| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Internet mit allen Browsern langsam nach BizCoachingWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.07.2013, 19:02
| #1 |
| |  Internet mit allen Browsern langsam nach BizCoaching Hallo, seit 3 Tagen ist mein Internet sehr langsam. Hatte auch diverse Pop-Ups wie die Seiten BizCoaching und CO. Hab mir da wohl was eingefangen. Ich poste gleich mal die OTL und Extras dazu Extras Code:
ATTFilter OTL Extras logfile created on: 03.07.2013 19:37:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Julian\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,91 Gb Total Physical Memory | 1,22 Gb Available Physical Memory | 31,13% Memory free
7,81 Gb Paging File | 4,03 Gb Available in Paging File | 51,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 101,78 Gb Total Space | 46,67 Gb Free Space | 45,85% Space Free | Partition Type: NTFS
Drive D: | 350,89 Gb Total Space | 314,26 Gb Free Space | 89,56% Space Free | Partition Type: NTFS
Computer Name: JULIAN-PC | User Name: Julian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03DCB2FA-071A-404B-8E33-54F9B37246D9}" = rport=138 | protocol=17 | dir=out | app=system |
"{0989058F-6A45-442A-99A9-BB56CAD195B5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{13E81CE7-596F-4FEF-8BCE-7F646AEC64FC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1C9FD81E-3A5A-40F2-9DDD-D05F5D88767B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D87558B-9659-4FBE-AB94-D63827D48D7E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4F188470-6695-484B-B953-130778720DC2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5822C651-1396-422A-9AF8-81EFB912643A}" = rport=445 | protocol=6 | dir=out | app=system |
"{5D83B5EA-1F71-45D7-B244-4BAC3FF70DCF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{634D3593-F058-4AD8-88C7-0AAB455F83F0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{748CCF80-DE63-4F59-A20E-6A47550CBBB4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C3F4B9C-0022-4385-AEA0-26C2E9C33E5E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7E6FD325-B626-40B8-99B3-A49099FCB062}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8543860F-62BF-41B5-93FB-312B90B3B998}" = lport=137 | protocol=17 | dir=in | app=system |
"{884FC861-0B11-450D-A174-051271B00C60}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{8A253039-2556-4245-8EA2-867330DB473A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9699BE35-87D7-4D38-9DA8-8D77BDF47D6D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BCBBA810-67D0-49CB-888A-9B605259F6D4}" = rport=137 | protocol=17 | dir=out | app=system |
"{C536E2C3-AF17-4A24-9420-EBDFF0107C3B}" = lport=138 | protocol=17 | dir=in | app=system |
"{D2A42110-D624-4207-AAE1-1FC9014D644A}" = rport=139 | protocol=6 | dir=out | app=system |
"{D8D3DBFF-A98D-4569-8479-09AB52022DC3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E0F7CBA7-5C5D-4831-843A-BEE0FB22F123}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F31E18CC-C07F-4AE6-9082-4AB6752D7F37}" = lport=139 | protocol=6 | dir=in | app=system |
"{F6E2A07B-CA3E-4292-900A-7B8329278123}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{206A2519-1E14-4AB0-8742-B177E5837798}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2C20A616-41F9-4D8F-98DE-D59635CE89F4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2C68181B-DBC6-4710-87E1-4E3ECB05F853}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{32B67CAB-81C9-41DA-8832-4BAE3865CA11}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{38B6CC47-234E-4DC6-BFBD-8734FA036249}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{38FF9A63-9958-41D9-81D4-1F590443DFE6}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{392B8BE4-5DD0-4C4A-A3AB-29CBD798DDBA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3AFE4870-AA76-46BB-B57D-267358AEDBDE}" = dir=in | app=c:\program files (x86)\acer\touchportal\touch movie\touchmovie.exe |
"{42920F9A-7B4A-4664-AE43-E751A058C14F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{539280C6-974C-451C-AAF8-87F138C42079}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5554F022-6B71-47B1-9D5D-0F07895F6F59}" = protocol=6 | dir=out | app=system |
"{55592FDA-BC8C-491A-9728-40D90CAD0DC1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{598C3E8C-2984-4B61-B77E-8239FEABBF4A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6CF2A001-3EED-426D-B351-8C452BB24954}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{6F67591F-29BA-44DD-8CBF-E235644CAB40}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{73A59BD3-EBFD-4A44-8CD3-40DA1133F578}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe |
"{7747FA3C-23D5-488C-974B-0484E6B93E74}" = dir=in | app=c:\program files (x86)\acer\touchportal\touch movie\touchmovieservice.exe |
"{78FEABF0-C006-4178-8217-17E457AD7EB8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7D62361F-10BD-4E73-A1BE-2ADCFC72D7D7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{823CA407-E267-40D3-9CB9-570527359349}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8F777833-C961-4FBB-98D2-3C229C8874B2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{92891B3D-0F74-44C0-8FBA-4413A1C3E104}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{930B21FA-FAB5-4A9F-9A0E-2974C04B3F7B}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe |
"{A29CFAAC-F4AB-4997-ADE1-24A21B852DEE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7443786-CEED-41E3-9E2B-C6B48966809F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B5BFA905-DEFB-443A-8903-2C6D9590DA6A}" = protocol=17 | dir=in | app=c:\users\julian\appdata\roaming\icqm\icq.exe |
"{BB78C4CA-0A7A-41DC-9A61-19C6BC002112}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{D4D6A83A-ED42-4D92-BDE3-356AB3F95D95}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{E63A8EEB-8393-4AB3-85B6-552B4D16D27C}" = protocol=6 | dir=in | app=c:\users\julian\appdata\roaming\icqm\icq.exe |
"{E64A89E7-88FC-4CD0-855E-9500AE1933C4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E7E4524E-50D6-42C5-B535-4D4C8E2B5065}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{EACFEF4B-E75D-4B53-A271-9E8B0C894901}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{EC3E2595-D1E7-4124-A4D6-D9A679AF6968}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F1F1EA76-A9D3-43C3-955D-7F2D78608B41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{24F93B56-61F5-415F-85B9-AA444DA34AFC}" = Microsoft-Maus- und Tastatur-Center
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Virtual Earth 3D (Beta)
"{6E5159B4-A519-41EF-80EF-AD58371515DF}" = Eraser 6.0.10.2620
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"jdownloader2" = JDownloader 2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.6
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{16456401-9621-4F3D-836A-59EA425C471D}" = ZoneAlarm Security
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{219AA9C3-E1F9-4C99-A41C-7988C1A67143}" = STScreenDetection
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{243AD385-8C58-4D49-BF54-8E7F809E0A96}" = Acer TouchPortal
"{24ADC5BE-8B82-426F-8779-2308B54B00EE}" = ZoneAlarm Antivirus
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53652DA6-AD2D-4B0F-80BA-6F3CFE2B48D7}" = ZoneAlarm Security
"{54CCA4E2-D15D-4927-A866-2D33BFED4A8E}" = ZoneAlarm Firewall
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{737B13C5-990B-4339-8A4D-0FFEBBC3DB17}" = ZoneAlarm Firewall
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A80DB23D-0618-405B-89D9-28F99814E287}_is1" = AntiLogger Free version 1.6.2.226
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Touch Movie
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.188.706
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E3ED49BB-0544-4844-B296-6A0CB28E7BE3}" = Dir-It!
"{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Free Audio Converter_is1" = Free Audio Converter version 5.0.24.430
"GridVista" = Acer GridVista
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{243AD385-8C58-4D49-BF54-8E7F809E0A96}" = Acer TouchPortal
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.22
"LManager" = Launch Manager
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"ICQ" = ICQ 8.0 (build 6017)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.05.2013 14:47:04 | Computer Name = Julian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mscorsvw.exe, Version: 4.0.30319.1,
Zeitstempel: 0x4ba1da21 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x6f6e6a64 ID des fehlerhaften
Prozesses: 0x9e0 Startzeit der fehlerhaften Anwendung: 0x01ce5bd387811adc Pfad der
fehlerhaften Anwendung: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: fd016ba9-c7c6-11e2-a586-60eb699ddf56
Error - 28.05.2013 14:47:08 | Computer Name = Julian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: UMVPFSrv.exe, Version: 13.31.1044.0,
Zeitstempel: 0x4f166843 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x6f6e6a64 ID des fehlerhaften
Prozesses: 0x344 Startzeit der fehlerhaften Anwendung: 0x01ce5bd329fe2899 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: ff489ccc-c7c6-11e2-a586-60eb699ddf56
Error - 28.05.2013 14:47:12 | Computer Name = Julian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GREGsvc.exe, Version: 1.0.0.1, Zeitstempel:
0x4afbd2e4 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x6f6e6a64 ID des fehlerhaften Prozesses:
0x540 Startzeit der fehlerhaften Anwendung: 0x01ce5bd3362bf65f Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Acer\Registration\GREGsvc.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 0169b7eb-c7c7-11e2-a586-60eb699ddf56
Error - 28.05.2013 14:47:13 | Computer Name = Julian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IScheduleSvc.exe, Version: 2.0.0.68,
Zeitstempel: 0x4c28447e Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x6f6e6a64 ID des fehlerhaften
Prozesses: 0x640 Startzeit der fehlerhaften Anwendung: 0x01ce5bd336866aaa Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\NewTech Infosystems\Acer Backup
Manager\IScheduleSvc.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 02425524-c7c7-11e2-a586-60eb699ddf56
Error - 28.05.2013 14:47:18 | Computer Name = Julian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RS_Service.exe, Version: 4.5.3000.9285,
Zeitstempel: 0x4a563cf3 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x6f6e6a64 ID des fehlerhaften
Prozesses: 0x6d4 Startzeit der fehlerhaften Anwendung: 0x01ce5bd3369e386c Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 05374abb-c7c7-11e2-a586-60eb699ddf56
Error - 28.05.2013 14:47:22 | Computer Name = Julian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: UpdaterService.exe, Version: 1.0.0.8,
Zeitstempel: 0x4b614046 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x6f6e6a64 ID des fehlerhaften
Prozesses: 0x808 Startzeit der fehlerhaften Anwendung: 0x01ce5bd336e80315 Pfad der
fehlerhaften Anwendung: C:\Program Files\Acer\Acer Updater\UpdaterService.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 07a491e3-c7c7-11e2-a586-60eb699ddf56
Error - 31.05.2013 17:23:58 | Computer Name = Julian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879,
Zeitstempel: 0x518ec3cc Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879,
Zeitstempel: 0x518ec306 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001c9789 ID des fehlerhaften
Prozesses: 0xf90 Startzeit der fehlerhaften Anwendung: 0x01ce5e180a1b704b Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung:
677f31ac-ca38-11e2-a1c2-60eb699ddf56
Error - 08.06.2013 05:57:29 | Computer Name = Julian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TuneUpUtilitiesService64.exe, Version:
13.0.3020.2, Zeitstempel: 0x51067ac3 Name des fehlerhaften Moduls: TuneUpUtilitiesService64.exe,
Version: 13.0.3020.2, Zeitstempel: 0x51067ac3 Ausnahmecode: 0xc0000005 Fehleroffset:
0x000000000001cbe6 ID des fehlerhaften Prozesses: 0x908 Startzeit der fehlerhaften
Anwendung: 0x01ce642e8cae3970 Pfad der fehlerhaften Anwendung: C:\Program Files
(x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe Pfad des fehlerhaften Moduls:
C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe Berichtskennung:
d44b6355-d021-11e2-bf0d-60eb699ddf56
Error - 09.06.2013 10:24:58 | Computer Name = Julian-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 09.06.2013 10:26:57 | Computer Name = Julian-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
[ System Events ]
Error - 12.06.2013 12:18:04 | Computer Name = Julian-PC | Source = NetBT | ID = 4307
Description = Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen
der Anfangsadressen verweigerte.
Error - 13.06.2013 00:39:05 | Computer Name = Julian-PC | Source = DCOM | ID = 10010
Description =
Error - 15.06.2013 09:47:34 | Computer Name = Julian-PC | Source = DCOM | ID = 10010
Description =
Error - 15.06.2013 16:14:13 | Computer Name = Julian-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR5 gefunden.
Error - 15.06.2013 16:14:13 | Computer Name = Julian-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR5 gefunden.
Error - 19.06.2013 15:38:54 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Avira Browser-Schutz" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 19.06.2013 15:44:25 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Avira Browser-Schutz" wurde unerwartet beendet. Dies ist
bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 20.06.2013 12:43:06 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
IPsec-Richtlinien-Agent erreicht.
Error - 20.06.2013 12:43:06 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IPsec-Richtlinien-Agent" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 20.06.2013 12:43:54 | Computer Name = Julian-PC | Source = WMPNetworkSvc | ID = 866300
Description =
< End of report >
Code:
ATTFilter OTL logfile created on: 03.07.2013 19:37:04 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Julian\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 1,22 Gb Available Physical Memory | 31,13% Memory free 7,81 Gb Paging File | 4,03 Gb Available in Paging File | 51,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 101,78 Gb Total Space | 46,67 Gb Free Space | 45,85% Space Free | Partition Type: NTFS Drive D: | 350,89 Gb Total Space | 314,26 Gb Free Space | 89,56% Space Free | Partition Type: NTFS Computer Name: JULIAN-PC | User Name: Julian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.03 19:35:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Julian\Downloads\OTL.exe PRC - [2013.07.01 18:55:31 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.07.01 18:54:14 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2013.07.01 18:54:10 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.07.01 18:54:10 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.05.28 18:07:20 | 027,598,184 | ---- | M] (ICQ) -- C:\Users\Julian\AppData\Roaming\ICQM\icq.exe PRC - [2013.05.26 17:16:43 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2013.05.16 10:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - [2013.05.16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2013.05.16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2013.05.15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2013.03.27 14:02:42 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe PRC - [2013.03.27 13:31:18 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe PRC - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2010.06.29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.03.04 05:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe PRC - [2010.01.29 06:07:26 | 000,870,992 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.EXE PRC - [2010.01.13 04:55:58 | 000,030,080 | ---- | M] () -- C:\Windows\snuvcdsm.exe PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe PRC - [2009.11.06 19:22:52 | 002,584,576 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\STScreenDetection\SDTabletPC.exe ========== Modules (No Company Name) ========== MOD - [2013.06.15 03:28:42 | 000,393,168 | ---- | M] () -- C:\Users\Julian\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll MOD - [2013.06.15 03:28:41 | 013,140,432 | ---- | M] () -- C:\Users\Julian\AppData\Local\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll MOD - [2013.06.15 03:28:40 | 004,051,408 | ---- | M] () -- C:\Users\Julian\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll MOD - [2013.06.15 03:27:51 | 000,599,504 | ---- | M] () -- C:\Users\Julian\AppData\Local\Google\Chrome\Application\27.0.1453.116\libglesv2.dll MOD - [2013.06.15 03:27:50 | 000,124,368 | ---- | M] () -- C:\Users\Julian\AppData\Local\Google\Chrome\Application\27.0.1453.116\libegl.dll MOD - [2013.06.15 03:27:48 | 001,597,392 | ---- | M] () -- C:\Users\Julian\AppData\Local\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll MOD - [2013.05.29 18:19:23 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\dd2d0cf72eac6e5b113a0059aeb3cab5\IAStorUtil.ni.dll MOD - [2013.05.28 21:03:50 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a00aab40bdf5aed84b4d4294965cf20d\System.Web.ni.dll MOD - [2013.05.28 21:03:37 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll MOD - [2013.05.28 21:02:39 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll MOD - [2013.05.28 21:02:26 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll MOD - [2013.05.28 21:02:01 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll MOD - [2013.05.28 21:01:51 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll MOD - [2013.05.28 21:01:44 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll MOD - [2013.05.28 21:01:42 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll MOD - [2013.05.28 21:01:31 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll MOD - [2013.05.28 18:07:26 | 000,851,456 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll MOD - [2013.05.27 02:52:43 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2013.05.27 02:52:39 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2013.05.26 17:16:43 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2013.05.16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2013.05.16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2013.05.16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2010.01.30 02:41:12 | 004,254,560 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2010.01.13 04:55:58 | 000,030,080 | ---- | M] () -- C:\Windows\snuvcdsm.exe MOD - [2009.11.06 19:22:52 | 002,584,576 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\STScreenDetection\SDTabletPC.exe ========== Services (SafeList) ========== SRV - [2013.07.01 18:55:31 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.07.01 18:54:14 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013.07.01 18:54:10 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.06.12 19:58:20 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.12 00:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.04.19 15:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.03.27 14:02:42 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2012.11.29 16:06:12 | 002,401,632 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.11.22 16:35:22 | 000,828,072 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc) SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2010.06.29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010.06.25 09:08:30 | 000,952,096 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010.06.02 00:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.02.26 19:57:52 | 000,841,248 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Stopped] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.05.24 17:08:42 | 000,026,080 | ---- | M] (Zemana Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KeyCrypt64.sys -- (keycrypt) DRV:64bit: - [2013.03.06 16:13:37 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.02.26 16:56:51 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.02.26 16:56:50 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.01.29 18:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2012.12.13 11:49:42 | 000,450,136 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant) DRV:64bit: - [2012.11.15 21:06:08 | 000,611,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2012.01.18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.06.25 04:33:36 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.06.25 04:13:18 | 000,342,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2010.06.25 04:12:26 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.06.25 04:12:26 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010.06.25 04:12:24 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.06.25 04:12:24 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.01.13 04:56:18 | 001,806,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2009.11.24 18:58:54 | 000,021,864 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\STHall.sys -- (STHall) DRV:64bit: - [2009.09.17 14:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.09.15 06:40:00 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:64bit: - [2009.09.02 20:54:20 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.10 15:45:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.05.26 15:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV - [2012.11.22 16:35:36 | 000,033,712 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2012.11.16 16:38:44 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.03.26 05:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\DKbFltr.sys -- (DKbFltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=de&gu=44e925462ea848c798d8d00965d7a0ec&tu=10G90008F1B000v&sku=&tstsId=&ver=& IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{44417FA3-E13C-4E17-9A5F-FD0D0C2AC285}: "URL" = hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=de&q={searchTerms}&gu=44e925462ea848c798d8d00965d7a0ec&tu=10G90008F1B000v&sku=&tstsId=&ver=&&r=469 IE - HKCU\..\SearchScopes\{9F1604C3-87ED-4AF9-A921-9812FF832A94}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=ff874d16-1afe-407c-9e12-ed4fbb01f3b6&apn_sauid=2A80BC78-C5B9-495E-9E26-9C8354DA0000 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320 ========== FireFox ========== FF - prefs.js..browser.search.order.1: "Search By ZoneAlarm" FF - prefs.js..browser.search.selectedEngine: "Search By ZoneAlarm" FF - prefs.js..browser.startup.homepage: "hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=de&gu=44e925462ea848c798d8d00965d7a0ec&tu=10GX0008T1B0008&sku=&tstsId=&ver=&" FF - prefs.js..extensions.enabledAddons: tineye%40ideeinc.com:1.1 FF - prefs.js..extensions.enabledAddons: ffxtlbr%40zonealarm.com:1.6.0 FF - prefs.js..extensions.enabledAddons: lwoofer%40lyricswoofer.co:1.116 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010.09.14 13:18:04 | 000,000,000 | ---D | M] FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010.09.14 13:18:04 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Julian\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Julian\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2013.06.09 13:54:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013.06.09 13:54:19 | 000,000,000 | ---D | M] [2013.05.26 19:23:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Extensions [2013.06.09 13:54:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\7yoofxo0.default\extensions [2013.06.09 13:54:09 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\7yoofxo0.default\extensions\ffxtlbr@zonealarm.com [2013.05.27 20:13:38 | 000,008,001 | ---- | M] () (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\7yoofxo0.default\extensions\tineye@ideeinc.com.xpi [2013.05.27 20:12:29 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\7yoofxo0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.01.23 12:46:58 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\7yoofxo0.default\extensions\ffxtlbr@zonealarm.com\content\Abine\chrome\content\ff\view_expiry.js [2013.05.26 19:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.05.26 19:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.26 19:23:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} File not found (No name found) -- C:\PROGRAM FILES (X86)\LYRICSWOOFER\116.XPI ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Julian\AppData\Local\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Julian\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Julian\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll CHR - plugin: Google Update (Enabled) = C:\Users\Julian\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - Extension: Google Docs = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: AdBlock = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0\ CHR - Extension: Google Mail = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.6\bh\zonealarm.dll (Montera Technologeis LTD) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.6\zonealarmTlbr.dll (Montera Technologeis LTD) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [ScreenRotation] C:\Program Files (x86)\STMicroelectronics\STScreenDetection\SDTabletPC.exe () O4:64bit: - HKLM..\Run: [SNUVCDSM] C:\Windows\snuvcdsm.exe () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [icq] C:\Users\Julian\AppData\Roaming\ICQM\icq.exe (ICQ) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1215907-6827-4EBB-8FCD-12BBD623A7FB}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL) - C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL (Zemana Ltd.) O20 - AppInit_DLLs: (C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL) - C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL (Zemana Ltd.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.03 19:03:18 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.07.03 19:03:03 | 000,000,000 | ---D | C] -- C:\JRT [2013.07.03 18:58:42 | 000,000,000 | ---D | C] -- C:\FRST [2013.07.01 20:03:16 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2013.07.01 20:03:11 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2013.07.01 20:03:10 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2013.07.01 20:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013 [2013.07.01 20:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2013 [2013.07.01 19:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.07.01 19:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.07.01 18:34:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.07.01 18:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.07.01 18:33:02 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2013.07.01 18:32:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.06.30 11:25:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsWoofer [2013.06.19 21:58:15 | 000,000,000 | ---D | C] -- C:\Users\Julian\Desktop\Markus Heitz - Die Legenden der Albae - Vernichtender Hass [2013.06.15 16:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tools&More [2013.06.15 16:39:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tools&More [2013.06.09 13:51:24 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Check Point Software Technologies LTD [2013.06.07 19:34:49 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\Adobe [2013.06.04 19:44:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2013.06.04 19:43:56 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\DVDVideoSoft [2013.06.04 19:43:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013.06.04 19:43:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2013.06.04 18:05:46 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.06.04 18:04:51 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\Google [2013.06.04 17:34:42 | 000,026,080 | ---- | C] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\KeyCrypt64.sys [2013.06.04 17:34:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free [2013.06.04 17:34:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeyCryptSDK [2013.06.04 17:34:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zemana AntiLogger Free [2013.06.04 17:34:40 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\AntiLogger Free ========== Files - Modified Within 30 Days ========== [2013.07.03 19:36:39 | 000,000,000 | ---- | M] () -- C:\Users\Julian\defogger_reenable [2013.07.03 19:30:02 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\Acer Registration - Reminder Recall task.job [2013.07.03 19:14:11 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2525674677-3744128791-4081538938-1000UA.job [2013.07.03 19:13:41 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.03 19:13:41 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.03 19:13:41 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.03 19:13:41 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.03 19:13:41 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.03 18:58:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.03 18:41:31 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.03 18:41:31 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.03 18:33:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.03 18:33:30 | 3144,867,840 | -HS- | M] () -- C:\hiberfil.sys [2013.07.03 18:15:55 | 000,417,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.07.01 19:07:57 | 000,008,174 | ---- | M] () -- D:\Users\Julian\Documents\cc_20130701_190751.reg [2013.07.01 18:55:35 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.07.01 18:14:01 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2525674677-3744128791-4081538938-1000Core.job [2013.06.24 21:34:29 | 000,004,414 | ---- | M] () -- D:\Users\Julian\Documents\NewDatabase.kdbx [2013.06.22 20:50:07 | 000,006,729 | -H-- | M] () -- C:\Windows\SysWow64\BTImages.dat [2013.06.10 18:34:59 | 000,417,563 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2013.06.04 17:18:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf ========== Files Created - No Company Name ========== [2013.07.03 19:36:39 | 000,000,000 | ---- | C] () -- C:\Users\Julian\defogger_reenable [2013.07.03 18:15:44 | 000,417,040 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.07.01 20:03:05 | 000,002,209 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk [2013.07.01 19:07:55 | 000,008,174 | ---- | C] () -- D:\Users\Julian\Documents\cc_20130701_190751.reg [2013.07.01 18:33:09 | 000,001,399 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.06.04 18:04:56 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2525674677-3744128791-4081538938-1000UA.job [2013.06.04 18:04:56 | 000,001,072 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2525674677-3744128791-4081538938-1000Core.job [2013.06.04 17:18:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.05.28 20:04:24 | 000,006,729 | -H-- | C] () -- C:\Windows\SysWow64\BTImages.dat [2013.05.26 17:16:51 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe [2013.05.26 17:16:51 | 000,113,264 | ---- | C] () -- C:\Windows\FixUVC.exe [2013.05.26 17:16:51 | 000,000,302 | ---- | C] () -- C:\Windows\PidList_C.ini [2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.06.09 13:51:24 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Check Point Software Technologies LTD [2013.05.26 19:26:09 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\CheckPoint [2013.06.04 19:44:35 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\DVDVideoSoft [2013.05.28 18:09:40 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\ICQ-Profile [2013.05.28 18:07:27 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\ICQM [2013.07.03 18:31:03 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\KeePass [2013.05.29 18:42:51 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report >  |
| Themen zu Internet mit allen Browsern langsam nach BizCoaching |
| adblock, avira, bho, browser, converter, desktop, ebay, error, excel, firefox, flash player, google, home, install.exe, kaspersky, langsam, launch, logfile, plug-in, programm, realtek, richtlinie, safer networking, scan, security, senden, server, software, svchost.exe, symantec, windows, zemana |
Baum-Darstellung