071,828,992 | -HS- | M] () -- C:\hiberfil.sys [2013.05.04 23:01:52 | 000,000,700 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2013.05.04 22:53:44 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.05.04 22:53:42 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.05.04 22:53:41 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.05.04 22:40:15 | 000,001,657 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk [2013.05.04 22:40:14 | 000,002,951 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2013.05.04 21:59:17 | 000,024,064 | ---- | M] () -- C:\WINDOWS\zoek-delete.exe [2013.05.04 17:55:31 | 000,464,810 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.05.04 17:55:31 | 000,446,152 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.05.04 17:55:31 | 000,087,006 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.05.04 17:55:31 | 000,073,358 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.05.04 16:39:10 | 000,317,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.05.03 00:07:29 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.05.02 23:41:38 | 000,000,873 | ---- | M] () -- C:\WINDOWS\uninst.ini [2013.05.02 22:33:29 | 000,001,232 | ---- | M] () -- C:\WINDOWS\pstudio.ini [2013.05.02 22:33:27 | 000,000,028 | ---- | M] () -- C:\WINDOWS\album.ini [2013.05.02 22:31:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat [2013.05.02 16:52:41 | 000,174,664 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys [2013.05.02 01:34:09 | 000,765,736 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2013.05.02 01:34:09 | 000,368,944 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2013.05.02 01:34:09 | 000,056,080 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2013.05.02 01:34:09 | 000,049,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys [2013.05.02 01:34:08 | 000,066,336 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys [2013.05.02 01:34:08 | 000,049,760 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2013.05.02 01:34:07 | 000,029,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2013.05.02 01:33:35 | 000,041,664 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2013.05.02 01:33:27 | 000,229,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [1 C:\Dokumente und Einstellungen\Sebastian\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Sebastian\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.04 23:01:50 | 000,000,700 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2013.05.04 22:53:44 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.05.04 22:40:15 | 000,001,657 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk [2013.05.04 22:40:14 | 000,174,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys [2013.05.04 22:40:14 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys [2013.05.04 22:40:14 | 000,000,314 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2013.05.04 22:04:22 | 000,024,064 | ---- | C] () -- C:\WINDOWS\zoek-delete.exe [2013.05.02 23:41:38 | 000,000,873 | ---- | C] () -- C:\WINDOWS\uninst.ini [2013.05.02 22:31:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat [2012.07.30 21:34:51 | 000,010,455 | ---- | C] () -- C:\Dokumente und Einstellungen\Sebastian\TheresaS_elster_2048.pfx [2012.03.18 18:09:07 | 000,000,062 | ---- | C] () -- C:\WINDOWS\pcvcdbr.INI [2012.03.18 18:09:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcvcdvw.INI [2012.02.16 01:15:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2008.07.15 13:59:33 | 000,018,944 | ---- | C] () -- C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.05.12 09:13:35 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2007.05.12 08:24:24 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Default.PLS [2007.05.12 08:24:22 | 000,000,142 | ---- | C] () -- C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2006.11.15 19:08:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 124 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0B4227B4 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.05.2013 23:34:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Sebastian\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1022,11 Mb Total Physical Memory | 491,34 Mb Available Physical Memory | 48,07% Memory free
2,40 Gb Paging File | 1,98 Gb Available in Paging File | 82,56% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 133,43 Gb Total Space | 114,01 Gb Free Space | 85,45% Space Free | Partition Type: NTFS
Drive D: | 15,60 Gb Total Space | 7,13 Gb Free Space | 45,72% Space Free | Partition Type: FAT32
Computer Name: | User Name:| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:enabled:Remoteunterstützung -- (Microsoft Corporation)
"C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:enabled:Windows Messenger -- (Microsoft Corporation)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax -- (Microsoft Corporation)
"C:\Programme\NetMeeting\Conf.exe" = C:\Programme\NetMeeting\Conf.exe:*:enabled:NetMeeting -- (Microsoft Corporation)
"C:\Programme\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe" = C:\Programme\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe:*:enabled:Nero MediaHome -- (Nero AG)
"C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe:*:enabled:Nero Home -- (Nero AG)
"C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroUpgrade.exe" = C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroUpgrade.exe:*:enabled:Nero Upgrade -- (Nero AG)
"C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe" = C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe:*:enabled:Nero Setup -- (Nero AG)
"C:\Programme\Sceneo\Bonavista\VMedia\BVD.exe" = C:\Programme\Sceneo\Bonavista\VMedia\BVD.exe:*:enabled:Sceneo Bonavista -- (Buhl Data Service GmbH)
"C:\Programme\Sonavis\TVsweeper\\TVsweeper.exe" = C:\Programme\Sonavis\TVsweeper\\TVsweeper.exe:*:enabled:TVsweeper
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:enabled:Remoteunterstützung -- (Microsoft Corporation)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax -- (Microsoft Corporation)
"C:\Programme\NetMeeting\Conf.exe" = C:\Programme\NetMeeting\Conf.exe:*:enabled:NetMeeting -- (Microsoft Corporation)
"C:\Programme\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe" = C:\Programme\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe:*:enabled:Nero MediaHome -- (Nero AG)
"C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe:*:enabled:Nero Home -- (Nero AG)
"C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroUpgrade.exe" = C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroUpgrade.exe:*:enabled:Nero Upgrade -- (Nero AG)
"C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe" = C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe:*:enabled:Nero Setup -- (Nero AG)
"C:\Programme\Sceneo\Bonavista\VMedia\BVD.exe" = C:\Programme\Sceneo\Bonavista\VMedia\BVD.exe:*:enabled:Sceneo Bonavista -- (Buhl Data Service GmbH)
"C:\Programme\Sonavis\TVsweeper\\TVsweeper.exe" = C:\Programme\Sonavis\TVsweeper\\TVsweeper.exe:*:enabled:TVsweeper
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\Internet Explorer\IEXPLORE.EXE" = C:\Programme\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen -- (Microsoft Corporation)
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Programme\AVG\AVG10\avgmfapx.exe" = C:\Programme\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG-Installationsprogramm
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programme\AVG\AVG2012\avgmfapx.exe" = C:\Programme\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG-Installationsprogramm
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\WINDOWS\system32\dmwu.exe" = C:\WINDOWS\system32\dmwu.exe:*:Enabled:dmwu
"C:\WINDOWS\system32\ARFC\wrtc.exe" = C:\WINDOWS\system32\ARFC\wrtc.exe:*:Enabled:wrtc
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02091327-B124-4216-9D71-58C0E24F5392}" = Nokia PC Suite
"{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}" = PC Connectivity Solution
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2792F12C-3515-4D69-8083-B557AF35F06F}" = LightScribe 1.4.89.1
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BFFC6B8-4EC0-4240-858C-998FD4077983}" = Nokia Connectivity Cable Driver
"{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows-Journal-Viewer
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo Bonavista
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5B8072B3-A576-4C0B-99BC-FAA7145A1031}" = Nero 7 Essentials
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows-Sicherungsprogramm
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A70800000002}" = Adobe Reader 7.0.8 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.3.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}" = PowerCinema Linux 5.0
"{E0A1559B-9886-11D4-8D06-0050DA284A39}" = Scan Manager 5.2
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FAF88B432344413595BB2DED98385684}" = DivX User Guide
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
"4CFD94C379217A02D5EA067615FF789CD731BCDB" = Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArcSoft PhotoBase" = ArcSoft PhotoBase
"ArcSoft PhotoStudio 2000" = ArcSoft PhotoStudio 2000
"avast" = avast! Free Antivirus
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Canon ScanGear Toolbox 3.0" = Canon ScanGear Toolbox 3.0
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ElsterFormular" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"EPSON Stylus CX9300F_DX9400F Benutzerhandbuch" = EPSON Stylus CX9300F_DX9400F Handbuch
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSNINST" = MSN
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OmniPagePro9.0DeinstKey" = OmniPage Pro 9.0
"PhotoStitch" = Canon Utilities PhotoStitch
"ProInst" = Intel(R) PROSet/Wireless Software
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tweak UI 2.10" = Tweak UI
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Media Center Edition Screen Saver Screen Saver" = Windows XP Media Center Edition Screen Saver Screen Saver
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
"WMCSetup" = Windows Media Connect
"X10Hardware" = X10 Hardware(TM)
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.05.2013 12:02:14 | Computer Name =| Source = COM+ | ID = 135761
Description = In der Laufzeitumgebung wurde ein inkonsistenter interner Status erkannt.
Dies deutet auf eine potenzielle Instabilität des Prozesses hin. Diese Instabilität
wird durch die in der COM+-Anwendung ausgeführten benutzerdefinierten Komponenten,
die von ihnen verwendeten Komponenten oder durch andere Faktoren verursacht. Fehler
in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 80070422: InitEventCollector
fail
Error - 04.05.2013 16:06:54 | Computer Name =| Source = COM+ | ID = 135761
Description = In der Laufzeitumgebung wurde ein inkonsistenter interner Status erkannt.
Dies deutet auf eine potenzielle Instabilität des Prozesses hin. Diese Instabilität
wird durch die in der COM+-Anwendung ausgeführten benutzerdefinierten Komponenten,
die von ihnen verwendeten Komponenten oder durch andere Faktoren verursacht. Fehler
in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 80070422: InitEventCollector
fail
Error - 04.05.2013 16:07:38 | Computer Name =| Source = COM+ | ID = 135761
Description = In der Laufzeitumgebung wurde ein inkonsistenter interner Status erkannt.
Dies deutet auf eine potenzielle Instabilität des Prozesses hin. Diese Instabilität
wird durch die in der COM+-Anwendung ausgeführten benutzerdefinierten Komponenten,
die von ihnen verwendeten Komponenten oder durch andere Faktoren verursacht. Fehler
in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 80070422: InitEventCollector
fail
Error - 04.05.2013 16:07:43 | Computer Name =| Source = COM+ | ID = 135761
Description = In der Laufzeitumgebung wurde ein inkonsistenter interner Status erkannt.
Dies deutet auf eine potenzielle Instabilität des Prozesses hin. Diese Instabilität
wird durch die in der COM+-Anwendung ausgeführten benutzerdefinierten Komponenten,
die von ihnen verwendeten Komponenten oder durch andere Faktoren verursacht. Fehler
in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 80070422: InitEventCollector
fail
Error - 04.05.2013 16:27:35 | Computer Name =| Source = COM+ | ID = 135761
Description = In der Laufzeitumgebung wurde ein inkonsistenter interner Status erkannt.
Dies deutet auf eine potenzielle Instabilität des Prozesses hin. Diese Instabilität
wird durch die in der COM+-Anwendung ausgeführten benutzerdefinierten Komponenten,
die von ihnen verwendeten Komponenten oder durch andere Faktoren verursacht. Fehler
in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 80070422: InitEventCollector
fail
Error - 04.05.2013 16:27:52 | Computer Name =| Source = COM+ | ID = 135761
Description = In der Laufzeitumgebung wurde ein inkonsistenter interner Status erkannt.
Dies deutet auf eine potenzielle Instabilität des Prozesses hin. Diese Instabilität
wird durch die in der COM+-Anwendung ausgeführten benutzerdefinierten Komponenten,
die von ihnen verwendeten Komponenten oder durch andere Faktoren verursacht. Fehler
in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 80070422: InitEventCollector
fail
Error - 04.05.2013 16:27:58 | Computer Name =| Source = COM+ | ID = 135761
Description = In der Laufzeitumgebung wurde ein inkonsistenter interner Status erkannt.
Dies deutet auf eine potenzielle Instabilität des Prozesses hin. Diese Instabilität
wird durch die in der COM+-Anwendung ausgeführten benutzerdefinierten Komponenten,
die von ihnen verwendeten Komponenten oder durch andere Faktoren verursacht. Fehler
in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 80070422: InitEventCollector
fail
Error - 04.05.2013 17:22:23 | Computer Name =| Source = COM+ | ID = 135761
Description = In der Laufzeitumgebung wurde ein inkonsistenter interner Status erkannt.
Dies deutet auf eine potenzielle Instabilität des Prozesses hin. Diese Instabilität
wird durch die in der COM+-Anwendung ausgeführten benutzerdefinierten Komponenten,
die von ihnen verwendeten Komponenten oder durch andere Faktoren verursacht. Fehler
in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 80070422: InitEventCollector
fail
Error - 04.05.2013 17:22:46 | Computer Name =| Source = COM+ | ID = 135761
Description = In der Laufzeitumgebung wurde ein inkonsistenter interner Status erkannt.
Dies deutet auf eine potenzielle Instabilität des Prozesses hin. Diese Instabilität
wird durch die in der COM+-Anwendung ausgeführten benutzerdefinierten Komponenten,
die von ihnen verwendeten Komponenten oder durch andere Faktoren verursacht. Fehler
in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 80070422: InitEventCollector
fail
Error - 04.05.2013 17:23:00 | Computer Name =| Source = COM+ | ID = 135761
Description = In der Laufzeitumgebung wurde ein inkonsistenter interner Status erkannt.
Dies deutet auf eine potenzielle Instabilität des Prozesses hin. Diese Instabilität
wird durch die in der COM+-Anwendung ausgeführten benutzerdefinierten Komponenten,
die von ihnen verwendeten Komponenten oder durch andere Faktoren verursacht. Fehler
in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 80070422: InitEventCollector
fail
[ System Events ]
Error - 04.05.2013 17:23:00 | Computer Name = | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "COMSysApp"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
Error - 04.05.2013 17:23:01 | Computer Name | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ServiceLayer"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {ACF50018-41F8-476D-85FD-CD953DAE4A49}
Error - 04.05.2013 17:23:03 | Computer Name = | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ServiceLayer"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {ACF50018-41F8-476D-85FD-CD953DAE4A49}
Error - 04.05.2013 17:23:05 | Computer Name =| Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ServiceLayer"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {ACF50018-41F8-476D-85FD-CD953DAE4A49}
Error - 04.05.2013 17:23:06 | Computer Name =| Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ServiceLayer"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {ACF50018-41F8-476D-85FD-CD953DAE4A49}
Error - 04.05.2013 17:23:08 | Computer Name =| Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ServiceLayer"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {ACF50018-41F8-476D-85FD-CD953DAE4A49}
Error - 04.05.2013 17:23:21 | Computer Name =| Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ServiceLayer"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {ACF50018-41F8-476D-85FD-CD953DAE4A49}
Error - 04.05.2013 17:23:33 | Computer Name =| Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ServiceLayer"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {ACF50018-41F8-476D-85FD-CD953DAE4A49}
Error - 04.05.2013 17:23:35 | Computer Name = | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ServiceLayer"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {ACF50018-41F8-476D-85FD-CD953DAE4A49}
Error - 04.05.2013 17:23:37 | Computer Name =| Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ServiceLayer"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {ACF50018-41F8-476D-85FD-CD953DAE4A49}
< End of report >
|
|
05.05.2013, 00:17
| #6 |
| /// Malwareteam / Visitor | Incredibar entfernen! Sieht alles schon sehr sauber aus  Downloade Dir bitte  SecurityCheck und:
|
|
05.05.2013, 21:41
| #7 |
| | Incredibar entfernen! Ich fühl mich auch schon wieder sehr befreit!  Code:
ATTFilter Results of screen317's Security Check version 0.99.63
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
AVG Anti-Virus Free Edition 2012
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java(TM) 6 Update 29
Java 7 Update 21
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.7.700.169
Adobe Reader 7 Adobe Reader out of Date!
Mozilla Firefox (20.0.1)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
AVAST Software Avast setup avast.setup
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````
|
|
06.05.2013, 20:52
| #8 |
| /// Malwareteam / Visitor | Incredibar entfernen! Adobe Reader braucht eine Update: Adobe - Adobe Reader herunterladen - Alle Versionen (McAfee Security Scan abwahlen  )Mach auch mal diese PluginCheck: https://www.mozilla.org/de/plugincheck/ Alle veraltete Plugins aktualisieren lassen. |
|
07.05.2013, 20:13
| #9 |
| | Incredibar entfernen! Danke danke! Eine weitere Frage habe ich noch. Ich hab mir bei unseren Bereinigungsprozessen versehentlich die Ask Toolbar installiert und würde die gerne wieder loswerden. Aus den Programmen hab ich sie bereits deinstalliert, aber sie ist immer noch im Browser. Wie werde ich die denn wieder los?! |
|
07.05.2013, 21:14
| #10 |
| /// Malwareteam / Visitor | Incredibar entfernen! Diese Schritt mal wiederholen Wenn Ask nicht verschwunden ist erzähle mir bitte in welchem Browser diese auftaucht? Systemscan mit ZOEK Bitte lade die zoek.exe von hier: http://hijackthis.nl/smeenk/
|
|
08.05.2013, 21:49
| #11 |
| | Incredibar entfernen! Ask ist weg danke!Im Moment suche ich nach einer Möglichkeit ein Pdf-Dokument in Word umzuwandeln, ohne mir dabei wieder unerwünschte Gäste zu holen.. hast du eine Idee? Code:
ATTFilter Zoek.exe Version 4.0.0.2 Updated 06-May-2013
Tool run by Resi on 08.05.2013 at 22:26:00,17.
Microsoft Windows 7 Home Premium 6.1.7600 x64
Running in: Normal Mode Internet Access Detected
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3838763673-1115839168-2840729140-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BC087204-5DDB-4F42-A091-1FF72F17F88D} deleted successfully
==== Deleting CLSID Registry Values ======================
==== FireFox Fix ======================
ProfilePath: C:\Users\Resi\AppData\Roaming\Mozilla\Firefox\Profiles\bneh58d4.default
user.js not found
---- Lines ask.com removed from prefs.js ----
user_pref("browser.search.order.1", "Ask.com");
user_pref("browser.search.selectedEngine", "Ask.com");
---- Lines ask.com modified from prefs.js ----
---- FireFox user.js and prefs.js backups ----
prefs__0032_.backup
prefs__2231_.backup
==== Deleting Files \ Folders ======================
"C:\Users\Resi\AppData\Roaming\Mozilla\Firefox\Profiles\bneh58d4.default\searchplugins\askcom.xml" deleted
"C:\ProgramData\Ask" deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2013-05-04 19:04:13 1B4D815E14B4A6CF423B00E7E9445A5C 41664 ----a-w- C:\Windows\avastSS.scr
2013-04-22 19:33:27 AD9B8FB50C9246453C1DD1F27B199169 103 ----a-w- C:\Windows\wiso.ini
====== C:\Users\Resi\AppData\Local\Temp ====
2013-05-04 19:38:42 CE755676AE6D27A1EFEEFB0F3C70A929 358600 ----a-w- C:\Users\Resi\AppData\Local\Temp\APNStub.exe
====== C:\Windows\SysWOW64 =====
2013-05-04 19:38:13 8255AD29A44B2E14B2DD99319F92A0AB 95648 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-05-04 19:04:46 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\SysWOW64\config.nt
2013-05-04 11:50:32 229770FF9B87160AC3C22517BBFE6BF4 691592 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-05-04 19:04:46 21DD338011E6861D38CC46F9B3A0E2C8 287840 ----a-w- C:\Windows\Sysnative\aswBoot.exe
====== C:\Windows\Sysnative\drivers =====
2013-05-04 19:04:50 F3F5F2FDE0DEABA4F2CE336E9454FAE2 33400 ----a-w- C:\Windows\Sysnative\drivers\aswFsBlk.sys
2013-05-04 19:04:50 D8FEC7F7BFE1BAD685DC8D1EF384693D 378432 ----a-w- C:\Windows\Sysnative\drivers\aswSP.sys
2013-05-04 19:04:49 A4C94945B8A1FFE449A500C2CF0B5882 72016 ----a-w- C:\Windows\Sysnative\drivers\aswRdr2.sys
2013-05-04 19:04:49 3D9BA0EF6C5847E4482FC01ABCD26683 64288 ----a-w- C:\Windows\Sysnative\drivers\aswTdi.sys
2013-05-04 19:04:48 9237BE2AB3C7D611F1F8FB7018691BAC 1025808 ----a-w- C:\Windows\Sysnative\drivers\aswSnx.sys
2013-05-04 19:04:47 3C7D772F6059C142991D00FE3AB61D40 189936 ----a-w- C:\Windows\Sysnative\drivers\aswVmm.sys
2013-05-04 19:04:46 A06E330475C1957C50C13B483D41F2BD 65336 ----a-w- C:\Windows\Sysnative\drivers\aswRvrt.sys
2013-05-04 19:04:46 90980D5291F8E725700272E4B64EDA10 80816 ----a-w- C:\Windows\Sysnative\drivers\aswMonFlt.sys
2013-04-23 21:19:12 9A6089B056EA1B83B36424FC9D0A300E 1653096 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys
2013-04-09 20:03:39 1F44F8559E61A8306ECC67BB1E168B7C 223752 ----a-w- C:\Windows\Sysnative\drivers\fvevol.sys
====== C:\Windows\Tasks ======
2013-05-04 11:50:33 31C5C0CCB6021E170258953395158502 884 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\Program Files (x86) =====
2013-05-04 19:04:50 -------- d-----w- C:\Program Files (x86)\Google
2013-05-04 11:55:33 -------- d-----w- C:\Program Files (x86)\Common Files\Adobe
2013-05-04 11:55:33 -------- d-----w- C:\Program Files (x86)\Adobe
2013-04-22 19:28:43 -------- d-----w- C:\Program Files (x86)\WISO
======= C: =====
2013-05-04 11:42:15 FC040BB025C1E6D8BCC1F79BE2AAF25E 984 ----a-w- C:\DelFix.txt
====== C:\Users\Resi\AppData\Roaming ======
2013-05-04 19:04:51 -------- d-----w- C:\users\Resi\AppData\Local\Google
2013-05-04 13:22:14 -------- d-----w- C:\users\Resi\AppData\Local\MFAData
2013-05-04 13:22:14 -------- d-----w- C:\users\Resi\AppData\Local\Avg2013
2013-05-04 12:29:11 -------- d-----w- C:\users\Resi\AppData\Local\Programs
2013-05-03 22:36:22 -------- d-----w- C:\users\Resi\AppData\Local\Temp
2013-04-22 22:55:45 -------- d-----w- C:\users\Resi\AppData\Roaming\Buhl Data Service
2013-04-22 22:55:41 -------- d-----w- C:\users\Resi\AppData\Local\Buhl Data Service
2013-04-22 19:33:26 -------- d-----w- C:\users\Resi\AppData\Local\Buhl
====== C:\Users\Resi ======
2013-05-04 19:04:50 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
2013-05-04 13:41:04 -------- d-----w- C:\ProgramData\AVG2013
2013-05-04 13:22:14 -------- d-----w- C:\ProgramData\MFAData
2013-04-22 19:33:06 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2013
2013-04-22 19:27:35 -------- d-----w- C:\ProgramData\Buhl Data Service GmbH
====== C: exe-files ==
2013-05-04 19:49:30 ED3EA1B50F976DEB41BE6C62997BDF6E 903072 ----a-w- C:\Users\Resi\Downloads\chromeinstall-7u21 (2).exe
2013-05-04 19:38:42 CE755676AE6D27A1EFEEFB0F3C70A929 358600 ----a-w- C:\Users\Resi\AppData\Local\Temp\APNStub.exe
2013-05-04 19:26:40 ED3EA1B50F976DEB41BE6C62997BDF6E 903072 ----a-w- C:\Users\Resi\Downloads\chromeinstall-7u21 (1).exe
2013-05-04 19:22:47 ED3EA1B50F976DEB41BE6C62997BDF6E 903072 ----a-w- C:\Users\Resi\Downloads\chromeinstall-7u21.exe
2013-05-04 19:04:46 21DD338011E6861D38CC46F9B3A0E2C8 287840 ----a-w- C:\Windows\System32\aswBoot.exe
2013-05-04 18:11:47 5287EDB4C714CB04D3AAAC7523BE8414 116651696 ----a-w- C:\Users\Resi\Downloads\avast_free_antivirus_setup.exe
2013-05-04 15:56:35 4754539F6D178B84DE28DBCBE7CDA23A 2092792 ----a-w- C:\Users\Resi\Downloads\avira_free_antivirus.exe
2013-05-04 15:20:14 C88EB092CB6A34455330BEC477D3A6DC 1014448 ----a-w- C:\Users\Resi\AppData\Local\Temp\avg_a02888\ProgFiles\AVG SafeGuard toolbar\Uninstall.exe
2013-05-04 15:20:14 9984311E183FB8AFE3C3C876C49B99F9 1180336 ----a-w- C:\Users\Resi\AppData\Local\Temp\avg_a02888\CommonFiles\AVG SafeGuard toolbar\ScriptHelper.exe
2013-05-04 15:20:14 6C4B5DFA3C8706D3FEC335701B058FA3 1101488 ----a-w- C:\Users\Resi\AppData\Local\Temp\avg_a02888\ProgFiles\AVG SafeGuard toolbar\vprot.exe
2013-05-04 15:20:14 6AE0A4978225CC6656D45504D6D78D0A 945328 ----a-w- C:\Users\Resi\AppData\Local\Temp\avg_a02888\CommonFiles\AVG SafeGuard toolbar\ToolbarUpdater.exe
2013-05-04 15:20:14 34824EC846D3330E2C977963C6E2FEB2 156848 ----a-w- C:\Users\Resi\AppData\Local\Temp\avg_a02888\ConfigFiles\MachineIdCreator.exe
2013-05-04 15:20:14 0D8EF11822BBD7C99058491EB8456DB7 652464 ----a-w- C:\Users\Resi\AppData\Local\Temp\avg_a02888\ProgFiles\AVG SafeGuard toolbar\lip.exe
2013-05-04 15:20:14 03031DE5C0745A67780C07907E34AD4D 509104 ----a-w- C:\Users\Resi\AppData\Local\Temp\avg_a02888\ProgFiles\AVG SafeGuard toolbar\PostInstall.exe
2013-05-04 15:20:13 DB37E8CE52463954433EB352DD91C2E3 146096 ----a-w- C:\Users\Resi\AppData\Local\Temp\avg_a02888\CommonFiles\AVG SafeGuard toolbar\DriverInstaller_64.exe
2013-05-04 15:20:13 5B3B264E99BB619ECEE209F6656FA1F0 464048 ----a-w- C:\Users\Resi\AppData\Local\Temp\avg_a02888\CommonFiles\AVG SafeGuard toolbar\DriverInstaller.exe
2013-05-04 15:20:13 3346D4FF98D7DEBE0ACA4B5D35704BC0 1174704 ----a-w- C:\Users\Resi\AppData\Local\Temp\avg_a02888\avg-secure-search-installer.exe
2013-05-04 13:41:59 6C4B5DFA3C8706D3FEC335701B058FA3 1101488 ----a-w- C:\Users\Resi\AppData\Local\Temp\avg_a04820\ProgFiles\AVG SafeGuard toolbar\vprot.exe
2013-05-04 13:41:58 DB37E8CE52463954433EB352DD91C2E3 146096 ----a-w- C:\Users\Resi\AppData\Local\Temp\avg_a04820\CommonFiles\AVG SafeGuard toolbar\DriverInstaller_64.exe
2013-05-04 13:41:58 C88EB092CB6A34455330BEC477D3A6DC 1014448 ----a-w- C:\Users\Resi\AppData\Local\Temp\avg_a04820\ProgFiles\AVG SafeGuard toolbar\Uninstall.exe
2013-05-04 13:41:58 9984311E183FB8AFE3C3C876C49B99F9 1180336 ----a-w- C:\Users\Resi\AppData\Local\Temp\avg_a04820\CommonFiles\AVG SafeGuard toolbar\ScriptHelper.exe
2013-05-04 13:41:58 6AE0A4978225CC6656D45504D6D78D0A 945328 ----a-w- C:\Users\Resi\AppData\Local\Temp\avg_a04820\CommonFiles\AVG SafeGuard toolbar\ToolbarUpdater.exe
2013-05-04 13:41:58 5B3B264E99BB619ECEE209F6656FA1F0 464048 ----a-w- C:\Users\Resi\AppData\Local\Temp\avg_a04820\CommonFiles\AVG SafeGuard toolbar\DriverInstaller.exe
2013-05-04 13:41:58 34824EC846D3330E2C977963C6E2FEB2 156848 ----a-w- C:\Users\Resi\AppData\Local\Temp\avg_a04820\ConfigFiles\MachineIdCreator.exe
2013-05-04 13:41:58 3346D4FF98D7DEBE0ACA4B5D35704BC0 1174704 ----a-w- C:\Users\Resi\AppData\Local\Temp\avg_a04820\avg-secure-search-installer.exe
2013-05-04 13:41:58 0D8EF11822BBD7C99058491EB8456DB7 652464 ----a-w- C:\Users\Resi\AppData\Local\Temp\avg_a04820\ProgFiles\AVG SafeGuard toolbar\lip.exe
2013-05-04 13:41:58 03031DE5C0745A67780C07907E34AD4D 509104 ----a-w- C:\Users\Resi\AppData\Local\Temp\avg_a04820\ProgFiles\AVG SafeGuard toolbar\PostInstall.exe
2013-05-04 13:32:57 10F4163F0EDDC031100180787D5F696F 347424 ----a-w- C:\Users\Resi\Downloads\MicrosoftFixit.wu.LB.3529110516057075.1.1.Run.exe
2013-05-04 13:21:15 4580D1426AD9DB9FCBED948AFB9A72D4 4446832 ----a-w- C:\Users\Resi\Downloads\avg_free_stb_all_2013_3272_cnet.exe
2013-05-04 12:28:17 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Resi\Downloads\mbam-setup-1.75.0.1300.exe
2013-05-04 11:56:59 8CFC88F429EBAD89A852DDDF15E2DAA9 903072 ----a-w- C:\Users\Resi\Downloads\jxpiinstall(4).exe
2013-05-04 11:52:27 2DAB23839765369C6201B7D20E15E612 2141192 ----a-w- C:\Users\Resi\Downloads\install_flashplayer11x32_mssd_aih.exe
2013-05-04 11:50:32 229770FF9B87160AC3C22517BBFE6BF4 691592 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-02 21:07:51 4E99472DE30781037A0BAC0A563A85A0 393048 ----a-w- C:\Users\Resi\Downloads\SoftonicDownloader_fuer_jdmcox-redeye.exe
=== C: other files ==
2013-05-08 20:24:55 2A94E0F48DCDB1A759C044C5E711DD76 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3838763673-1115839168-2840729140-1000\$IPSQHFQ.zip
2013-05-08 20:21:50 C3CE617C91FBB5455BBD24480C0DBD5C 3713140 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3838763673-1115839168-2840729140-1000\$RPSQHFQ.zip
2013-05-04 19:04:50 F3F5F2FDE0DEABA4F2CE336E9454FAE2 33400 ----a-w- C:\Windows\System32\drivers\aswFsBlk.sys
2013-05-04 19:04:50 D8FEC7F7BFE1BAD685DC8D1EF384693D 378432 ----a-w- C:\Windows\System32\drivers\aswSP.sys
2013-05-04 19:04:49 A4C94945B8A1FFE449A500C2CF0B5882 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-05-04 19:04:49 3D9BA0EF6C5847E4482FC01ABCD26683 64288 ----a-w- C:\Windows\System32\drivers\aswTdi.sys
2013-05-04 19:04:48 9237BE2AB3C7D611F1F8FB7018691BAC 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-05-04 19:04:47 3C7D772F6059C142991D00FE3AB61D40 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-05-04 19:04:46 A06E330475C1957C50C13B483D41F2BD 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-05-04 19:04:46 90980D5291F8E725700272E4B64EDA10 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-05-04 15:20:14 3FCF9368255525FDD929A48B2AA9EDF4 31576 ----a-w- C:\Users\Resi\AppData\Local\Temp\avg_a02888\CommonFiles\AVG SafeGuard toolbar\avgtpx86.sys
2013-05-04 15:20:14 0BC445CDCC253047E8CD2D83D725AC18 37720 ----a-w- C:\Users\Resi\AppData\Local\Temp\avg_a02888\CommonFiles\AVG SafeGuard toolbar\avgtpx64.sys
2013-05-04 15:20:13 14FFBB08668C28A51CB250B3D1DAB11A 180659 ----a-w- C:\Users\Resi\AppData\Local\Temp\avg_a02888\ProgData\AVG SafeGuard toolbar\ChromeExt\14.0.0.14\avg.crx
2013-05-04 13:41:59 3FCF9368255525FDD929A48B2AA9EDF4 31576 ----a-w- C:\Users\Resi\AppData\Local\Temp\avg_a04820\CommonFiles\AVG SafeGuard toolbar\avgtpx86.sys
2013-05-04 13:41:59 0BC445CDCC253047E8CD2D83D725AC18 37720 ----a-w- C:\Users\Resi\AppData\Local\Temp\avg_a04820\CommonFiles\AVG SafeGuard toolbar\avgtpx64.sys
2013-05-04 13:41:58 14FFBB08668C28A51CB250B3D1DAB11A 180659 ----a-w- C:\Users\Resi\AppData\Local\Temp\avg_a04820\ProgData\AVG SafeGuard toolbar\ChromeExt\14.0.0.14\avg.crx
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-3838763673-1115839168-2840729140-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"="C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\CyberLink\YouCam UpdateWithCreateOnce Software\CyberLink\YouCam\2.0"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\qttask.exe -atboottime"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"Cisco AnyConnect Secure Mobility Agent for Windows"="C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe -minimized"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"ETDWare"="%ProgramFiles%\Elantech\ETDCtrl.exe "
==== Startup Folders ======================
2011-03-24 14:26:34 1239 ----a-w- C:\users\Resi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
2013-04-22 19:33:23 2131 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [04.05.2013 21:22]
C:\Windows\tasks\ROC_REG_JAN_DELETE.job --a------ C:\ProgramData\AVG January 2013 Campaign\ROC.exe [17.01.2013 23:16]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Resi\AppData\Roaming\Mozilla\Firefox\Profiles\bneh58d4.default
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Resi\AppData\Roaming\Mozilla\Firefox\Profiles\bneh58d4.default
ADC539F67D3198679F480974EE203678 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.210.11
F7E72D3A281F922BACEC1A71A826D4C2 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll - Shockwave Flash
855B79451ECF62602F20EB4D5C71F99B - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aaaaojmikegpiepcfdkkjaplodkpfmlo - C:\Users\Resi\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx[]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{F73A455C-6964-4118-94E6-8A889DF90ACC} AVG Secure Search Url="hxxp://search.avg.com/?d=4e68ecef&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1"
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Resi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Resi\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Resi\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Resi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\users\Resi\AppData\Local\Mozilla\Firefox\Profiles\bneh58d4.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
After Reboot
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Resi\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Resi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
|
|
08.05.2013, 22:07
| #12 |
| /// Malwareteam / Visitor | Incredibar entfernen! Ich fand diese Möglichkeit: PDF in Word Umwandeln ? 100% Kostenlos! |
|
08.05.2013, 22:22
| #13 |
| | Incredibar entfernen! Das klappt, vielen Dank! |
|
08.05.2013, 22:40
| #14 |
| /// Malwareteam / Visitor | Incredibar entfernen! Ich habe es gerne für Dich gemacht Smeenk |
|
| Themen zu Incredibar entfernen! |
| beseitigung, bho, canon, desktop, entfernen, error, excel, failed, firefox, flash player, format, gmx.net, helper, iexplore.exe, install.exe, installation, logfile, mozilla, object, plug-in, realtek, registry, rundll, scan, schädling, security, software, tarma, udp, usb |
Linear-Darstellung
