| |
| |||||||
Log-Analyse und Auswertung: PC heute mit Trojaner infiziert PC geblocktWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
25.07.2013, 18:51
| #1 |
 |  PC heute mit Trojaner infiziert PC geblockt Hallo, habe heute über ein vermeintliches Java Update, was ich bestätigen mußte ein Virus eingefangen. Seitdem ist mein Rechner geblockt. Da ich Bestätigung über Admin bei Aktualisierungen eingestellt habe, konnte ich noch ein Bild davon machen. Aber selbst das Abbrechen des Vorganges brachte keinen Erfolg. PC wollte Bestätigung für C:\users\Rolf\AppData\Local\Temp\b34btbztdb0vavaw.exe,XFG05 haben. In Eurem Forum habe ich dann über einen anderen PC vieles gefunden und habe auch schon OTLPE runtergeladen und mit CD gebootet. Leider komme ich nun nicht mehr weiter. Das beschriebene Doppelklicken auf den OTLPE Icon und "OK" des Browser For Holder und Auswahl "My computer" bringt Fehlermeldung des RunScanners "No windows installations found. Auch die Auswahl einzelner Laufwerke brachte nichts. Könnt Ihr bitte helfen? Danke im voraus Rolf |
|
25.07.2013, 19:08
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | PC heute mit Trojaner infiziert PC geblockt Hallo und
__________________ Du musst bei Abfrage von OTLPE den Windows-Ordner deiner Windows-Installation auswählen Einfach nur C oder den entsprechenden passenden Laufwerksbuchstaben erzeugt einen Fehler  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
26.07.2013, 09:11
| #3 |
| | PC heute mit Trojaner infiziert PC geblockt Danke für die schnelle Reaktion.
__________________Leider erfolglos. Bin bisher so vorgegangen: 1. wie im Thema http://www.trojaner-board.de/134914-...odus-geht.html beschrieben, habe ich auf fremden Vista PC eine Boot CD erstellt und damit dann meinem defekten PC hochgefahren. Reatogo-X-PE Desktop war nach ca 2 min sichtbar. Doppelklick auf Icon OTPLE -> es ist ganz kurz ein schwarzes Fenster zu sehen, das sich wieder schließt; Es kommt keine Abfrage wie beschrieben sondern ein Fenster "Browse For Folder" mit Laufwerksstruktur öffnet sich: Sieht ungefähr so aus ( Kann kein Screnshot erzeugen und versenden) My computer > RAMDisk (B: ) > Removable Disk (C: ) > Removable Disk (D: ) > Removable Disk (E: ) > Removable Disk (F: ) > CD Drive (G: ) > ReatogoPE (X: ) > shared Documents unter >(B: ) (X: ) und (shared Documents) sehe ich eine Ordnerstruktur, bei den anderen nichts. Wenn ich die Auswahl auf "My Computer" lass und auf OK gehe, kommt Abbruch mit Hinweis "No windows installations found" OTLPE wird nach Bestätigung geschlossen. Wenn ich die anderen Laufwerke auswähle, kommt Abbruch mit Hinweis "Target is not windows 2000 or later" Nach Bestätigung wird OTLPE wieder geschlossen. Ich selbst habe aber auf meinem defekten PC Vista und immer Sicherheitsupdates automatisch installieren lassen. |
|
26.07.2013, 15:53
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC heute mit Trojaner infiziert PC geblockt Dann sieht OTLPE deine Festplatte nicht. Versuchen wir mal den Weg mit Farbar: Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8) Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
26.07.2013, 17:06
| #5 |
| | PC heute mit Trojaner infiziert PC geblockt ich habe heute über den Tag kleine andere Erfolge erzielt und wieder Zugriff auf meinen Computer und schreibe diese Antwort auch darauf. Konnte ihn in den abgesicherten Modus bringen , darin eine Virenscan mit Antivirus Premium(war installiert) durchführen. 5 Funde erkannt. 2 davon in Q geschickt: Beginne mit der Desinfektion: C:\Users\Rolf\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\2bc22859-3ec7f184 [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2013-2423.IX [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56630039.qua' verschoben! C:\Users\Rolf\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\2D014854-0000250A.eml [FUND] Enthält Erkennungsmuster der Phish-Datei/Email PHISH/Ups.B [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4e832fb8.qua' verschoben! Dann habe ich noch nach *.exe auf C: gesucht und die aus meiner Sicht möglichen Verursacher anhand Datum vorerst umbenannt. Das war: 1. rundll32.exe.kdmp in rundll32.virus.kdmp 2. rundll32.exe in rundll32.virus Im Temp Verzeichnis habe ich dann auch noch 3 Dateien umbenannt, die damit im Zusammenhang stehen könnten 1. wavav0bdtzbtb43b.pad in ...b.virus 2. wavav0bdtzbtb43b(Java scriptdatei) in wavav0bdtzbtb43b_old 3. b34btbztdb0vavaw.exe in b34btbztdb0vavaw.virus Damit war ein Systemstart wieder möglich. Ich erhalte nun noch beim Hochfahren eine Mitteilung, dass er die eine Datei nicht mehr findet. Es funktioniert aber alles wieder. Jetzt haben wir also bessere Vorraussetzungen zur Analyse. Wie bekomme ich die Seuche denn wieder los? |
|
26.07.2013, 17:17
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC heute mit Trojaner infiziert PC geblockt Dann mach so weiter: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ --> PC heute mit Trojaner infiziert PC geblockt |
|
26.07.2013, 19:10
| #7 |
| | PC heute mit Trojaner infiziert PC geblockt Hier die frst.txt FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-07-2013
Ran by Rolf (administrator) on 26-07-2013 19:58:23
Running from C:\Users\Rolf\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Seagate LLC) C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
(Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
() C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
(Hewlett-Packard Company) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(AVM Berlin) C:\Program Files\FRITZ!Box Monitor\FRITZBoxMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
({StringFileInfo_CompanyName}) C:\Program Files\Ask.com\Updater\Updater.exe
() C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Windows\System32\ieconfig_1und1_svc.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Microsoft Money\System\REMINDER.EXE
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(1&1 Internet AG) C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
(Panasonic Corporation) C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
() C:\Program Files\WISO\Steuersoftware 2013\mshaktuell.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\FritzDsl.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\FwebProt.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Avira Operations GmbH & Co. KG) C:\program files\avira\antivir desktop\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\program files\avira\antivir desktop\avnotify.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [TkBellExe] - c:\program files\real\realplayer\Update\realsched.exe [295512 2013-07-14] (RealNetworks, Inc.)
HKLM\...\Run: [RtHDVCpl] - RtHDVCpl.exe [x]
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [MaxMenuMgr] - C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-09-26] (Seagate LLC)
HKLM\...\Run: [KBD] - C:\HP\KBD\KBD.EXE [61440 2005-02-02] (Hewlett-Packard Company)
HKLM\...\Run: [hpsysdrv] - c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-01-12] (Hewlett-Packard)
HKLM\...\Run: [CCUTRAYICON] - FactoryMode [x]
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2516296 2010-03-24] (CANON INC.)
HKLM\...\Run: [AVMFBoxMonitor] - C:\Program Files\FRITZ!Box Monitor\FRITZBoxMonitor.exe [1508656 2008-06-03] (AVM Berlin)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-12] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [888488 2011-09-08] ({StringFileInfo_CompanyName})
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKCU\...\Run: [{146B1F8C-5E43-B87C-DDF7-5D1F918F2527}] - C:\Users\Rolf\AppData\Roaming\Urra\suhu.exe [x]
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-05] (Google Inc.)
HKCU\...\Run: [Sony Ericsson PC Companion] - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [433872 2011-10-21] (Sony Ericsson)
HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe [1233920 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [Reminder] - C:\Program Files\Microsoft Money\System\reminder.exe [37376 1998-07-25] (Microsoft Corporation)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [1&1 EasyLogin] - C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe [1114112 2012-07-16] (1&1 Internet AG)
MountPoints2: {6ef1d6fe-954e-11de-86ae-001a921022c7} - H:\LaunchU3.exe -a
MountPoints2: {d01b34d1-17a9-11dd-9e6c-001a921022c7} - H:\laucher.exe
HKU\Default\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [ 2009-04-11] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-08-05] (Hewlett-Packard)
HKU\Internet\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe [ 2009-04-11] (Microsoft Corporation)
HKU\IUSR_NMPR\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [ 2009-04-11] (Microsoft Corporation)
HKU\IUSR_NMPR\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk
ShortcutTarget: PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk -> C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2013\mshaktuell.exe ()
Startup: C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk
ShortcutTarget: FRITZ!DSL Internet.lnk -> C:\Program Files\FRITZ!DSL\FritzDsl.exe (AVM Berlin)
Startup: C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk
ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files\FRITZ!DSL\FwebProt.exe (AVM Berlin)
Startup: C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk
ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Program Files\FRITZ!DSL\StCenter.exe (AVM Berlin)
Startup: C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
Startup: C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\Users\Rolf\AppData\Local\Temp\b34btbztdb0vavaw.exe (No File)
==================== Internet (Whitelisted) ====================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=Pavilion&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=Pavilion&pf=desktop
URLSearchHook: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\prxtbSof2.dll (Conduit Ltd.)
SearchScopes: HKLM - {D3844177-53F9-4AFB-BA06-F7800FDC1EB4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
SearchScopes: HKCU - {39C439B0-23AC-4372-9A43-81B577F16510} URL = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
SearchScopes: HKCU - {B9A020A0-1408-4A72-9C2F-5882ABBDB355} URL = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
SearchScopes: HKCU - {D3844177-53F9-4AFB-BA06-F7800FDC1EB4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
SearchScopes: HKCU - {DD9EA294-F754-4A74-B75E-7B5FDF70F2C2} URL = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\prxtbSof2.dll (Conduit Ltd.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: 1&&1 Internet AG Browser Configuration by mquadr.at - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH)
Toolbar: HKLM - Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\prxtbSof2.dll (Conduit Ltd.)
Toolbar: HKLM - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU -Softonic Deutsch Toolbar - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\prxtbSof2.dll (Conduit Ltd.)
Toolbar: HKCU -Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU -Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\f8w0ilec.default
FF user.js: detected! => C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\f8w0ilec.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\f8w0ilec.default\searchplugins\11-suche-1.xml
FF SearchPlugin: C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\f8w0ilec.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\f8w0ilec.default\searchplugins\englische-ergebnisse-1.xml
FF SearchPlugin: C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\f8w0ilec.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\f8w0ilec.default\searchplugins\gmx-suche-1.xml
FF SearchPlugin: C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\f8w0ilec.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\f8w0ilec.default\searchplugins\lastminute-1.xml
FF SearchPlugin: C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\f8w0ilec.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\f8w0ilec.default\searchplugins\webde-suche-1.xml
FF SearchPlugin: C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\f8w0ilec.default\searchplugins\webde-suche.xml
FF Extension: No Name - C:\Users\Rolf\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\f8w0ilec.default\Extensions\toolbar@ask.com
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\f8w0ilec.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: DownloadHelper - C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\f8w0ilec.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: toolbar - C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\f8w0ilec.default\Extensions\toolbar@web.de.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "urls_to_restore_on_startup": [ ]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
========================== Services (Whitelisted) =================
S3 AlertService; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [188416 2006-09-11] (Intel(R) Corporation)
S4 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [375760 2012-05-27] (Avira Operations GmbH & Co. KG)
S4 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-27] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [465360 2012-05-27] (Avira Operations GmbH & Co. KG)
R2 DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896 2006-09-03] ()
R2 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [189736 2009-09-26] (Seagate Technology LLC)
S2 gupdate1cac3a668394362; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2010-03-14] (Google Inc.)
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [87344 2007-09-04] (AVM Berlin)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S2 IntelDHSvcConf; C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [29696 2006-05-10] (Intel(R) Corporation)
S3 ISSM; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [75264 2006-09-11] (Intel(R) Corporation)
S3 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [26624 2006-09-01] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S3 MCLServiceATL; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [167936 2006-09-11] (Intel(R) Corporation)
R2 OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S3 Remote UI Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [544256 2006-09-11] (Intel(R) Corporation)
R2 serviceIEConfig; C:\Windows\System32\ieconfig_1und1_svc.exe [1053848 2012-09-11] ()
S3 Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [155344 2011-06-29] (Avanquest Software)
S2 CLTNetCnService;
==================== Drivers (Whitelisted) ====================
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-05-27] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-05-27] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2012-05-27] (Avira GmbH)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [395312 2007-08-30] (Symantec Corporation)
R3 OVT511Plus; C:\Windows\System32\Drivers\omcamvid.sys [167816 2001-09-18] (OmniVision Technologies, Inc.)
S3 s116bus; C:\Windows\System32\DRIVERS\s116bus.sys [83336 2007-04-03] (MCCI Corporation)
S3 s116mdfl; C:\Windows\System32\DRIVERS\s116mdfl.sys [15112 2007-04-03] (MCCI Corporation)
S3 s116mdm; C:\Windows\System32\DRIVERS\s116mdm.sys [108680 2007-04-03] (MCCI Corporation)
S3 s116mgmt; C:\Windows\System32\DRIVERS\s116mgmt.sys [100488 2007-04-03] (MCCI Corporation)
S3 s116nd5; C:\Windows\System32\DRIVERS\s116nd5.sys [23176 2007-04-03] (MCCI Corporation)
S3 s116obex; C:\Windows\System32\DRIVERS\s116obex.sys [98696 2007-04-03] (MCCI Corporation)
S3 s116unic; C:\Windows\System32\DRIVERS\s116unic.sys [99080 2007-04-03] (MCCI Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-05-27] (Avira GmbH)
S3 TSHWMDTCP; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [4608 2006-07-13] ()
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PcdrNdisuio; system32\DRIVERS\pcdrndisuio.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-26 19:57 - 2013-07-26 19:57 - 00000000 ____D C:\FRST
2013-07-26 19:55 - 2013-07-26 19:55 - 01220112 _____ (Farbar) C:\Users\Rolf\Desktop\FRST.exe
2013-07-26 19:18 - 2013-07-26 20:58 - 00000000 ____D C:\Windows\pss
2013-07-26 19:16 - 2013-07-26 19:16 - 00020192 _____ C:\Users\Rolf\Desktop\AVSCAN-20130726-155342-5228E12C.LOG
2013-07-14 08:38 - 2013-07-14 08:38 - 00000000 ____D C:\Users\Rolf\AppData\Roaming\RealNetworks
2013-07-14 08:37 - 2013-07-14 08:37 - 00000937 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2013-07-14 08:37 - 2013-07-14 08:37 - 00000000 ____D C:\ProgramData\RealNetworks
2013-07-14 08:37 - 2013-07-14 08:37 - 00000000 ____D C:\Program Files\RealNetworks
2013-07-14 08:37 - 2013-07-14 08:37 - 00000000 ____D C:\Program Files\Common Files\xing shared
2013-07-14 08:36 - 2013-07-14 08:36 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\system32\rmoc3260.dll
2013-07-14 08:36 - 2013-07-14 08:36 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\system32\pndx5016.dll
2013-07-14 08:36 - 2013-07-14 08:36 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\system32\pndx5032.dll
2013-07-10 22:59 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 22:59 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 22:59 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 22:59 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-10 22:59 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 22:59 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 22:59 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-10 22:59 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 22:59 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-10 22:59 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-10 22:59 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 22:59 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 22:59 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 22:59 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 22:59 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-10 22:59 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 21:49 - 2013-06-04 03:50 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 21:49 - 2013-06-01 06:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 21:49 - 2013-05-08 06:04 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 21:49 - 2013-04-17 13:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-10 21:49 - 2013-04-17 13:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-10 21:49 - 2013-04-17 13:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-10 21:49 - 2013-04-17 13:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-10 21:49 - 2013-04-17 12:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-10 21:49 - 2013-04-17 12:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-10 21:49 - 2013-04-17 12:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-10 21:49 - 2013-04-17 12:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 21:49 - 2013-04-17 12:10 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-02 21:55 - 2013-07-02 21:55 - 00000000 ____D C:\Program Files\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2013-07-26 21:40 - 2006-12-18 12:23 - 01084526 _____ C:\Windows\WindowsUpdate.log
2013-07-26 21:20 - 2010-03-14 20:54 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-26 21:20 - 2009-03-19 18:02 - 00000436 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-07-26 21:19 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-26 21:18 - 2007-07-23 15:00 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-07-26 21:18 - 2006-11-02 15:01 - 00032510 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-26 21:14 - 2011-01-30 17:47 - 00000000 ____D C:\Users\Rolf\Documents\Mein Steuer-Sparbuch Heute
2013-07-26 20:58 - 2013-07-26 19:18 - 00000000 ____D C:\Windows\pss
2013-07-26 20:49 - 2006-11-02 14:47 - 00332320 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-26 20:24 - 2010-06-04 21:14 - 00001356 _____ C:\Users\Rolf\AppData\Local\d3d9caps.dat
2013-07-26 19:57 - 2013-07-26 19:57 - 00000000 ____D C:\FRST
2013-07-26 19:56 - 2007-07-21 15:56 - 00000000 ___RD C:\Users\Rolf\Desktop
2013-07-26 19:55 - 2013-07-26 19:55 - 01220112 _____ (Farbar) C:\Users\Rolf\Desktop\FRST.exe
2013-07-26 19:54 - 2006-11-02 14:47 - 00003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-26 19:54 - 2006-11-02 14:47 - 00003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-26 19:51 - 2012-04-18 19:15 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-26 19:16 - 2013-07-26 19:16 - 00020192 _____ C:\Users\Rolf\Desktop\AVSCAN-20130726-155342-5228E12C.LOG
2013-07-26 19:14 - 2010-03-14 20:54 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-23 22:31 - 2007-07-23 16:44 - 11066376 ____R C:\Users\Rolf\Documents\Meine Finanzen Sicherungskopie070507.mbf
2013-07-18 19:51 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-14 10:04 - 2007-08-25 09:54 - 00000000 ____D C:\Users\Rolf\Documents\Haus
2013-07-14 09:50 - 2007-08-02 21:10 - 00111104 _____ C:\Users\Rolf\Documents\Arzt_V1.xls
2013-07-14 08:51 - 2007-07-23 17:23 - 00285898 _____ C:\Users\Rolf\Documents\Benzinverbrauch.xlsx
2013-07-14 08:50 - 2007-12-30 10:54 - 00204441 _____ C:\Users\Rolf\Documents\2007_Berghotel_Rechnungen.xlsx
2013-07-14 08:46 - 2007-08-02 21:18 - 00683008 _____ C:\Users\Rolf\Documents\Das.xls
2013-07-14 08:38 - 2013-07-14 08:38 - 00000000 ____D C:\Users\Rolf\AppData\Roaming\RealNetworks
2013-07-14 08:37 - 2013-07-14 08:37 - 00000937 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2013-07-14 08:37 - 2013-07-14 08:37 - 00000000 ____D C:\ProgramData\RealNetworks
2013-07-14 08:37 - 2013-07-14 08:37 - 00000000 ____D C:\Program Files\RealNetworks
2013-07-14 08:37 - 2013-07-14 08:37 - 00000000 ____D C:\Program Files\Common Files\xing shared
2013-07-14 08:37 - 2009-09-10 20:25 - 00000000 ____D C:\Users\Rolf\AppData\Roaming\Real
2013-07-14 08:37 - 2009-09-10 20:25 - 00000000 ____D C:\ProgramData\Real
2013-07-14 08:37 - 2009-09-10 20:25 - 00000000 ____D C:\Program Files\Real
2013-07-14 08:37 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-14 08:36 - 2013-07-14 08:36 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\system32\rmoc3260.dll
2013-07-14 08:36 - 2013-07-14 08:36 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\system32\pndx5016.dll
2013-07-14 08:36 - 2013-07-14 08:36 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\system32\pndx5032.dll
2013-07-14 08:36 - 2011-06-23 21:38 - 00272896 _____ (Progressive Networks) C:\Windows\system32\pncrt.dll
2013-07-14 08:36 - 2003-03-18 21:14 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\msvcp71.dll
2013-07-14 08:27 - 2010-03-14 20:45 - 00001973 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-14 08:25 - 2007-07-21 18:33 - 00000000 ____D C:\Users\Rolf\AppData\Local\Google
2013-07-14 08:03 - 2010-02-02 21:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-14 08:03 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2013-07-10 23:07 - 2006-11-02 12:33 - 01468520 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-10 23:02 - 2006-11-02 12:24 - 75699896 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-07-10 23:01 - 2007-07-23 09:45 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 22:51 - 2006-11-02 14:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-09 23:10 - 2009-06-07 14:13 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-07-05 06:49 - 2012-05-07 19:58 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-02 21:55 - 2013-07-02 21:55 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-30 09:34 - 2012-12-17 21:24 - 00014790 _____ C:\Users\Rolf\Documents\Geburtstagsplanung.xlsx
Files to move or delete:
====================
C:\ProgramData\ezsid.dat
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-26 21:30
==================== End Of Log ============================
--- --- --- --- --- --- und die addition.txt Code:
ATTFilter dditional scan result of Farbar Recovery Scan Tool (x86) Version: 25-07-2013
Ran by Rolf at 2013-07-26 19:59:40
Running from C:\Users\Rolf\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Update for Microsoft Office 2007 (KB2508958)
1&1 EasyLogin
1und1 Internet Explorer Add-On
1und1 Internet Explorer Add-On (Version: 1.0)
7-Zip 4.65
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7)
Apple Application Support (Version: 2.3)
Apple Software Update (Version: 2.1.3.127)
ArcSoft MediaConverter 2
ArcSoft PhotoImpression 5
ArcSoft ShowBiz DVD 2
Ask Toolbar (Version: 1.15.26.0)
Avanquest update (Version: 1.29)
Avira Antivirus Premium 2012 (Version: 12.1.9.2400)
AVM FRITZ!Box Monitor
AVM FRITZ!DSL (Version: 2.04.02)
AVM FRITZ!fax für FRITZ!Box
Bonjour (Version: 1.0.105)
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MG5200 series Benutzerregistrierung
Canon MG5200 series MP Drivers
Canon MP Navigator EX 4.0
Canon My Printer
Canon Solution Menu EX
CD-LabelPrint
Falk Navi-Manager (Version: 1.2.172)
Falk Navi-Manager (Version: 1.4.0.0)
Falk Navi-Manager (Version: 1.4.1.0)
Falk Navi-Manager (Version: 2.0.1)
Falk Navi-Manager (Version: 2.1.6.0)
Falk Navi-Manager (Version: 2.1.7.0)
Falk Navi-Manager (Version: 2.2.2)
Falk Navi-Manager (Version: 2.5.0)
Falk Navi-Manager (Version: 2.5.1)
Falk Navi-Manager (Version: 2.6.1)
Falk Navi-Manager (Version: 2.6.2)
Google Chrome (Version: 28.0.1500.72)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)
Google Update Helper (Version: 1.3.21.153)
Hardware Diagnose Tools (Version: 5.00.4262.12)
HP Advisor (Version: 3.1.9152.3107)
HP Customer Experience Enhancements (Version: 1.00.0000)
HP Easy Setup - Core (Version: 1.00.0000)
HP Easy Setup - Frontend (Version: 5.00.0000)
HP Picasso Media Center Add-In (Version: 1.0.0)
HP Update (Version: 5.002.007.004)
HPSSupply (Version: 100.0.172.000)
Intel® Viiv™ Software (Version: 1.6.361.6)
Internet-Radio Player Version 2.01.4
iTunes (Version: 8.0.1.11)
Java 7 Update 13 (Version: 7.0.130)
Java Auto Updater (Version: 2.1.9.0)
LightScribe 1.4.124.1 (Version: 1.4.124.1)
McAfee Security Scan Plus (Version: 3.0.318.3)
MERTEN SCHALTER-MANAGER 2013.0.1
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (Version: 12.0.4518.1014)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Money 99
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007-Testversion (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 SP1 CRT Redistributable (Version: 1.00.0000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 08.05.0822)
Microsoft Works Setup Launcher
Microsoft XML Parser und SDK (Version: 4.10.9404.0)
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA Grafiktreiber 296.19 (Version: 296.19)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA Systemsteuerung 296.19 (Version: 296.19)
NVIDIA Update 1.7.12 (Version: 1.7.12)
NVIDIA Update Components (Version: 1.7.12)
OcxSetup (Version: 1.0.0)
Optimierte Multimedia-Tastatur-Lösung
PHOTOfunSTUDIO 6.1 HD Lite Edition (Version: 6.01.015)
Python 2.4.3 (Version: 2.4.3150)
QuickTime (Version: 7.73.80.64)
RealDownloader (Version: 1.3.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.2)
Realtek High Definition Audio Driver (Version: 6.0.1.5548)
RealUpgrade 1.1 (Version: 1.1.0)
Roxio Creator Audio (Version: 3.3.0)
Roxio Creator Basic v9 (Version: 3.3.0)
Roxio Creator Copy (Version: 3.3.0)
Roxio Creator Data (Version: 3.3.0)
Roxio Creator EasyArchive (Version: 3.3.0)
Roxio Creator Tools (Version: 3.3.0)
Roxio Express Labeler 3 (Version: 2.1.0)
Seagate Manager Installer (Version: 2.01.0600)
Shop for HP Supplies (Version: 10.0)
Skype™ 5.10 (Version: 5.10.116)
Softonic_Deutsch Toolbar (Version: )
Sony Ericsson PC Companion 2.02.002 (Version: 2.02.002)
Sony Ericsson PC Suite 6.012.00 (Version: 6.012.00)
StarMoney (Version: 5.0)
Super LoiLoScope WebShortcut (Version: 1.0.0)
Uniblue System Tweaker
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Windows Media Encoder 9-Reihe
Windows Media Encoder 9-Reihe (Version: 9.00.3374)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Mobile-Gerätecenter (Version: 6.1.6965.0)
Windows Mobile-Gerätecenter: Treiberupdate (Version: 6.1.6965.0)
WISO EÜR & Kasse 2009 (Version: 16.02.6248)
WISO EÜR & Kasse 2010 (Version: 17.01.6547)
WISO EÜR & Kasse 2011 (Version: 18.01.6946)
WISO Rechnungsbuch 2008 (Version: 15.02.0000)
WISO Sparbuch 2010 (Version: 17.00.6531)
WISO Steuer-Sparbuch 2011 (Version: 18.00.6928)
WISO Steuer-Sparbuch 2012 (Version: 19.00.7303)
WISO Steuer-Sparbuch 2013 (Version: 20.00.8137)
XVID Codec Installation
==================== Restore Points =========================
21-05-2013 17:19:58 Geplanter Prüfpunkt
22-05-2013 19:57:02 Geplanter Prüfpunkt
26-05-2013 16:11:01 Geplanter Prüfpunkt
30-05-2013 17:39:28 Geplanter Prüfpunkt
06-06-2013 16:32:58 Geplanter Prüfpunkt
11-06-2013 06:10:54 Geplanter Prüfpunkt
12-06-2013 18:57:06 Windows Update
16-06-2013 06:19:10 Geplanter Prüfpunkt
19-06-2013 18:06:52 Geplanter Prüfpunkt
29-06-2013 18:35:16 Geplanter Prüfpunkt
02-07-2013 05:41:15 Geplanter Prüfpunkt
02-07-2013 19:34:08 Geplanter Prüfpunkt
05-07-2013 05:37:59 Geplanter Prüfpunkt
10-07-2013 20:50:19 Windows Update
18-07-2013 18:18:27 Geplanter Prüfpunkt
20-07-2013 10:36:19 Geplanter Prüfpunkt
21-07-2013 14:39:30 Geplanter Prüfpunkt
24-07-2013 19:54:02 Geplanter Prüfpunkt
26-07-2013 19:32:50 Windows Update
==================== Hosts content: ==========================
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {01FD020E-B713-4F4A-9E9E-2D019EA4364E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0E53C67D-5401-4D6C-9196-22461D1E5F01} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-16] (Adobe Systems Incorporated)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2CB6EDB9-7EE7-46BF-84F0-6B5182526889} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-19] (Microsoft Corporation)
Task: {2CD34F02-5851-4860-BCA9-94C5D26EC3E9} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2962811509-3781454280-90558866-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {4551C094-9B77-4D6A-9949-0F0E5AE852DD} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2962811509-3781454280-90558866-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {519318A4-7C35-48EC-822D-89FB1A0A01EA} - System32\Tasks\Microsoft\Windows\RestartManager\{7E33D851-CA16-414e-A3E3-E4383BDD3D94} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {67A2D7C2-684A-4C94-BEEB-997413CDD5B5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-14] (Google Inc.)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-19] (Microsoft Corporation)
Task: {B3D64788-366B-4E62-9992-0704EFE2EB8D} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {B8563780-B408-4F31-973B-57DF737890D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-14] (Google Inc.)
Task: {C10CD90D-B988-4683-97B7-5FCE56F75890} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2013-04-30] ()
Task: {C2FA19F1-FDF0-45DD-9D1D-AA2A7872CF2A} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2962811509-3781454280-90558866-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {EA823AAF-8552-441B-9E69-30E9C996FD04} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2962811509-3781454280-90558866-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {F0131AFD-4237-4422-9F9A-584F2DB0E36A} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-19] (Microsoft Corp.)
Task: {F7092FE6-0A34-4D6D-8997-D48EBC70C90C} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/26/2013 08:45:08 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (07/26/2013 08:45:08 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (07/26/2013 08:45:04 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp4580070422
Error: (07/26/2013 02:29:25 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (07/26/2013 02:29:24 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (07/26/2013 02:28:34 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (07/26/2013 02:21:28 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel 0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d,
Prozess-ID 0xa84, Anwendungsstartzeit rundll32.exe0.
Error: (07/26/2013 02:21:08 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16496, Zeitstempel 0x51a55c6d, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d,
Prozess-ID 0x152c, Anwendungsstartzeit iexplore.exe0.
Error: (07/25/2013 03:43:52 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel 0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d,
Prozess-ID 0xe54, Anwendungsstartzeit rundll32.exe0.
Error: (07/25/2013 03:34:30 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel 0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d,
Prozess-ID 0x165c, Anwendungsstartzeit rundll32.exe0.
System errors:
=============
Error: (07/26/2013 10:07:42 PM) (Source: ipnathlp) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.
Error: (07/26/2013 09:29:02 PM) (Source: ipnathlp) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.
Error: (07/26/2013 09:23:02 PM) (Source: Service Control Manager) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86
Error: (07/26/2013 09:21:46 PM) (Source: Service Control Manager) (User: )
Description: i8042prt
Error: (07/26/2013 09:21:46 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (07/26/2013 09:20:34 PM) (Source: ipnathlp) (User: )
Description: Die DHCP-Zuweisung wurde für IP-Adresse 192.168.178.20 deaktiviert, da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
Error: (07/26/2013 09:20:34 PM) (Source: ipnathlp) (User: )
Description: ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
Error: (07/26/2013 09:13:24 PM) (Source: Service Control Manager) (User: )
Description: i8042prt
Error: (07/26/2013 09:13:24 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (07/26/2013 09:12:58 PM) (Source: WMPNetworkSvc) (User: )
Description: 0xc00d2711
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2013-05-21 20:13:03.649
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome150browserrecordhelper.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-05-21 20:13:03.294
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome150browserrecordhelper.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-02 18:37:44.737
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome150browserrecordhelper.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-02 18:37:44.411
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome150browserrecordhelper.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-11-25 09:45:10.492
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome150browserrecordhelper.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-11-25 09:45:10.209
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome150browserrecordhelper.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-11-25 09:38:10.971
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome150browserrecordhelper.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-11-25 09:38:10.661
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome150browserrecordhelper.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-07-14 15:53:25.120
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome150browserrecordhelper.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-07-14 15:53:24.892
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome150browserrecordhelper.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 54%
Total physical RAM: 3069.76 MB
Available physical RAM: 1382.56 MB
Total Pagefile: 6369.77 MB
Available Pagefile: 4551.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.75 MB
==================== Drives ================================
Drive b: (Volume) (Fixed) (Total:7.81 GB) (Free:6.75 GB) NTFS
Drive c: (HP) (Fixed) (Total:284.98 GB) (Free:10.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:5.3 GB) (Free:0.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=285 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
26.07.2013, 19:11
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC heute mit Trojaner infiziert PC geblockt Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKCU\...\Run: [{146B1F8C-5E43-B87C-DDF7-5D1F918F2527}] - C:\Users\Rolf\AppData\Roaming\Urra\suhu.exe [x]
ShortcutTarget: regmonstd.lnk -> C:\Users\Rolf\AppData\Local\Temp\b34btbztdb0vavaw.exe (No File)
Startup: C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
C:\ProgramData\ezsid.dat
C:\Users\Rolf\AppData\Roaming\Urra
C:\Users\Rolf\AppData\Local\Temp\b34btbztdb0vavaw.exe
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.07.2013, 19:30
| #9 |
| | PC heute mit Trojaner infiziert PC geblocktCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-07-2013
Ran by Rolf at 2013-07-26 20:29:04 Run:1
Running from C:\Users\Rolf\Desktop
Boot Mode: Normal
==============================================
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\{146B1F8C-5E43-B87C-DDF7-5D1F918F2527} => Value deleted successfully.
C:\Users\Rolf\AppData\Local\Temp\b34btbztdb0vavaw.exe not found.
C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk => Moved successfully.
C:\ProgramData\ezsid.dat => Moved successfully.
C:\Users\Rolf\AppData\Roaming\Urra => Moved successfully.
"C:\Users\Rolf\AppData\Local\Temp\b34btbztdb0vavaw.exe" => File/Directory not found.
==== End of Fixlog ====
|
|
26.07.2013, 19:35
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC heute mit Trojaner infiziert PC geblockt Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.07.2013, 18:10
| #11 |
| | PC heute mit Trojaner infiziert PC geblockt So, da bin ich wieder. Alles erledigt. log Datei nach erstem Scan: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org
Database version: v2013.07.26.06
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Rolf :: HOME-PC [administrator]
26.07.2013 21:34:03
mbar-log-2013-07-26 (21-34-03).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 289916
Time elapsed: 16 minute(s), 44 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
c:\Users\Rolf\AppData\Local\Temp\b34btbztdb0vavaw.virus.exe (Trojan.Winlock) -> Delete on reboot.
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Hatte beim Neustart einen Hinweis, dass der Microsoft Office OneNote Quick Launcher nicht mehr funktioniert... Code:
ATTFilter alwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org
Database version: v2013.07.26.06
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Rolf :: HOME-PC [administrator]
26.07.2013 22:04:25
mbar-log-2013-07-26 (22-04-25).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 289896
Time elapsed: 17 minute(s), 51 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
sind wir nun am Ende angekommen? Wenn ja, möchte ich mich ganz herzlich bedanken für den tollen Job. Echt super! Werde Euch gern weiterempfehlen!  |
|
28.07.2013, 22:17
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC heute mit Trojaner infiziert PC geblockt Ich vermisse das Log von GMER
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.07.2013, 12:05
| #13 |
| | PC heute mit Trojaner infiziert PC geblockt Sorry, übersehen hier jetzt die GMER vom 26.07. Code:
ATTFilter GMER Logfile: |
|
29.07.2013, 13:08
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC heute mit Trojaner infiziert PC geblockt JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.07.2013, 18:02
| #15 |
| | PC heute mit Trojaner infiziert PC geblockt die jrt.txt Datei: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.7 (07.29.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Rolf on 29.07.2013 at 17:52:49,89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apnupdater
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT1351351
~~~ Files
Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"
Successfully deleted: [File] "C:\Windows\system32\conduitengine.tmp"
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Rolf\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Rolf\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Rolf\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files\conduit"
~~~ FireFox
Successfully deleted: [File] C:\Users\Rolf\AppData\Roaming\mozilla\firefox\profiles\f8w0ilec.default\user.js
Successfully deleted: [Folder] C:\Users\Rolf\AppData\Roaming\mozilla\firefox\profiles\f8w0ilec.default\extensions\toolbar@ask.com
Successfully deleted the following from C:\Users\Rolf\AppData\Roaming\mozilla\firefox\profiles\f8w0ilec.default\prefs.js
user_pref("extensions.asktb.AviraIDW-TS", "1319826843056");
user_pref("extensions.asktb.AviraIDW-XML", "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<button xmlns=\"hxxp://websearch.ask.com/widgets\">\n <widget_url>hxxps://aviratoolb
user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
user_pref("extensions.asktb.OOBEVersion", "1");
user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
user_pref("extensions.asktb.cbid", "JM");
user_pref("extensions.asktb.config-updated", false);
user_pref("extensions.asktb.crumb", "2011.07.02+09.58.39-toolbar008iad-DE-RXJmdXJ0LEdlcm1hbnk%3D");
user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}&gct=bar");
user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
user_pref("extensions.asktb.first-launch-url", "hxxp://news.tchibo.de/go/1/O4XDNOX-O30BN8Q-O2DVARN-15KHEFK.html");
user_pref("extensions.asktb.first-restart-after-config-update", true);
user_pref("extensions.asktb.fresh-install", false);
user_pref("extensions.asktb.guid", "c57b453c-bd5d-40b1-800e-eeec0858d954");
user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxp
user_pref("extensions.asktb.if", "first");
user_pref("extensions.asktb.keyword-toggled-in-session", false);
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.last-config-req", "1375084487900");
user_pref("extensions.asktb.last-search-timestamp", "1374425852779");
user_pref("extensions.asktb.locale", "de_DE");
user_pref("extensions.asktb.location", "Erfurt,Germany");
user_pref("extensions.asktb.new-tab-opt-out", true);
user_pref("extensions.asktb.notification-shown", true);
user_pref("extensions.asktb.o", "100000080");
user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
user_pref("extensions.asktb.qsrc", "2871");
user_pref("extensions.asktb.r", "20");
user_pref("extensions.asktb.sa", "NO");
user_pref("extensions.asktb.search-history-queries", "KTH-XW4300/1G||Pavilion Media Center m7791||Festplatte für Pavilion Media Center m7791||Biathlon||Therme Bad Kissingen||H
user_pref("extensions.asktb.search-suggestions-enabled", true);
user_pref("extensions.asktb.silent-upgrade", true);
user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
user_pref("extensions.asktb.socialmini-native-on", true);
user_pref("extensions.asktb.themeid", "");
user_pref("extensions.asktb.timeinstalled", "18.06.2012 19:11:18");
user_pref("extensions.asktb.to", "");
user_pref("extensions.asktb.v", "3.15.26.100015");
user_pref("extensions.asktb.version", "5.15.26.45268");
Emptied folder: C:\Users\Rolf\AppData\Roaming\mozilla\firefox\profiles\f8w0ilec.default\minidumps [67 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.07.2013 at 17:55:28,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.306 - Datei am 29/07/2013 um 18:17:37 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Rolf - HOME-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Rolf\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Datei Gelöscht : C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\f8w0ilec.default\searchplugins\11-suche.xml
Gelöscht mit Neustart : C:\Users\Rolf\AppData\Local\Temp\Zynga
Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\Program Files\Softonic_Deutsch
Ordner Gelöscht : C:\Users\Rolf\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Rolf\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Rolf\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\Rolf\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Rolf\AppData\LocalLow\Softonic_Deutsch
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Softonic_Deutsch
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Softonic_Deutsch Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72465536-6AFD-41E0-83C7-B45EFDA07DBA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{72465536-6AFD-41E0-83C7-B45EFDA07DBA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{823D3FB7-1DE7-45EA-81C8-157CBE8AF686}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26951963-1D44-4AE3-B5BF-576D6E3581F8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BADA4D-69DC-444A-8685-F1429725724F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{72465536-6AFD-41E0-83C7-B45EFDA07DBA}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D0E499F53381f84992C7A212CF1D8F5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic_Deutsch Toolbar
Schlüssel Gelöscht : HKLM\Software\Softonic_Deutsch
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16496
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\f8w0ilec.default\prefs.js
Gelöscht : user_pref("extensions.asktb.AviraIDW-XML", "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<button xm[...]
Gelöscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
-\\ Google Chrome v28.0.1500.72
Datei : C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
Datei : C:\Users\Internet\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [10087 octets] - [29/07/2013 18:17:37]
########## EOF - C:\AdwCleaner[S1].txt - [10148 octets] ##########
OTL extras.txt: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.07.2013 18:33:24 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rolf\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 58,71% Memory free
6,22 Gb Paging File | 4,80 Gb Available in Paging File | 77,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 284,98 Gb Total Space | 10,12 Gb Free Space | 3,55% Space Free | Partition Type: NTFS
Drive D: | 5,30 Gb Total Space | 0,65 Gb Free Space | 12,18% Space Free | Partition Type: NTFS
Computer Name: HOME-PC | User Name: Rolf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2962811509-3781454280-90558866-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FC6740D-6ED3-4487-953E-5362C07B5990}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0FCBC951-810E-430D-A9C6-30CB99C35028}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{15216971-76AD-4B6D-A3B0-5328543EA06B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1A7A6CD3-5DD5-49BC-A2D4-A4262FEC92A4}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{25821E95-E442-4EE8-AB25-86462222841B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{370E2C68-9178-4F8A-900A-8154706D0288}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery |
"{3D11DC3E-BBEF-4BC5-ACA0-DAF13F699CBC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3E4A589A-34C9-4536-9148-6F54BEE0E59F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{44226056-5095-4B33-A2E8-21E43E173A2A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{49FD8BE8-B88A-477E-80D8-F520D60710F4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5CEF8164-A8D0-45B8-BB0E-E7F2A712B8F6}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery |
"{6D3DD1BD-AAF5-4333-8BBD-7CFB2B48CF4D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6D7372CD-4547-4EC9-B1DC-8C938DD94F07}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{833F3A9C-8AF0-4510-BB15-7E39A03A3271}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{88672968-0F2C-4F09-92F5-8310283DEC83}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{888FCF29-E66D-4590-B136-3E40AC0AA310}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8E9FA37C-BF74-4D95-8FE4-D5E8A7E661C7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{96D51A45-5033-48CA-B265-8EEA2FFF5E8A}" = rport=2869 | protocol=6 | dir=out | app=system |
"{B27B2260-B486-4649-9A04-8CF85AD8A16C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BCEDE45D-CAB7-4CE1-BEA4-E154B7ACD322}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C1EB345B-50B5-437E-897D-8D1F1DE5C32F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C96507E9-084E-47E6-9D1E-369A32A5954F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CE87CC3F-3A1E-4404-9D61-A5E226F52FE8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D6A13C32-B533-4656-93B8-F34BA32A0E10}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F5C4A852-A495-4951-AC8A-6B801F0AC1A0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F707D3AB-4E7E-4B85-AF43-3DBF24A1E526}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FA33D1FC-812D-4E19-8B44-B453698B984E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E6272B-3B8B-4563-A9D4-420F07C67D87}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0525D3FE-2F75-41C3-BD94-11CDCC703410}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0679A0DD-8E47-45E4-8A72-3CC8B63F9F0A}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{0D4A9CD8-08A7-4BFC-AAB7-A18776A773E0}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0DDAE263-798E-49A9-A204-A107D9106B48}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{15AAAA9A-0881-4F5F-815B-332A68EED762}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1AF072A2-5109-46F3-BEF1-37B397C08A54}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{205DF206-3F38-4DA3-ABD5-2DBF5764018D}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{21A2F279-E466-46BE-8A97-E51DBD4F2B13}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{245085FC-BD3B-4494-BE36-A41EED770DE7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{24A78CC5-70CF-405D-955A-BCA856FA7E4C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{25249F0B-8F72-4F7E-86E8-6623CD9952F8}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{255222BC-CE1A-4844-B7DD-9C9DBBB572F5}" = protocol=6 | dir=in | app=c:\program files\fritz!\igd_finder.exe |
"{2C2D2614-9ECC-43BB-B96D-C36498EE296F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{31D0E16B-7B26-4002-91B7-8B6BADE9ABCC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{38DF9034-5746-4A51-A51A-E01AA3155087}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{39F959EF-577E-421B-8898-2B5646CC390D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{425E6C65-EDF1-4BE7-A5E2-E344E5773A8F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{48F4583E-4808-4AC0-BC54-72670AA83DC7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4DF5BA8E-CEDD-4F08-A88D-7CC8812593DE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{52278921-DBE6-4896-BBCB-3D79C9A72B71}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{54605251-832F-45F3-B6DC-9101D709C3A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{55A5F4DC-669F-4163-BFAF-CF9DEC78BB43}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{55E9F47F-A2D1-48B9-9C26-2892F38C5F84}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{58113509-3BBF-400B-9726-4668A55B565D}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{594B3692-6ADB-4CA1-BF49-DF231DF4B45E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{59E933AA-80FF-42FA-9747-094836136090}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5ACB4E3E-88B2-4A9D-9B72-BFC34405A7DE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5BA69436-F53F-4239-90F5-20B5C077DEF9}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{661A5955-8683-42FE-B9DE-7E00194577F6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{68AC001A-3FA5-4A7A-A10B-5F9A5B9CBF99}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6FF47708-A697-492C-9BB0-E47423E92D85}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7112FBDF-209E-4F15-A6C9-39B938684246}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7353F4F6-0049-4D56-A1FB-F5D12C4842E9}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{7861B872-DED2-4256-B4AF-3C066C112108}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7A8A1300-B8D9-432C-A1AB-A41219C627A3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7C629364-7082-496C-8D11-03ED652FFA97}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7DAA1721-3E75-4866-863B-F4F3F33FEB92}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{80D2FA25-B864-4AAA-BFFF-1EF7B9DE3D4E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{82A9AE32-1EBD-4565-A336-E4EC02AEE640}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{867AB1E8-F2DB-4A34-9B94-3F270B28C518}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{93156E1B-2274-4B4A-891A-74F9B5DDA8C3}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{949E3CF1-A690-4B3E-BF4F-1C355BDD0EB0}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{94AD5A9C-714E-4F23-A80A-9D2044B09655}" = protocol=6 | dir=in | app=c:\program files\fritz!\fboxset.exe |
"{9AD71942-4E18-4875-841F-2E9770432E30}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{9CAA975C-1310-4AEC-B280-0FB1DEBD7039}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9D608A0E-F7FA-4714-9860-E505B77A92C9}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A7595784-6E9B-4200-A970-806A408583B0}" = protocol=6 | dir=out | app=system |
"{AA4B4DE3-7524-4867-93FA-5C564DCF2138}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{AB208401-8FE5-4E65-B544-7C01CC49F026}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AC410E42-133B-4F8A-BFC4-C81539A6403A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ACCA302C-58AD-4D2C-932C-5430BBBF7FF1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B0C3AB45-4366-4050-836E-DE47AE5D936F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B22263E1-29D8-4B98-B6E6-AA402AE17BE3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B27DFE65-2E27-45C2-A4DE-643ED41091C7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B4EBA1B0-636A-4336-95FC-1D1CC08A79D9}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{B7BF87A7-BDEE-44A2-AC5F-65BE4293B96F}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{BBE22A43-161F-4C22-8602-87B971506A92}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BC9889F6-7D46-4AFA-9A54-865901B86680}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BD3089D7-7B16-44CB-BF9A-C5198E83686C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C0397E50-B2E7-4255-BF9A-CFC4CB14CB4C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C076EB4E-39E9-4877-BB81-AB18E595FC98}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C90C2203-1A9D-4318-92F6-5F46F5A2607F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CC2CCA5A-4DF8-45D5-816F-25CABBF9AAAE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CD923069-5AFC-454B-AC38-EAD04180A168}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CE50AD7E-9FAB-4BC0-82FC-0CD076A3806E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CFA94AC9-BF55-4B04-A9C1-36B1B5753EAA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D061F8CD-039F-4D1C-9815-FD77F28EFB9C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D0D05B35-6BC5-44E8-9EAB-2E7CF31CFFB9}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D2FD84F1-89F9-44B9-AC0D-B7E3E5ACD2E1}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D466C1F1-168F-416E-B888-679BCBD02D0E}" = protocol=17 | dir=in | app=c:\program files\fritz!\igd_finder.exe |
"{D655FD66-370E-4DC9-A272-26468C89D701}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D6F6FFF0-3802-4BF0-93FD-8F8A85592227}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{D89748A5-316D-4470-B901-A6D43E929AFC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D96F6939-5444-4572-A540-E2C503ABA562}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DC003BE2-7B3A-4789-8905-3E2FCEA6D19D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DD8BB9B6-D1C6-45C6-B39D-22ED6B21A215}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DFBCFB19-8E99-414B-8031-FEDC5CD93646}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E3A66394-3BA5-483B-A954-5FB7F20997F3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E40E34AA-0CA6-4840-BD67-B74BAB3EF8D9}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{ECE60037-F090-49CB-A05D-0F28EC789997}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF20D322-0F9A-4666-ABAB-FE3D3C74A9DD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F616BB60-A4E5-49B1-A1D2-C471264A4E5B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F927DB9E-159E-482B-8B06-2DE30A6B4386}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{F9482B33-BACB-4109-8FAB-C0D1A9C71063}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FB7F83D2-12CF-47DD-9980-532378E379E6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FC00A9D5-5DCC-46A1-8C45-DEDBC314D2AF}" = protocol=17 | dir=in | app=c:\program files\fritz!\fboxset.exe |
"TCP Query User{08D0B20C-C02D-46C7-BD76-F6254A862AF1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{0D55F987-4B59-42A9-8C26-EB65DE7081AA}C:\users\rolf\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=6 | dir=in | app=c:\users\rolf\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe |
"TCP Query User{1E8E20B1-8C70-4ABF-8FD7-4497D410D00C}C:\program files\fritz!\frifax32.exe" = protocol=6 | dir=in | app=c:\program files\fritz!\frifax32.exe |
"TCP Query User{43C7B377-93A6-40EE-AB5C-195884FA0A05}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{8DF8B88C-BB4C-4C2F-8135-F44849662085}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{907C876B-60D9-4285-8C8E-0D9993DD4D80}C:\users\rolf\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\rolf\appdata\local\temp\_istmp1.dir\_ins5576._mp |
"TCP Query User{95385CE8-5955-4B4D-A915-F0DBD977B121}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=6 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe |
"TCP Query User{DE70C13F-BDF8-494F-A4CD-377705D0B54B}C:\program files\internetradio player\ps_olect.exe" = protocol=6 | dir=in | app=c:\program files\internetradio player\ps_olect.exe |
"TCP Query User{E4D22ACD-A934-4EC9-88BD-790F95B0014E}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{E5415C13-51F9-4C71-9371-6F820AEEB8C6}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{F2EF8077-E286-4505-97A9-14DB5F6DD894}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=6 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe |
"TCP Query User{F9163499-9463-4848-B700-9B0E9FA22D27}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{048443B0-1BE7-4B14-B86D-18B7F15F9A2F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{1CC1113A-44D9-44B9-BFB2-0EB225CC2EA0}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{36778B79-8173-42BB-9333-2BD372130D62}C:\program files\fritz!\frifax32.exe" = protocol=17 | dir=in | app=c:\program files\fritz!\frifax32.exe |
"UDP Query User{5881798B-0EDB-4DB3-B655-0EACABA489B0}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{5F6ACAF4-2C26-4DCA-8DFD-B2DDA255FB1C}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{640688D0-0EC7-4DB7-A001-541BC3F17595}C:\program files\internetradio player\ps_olect.exe" = protocol=17 | dir=in | app=c:\program files\internetradio player\ps_olect.exe |
"UDP Query User{79118E27-B4E4-45CF-8950-73FDA951B2E7}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{8B59F715-7C21-485A-83A6-591149A309A9}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=17 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe |
"UDP Query User{973AFAD3-F3FB-47F2-9F42-2817A3E41FBB}C:\users\rolf\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=17 | dir=in | app=c:\users\rolf\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe |
"UDP Query User{C9526E02-5F29-4A3A-AED5-D5D34D54AB90}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=17 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe |
"UDP Query User{CDEDB5B6-B2DD-4CA8-A808-B159AF31D1F3}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{E2DA5F86-1621-44E1-BE0C-32F2E05B84ED}C:\users\rolf\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\rolf\appdata\local\temp\_istmp1.dir\_ins5576._mp |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BF9524E-AF30-4A21-A55F-162EB1F72358}" = Falk Navi-Manager
"{1DA770BB-419D-480B-8DD6-F5C4042D73F6}" = WISO Rechnungsbuch 2008
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{299A33DF-313A-4C38-9610-71FDA80D5E02}" = WISO EÜR & Kasse 2009
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2DD30F74-520A-4513-ACE8-FFF5117EACC6}" = StarMoney
"{2EF095CE-24AF-4AAA-BB82-85F988EC51C0}" = 1und1 Internet Explorer Add-On
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.012.00
"{3222B0CE-59C5-4CA0-B545-2B88F200756B}" = Falk Navi-Manager
"{35343FF7-939B-401A-87B3-FF90A5123D88}" = Microsoft XML Parser und SDK
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{3F055F6A-049B-4D8E-BA00-3B77C11A968F}" = Falk Navi-Manager
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4FE82F4B-B7D8-4E65-84AD-E0436CDE57DD}" = ArcSoft PhotoImpression 5
"{52D4013E-3FEC-4C08-AAA8-CC24985A04E1}" = WISO EÜR & Kasse 2010
"{534C6D59-D6E3-48A6-AD0B-747799019960}" = XVID Codec Installation
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65415AC9-0D2B-4A0F-9786-28748640F781}" = Falk Navi-Manager
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B}" = Intel® Viiv™ Software
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7117C6B9-110A-4667-B4FD-8334ED976492}" = WISO EÜR & Kasse 2011
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E653036-DE31-4BFD-96BB-421CC72E06FC}" = PHOTOfunSTUDIO 6.1 HD Lite Edition
"{8013FB2B-4785-4B83-8CA2-C1B93C246422}" = Falk Navi-Manager
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83DA46EC-2CB1-4649-9100-C4F98D8DA8CD}" = ArcSoft MediaConverter 2
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{924A365C-6727-42B9-91AC-C8C2CAC0B835}" = Falk Navi-Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5C57D1-3B27-4B41-89E6-C74C6937F4FB}" = Falk Navi-Manager
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCE2F68-FAFC-4826-9951-E38232406CDF}" = Falk Navi-Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC589470-884E-4E15-96D8-437780F8185D}" = Super LoiLoScope WebShortcut
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF421DF1-EA0D-481C-917C-FBEA8C890929}" = Falk Navi-Manager
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{C3DC29BC-A8CF-4578-9DFC-37F049C44771}" = OcxSetup
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CC038D57-788A-4544-BF8F-179E5CF50D2F}" = Microsoft Visual C++ 2005 SP1 CRT Redistributable
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{DEA26700-69D8-4EE1-AD8A-609BD28965E6}" = Falk Navi-Manager
"{DFE506AB-DDEA-4C94-BDE0-C26F4B21C71A}" = Falk Navi-Manager
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{E74F33A1-D852-4FC0-A74B-54662E407187}" = Falk Navi-Manager
"{E883DCB3-766D-4166-8B28-33C8FE451F2B}" = ArcSoft ShowBiz DVD 2
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"1&1 EasyLogin" = 1&1 EasyLogin
"1und1 Internet Explorer Add-On" = 1und1 Internet Explorer Add-On
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"AVMFBoxMonitor" = AVM FRITZ!Box Monitor
"Canon MG5200 series Benutzerregistrierung" = Canon MG5200 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007-Testversion
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"Intel(R) Configuration Center" = Intel® Viiv™ Software
"Internet-Radio Player_is1" = Internet-Radio Player Version 2.01.4
"McAfee Security Scan" = McAfee Security Scan Plus
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"MERTEN SCHALTER-MANAGER_is1" = MERTEN SCHALTER-MANAGER 2013.0.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MSMONEYV70" = Microsoft Money 99
"PC-Doctor 5 for Windows" = Hardware Diagnose Tools
"RealPlayer 16.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"System Tweaker_is1" = Uniblue System Tweaker
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"Works99Setup" = Microsoft Works Setup Launcher
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2962811509-3781454280-90558866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ System Events ]
Error - 29.07.2013 12:23:01 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 29.07.2013 12:23:04 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 29.07.2013 12:23:23 | Computer Name = Home-PC | Source = WMPNetworkSvc | ID = 866312
Description =
Error - 29.07.2013 12:23:23 | Computer Name = Home-PC | Source = WMPNetworkSvc | ID = 866312
Description =
Error - 29.07.2013 12:23:26 | Computer Name = Home-PC | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
Error - 29.07.2013 12:23:26 | Computer Name = Home-PC | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.178.20 deaktiviert,
da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
< End of report >
[/CODE] und zum Schluss die OTL Datei: OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.07.2013 18:33:24 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rolf\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 58,71% Memory free 6,22 Gb Paging File | 4,80 Gb Available in Paging File | 77,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 284,98 Gb Total Space | 10,12 Gb Free Space | 3,55% Space Free | Partition Type: NTFS Drive D: | 5,30 Gb Total Space | 0,65 Gb Free Space | 12,18% Space Free | Partition Type: NTFS Computer Name: HOME-PC | User Name: Rolf | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Rolf\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.) PRC - C:\Programme\WISO\Steuersoftware 2013\mshaktuell.exe () PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe () PRC - C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - C:\Windows\System32\ieconfig_1und1_svc.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe (1&1 Internet AG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Programme\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation) PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe () PRC - C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC) PRC - C:\Programme\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Seagate LLC) PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Programme\FRITZ!Box Monitor\FRITZBoxMonitor.exe (AVM Berlin) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin) PRC - C:\Programme\FRITZ!DSL\FwebProt.exe (AVM Berlin) PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Programme\FRITZ!DSL\FritzDsl.exe (AVM Berlin) PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) PRC - C:\Programme\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe () PRC - C:\Programme\Microsoft Money\System\REMINDER.EXE (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b369565297de5b18e488962a43164f59\System.Transactions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\798504f7455735fbc9abe8d6ebe73f03\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4a249ccdc8817127b91bc36d1aa52b5e\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f58a8a55eda29b5a43af20c4568f7f91\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6ac6cab47b69e44769c726610e7f29bc\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\40569a773af7fcc0d27e7557898a74b7\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\e3cc2cbffd5fb21da64e93d9b6c27c7c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wkont13.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wfabu13.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\mshaktuell.exe () MOD - C:\Programme\WISO\Steuersoftware 2013\wmain13.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wimp13.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wfvie13.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\rsodbc48.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\rsdcom48.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\whau213.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wwerb13.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wbae413.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wbae113.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\whau113.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wbae313.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wbae213.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wgui13.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wreli13.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wcore13.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wsteu13.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\rsguiwinapi48.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\rscorewinapi48.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wauff13.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\clucene-core.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\clucene-contribs-lib.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\clucene-shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Data.SqlServerCe\3.5.1.0__89845dcd8080cc91\System.Data.SqlServerCe.dll () MOD - C:\Programme\1&1\1&1 EasyLogin\EasyLoginCrypt.dll () MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programme\ArcSoft\PhotoImpression 5\Share\PIHook.dll () ========== Services (SafeList) ========== SRV - (CLTNetCnService) -- File not found SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (RealNetworks Downloader Resolver Service) -- C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe () SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (serviceIEConfig) -- C:\Windows\System32\ieconfig_1und1_svc.exe () SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (Sony Ericsson PCCompanion) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software) SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe () SRV - (FreeAgentGoNext Service) -- C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC) SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (IGDCTRL) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (Remote UI Service) -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation) SRV - (MCLServiceATL) -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation) SRV - (ISSM) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe (Intel(R) Corporation) SRV - (AlertService) -- C:\Programme\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation) SRV - (DQLWinService) -- C:\Programme\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe () SRV - (M1 Server) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe () SRV - (IntelDHSvcConf) -- C:\Programme\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe (Intel(R) Corporation) ========== Driver Services (SafeList) ========== DRV - (PcdrNdisuio) -- system32\DRIVERS\pcdrndisuio.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (s116unic) -- C:\Windows\System32\drivers\s116unic.sys (MCCI Corporation) DRV - (s116obex) -- C:\Windows\System32\drivers\s116obex.sys (MCCI Corporation) DRV - (s116nd5) -- C:\Windows\System32\drivers\s116nd5.sys (MCCI Corporation) DRV - (s116mgmt) -- C:\Windows\System32\drivers\s116mgmt.sys (MCCI Corporation) DRV - (s116mdm) -- C:\Windows\System32\drivers\s116mdm.sys (MCCI Corporation) DRV - (s116mdfl) -- C:\Windows\System32\drivers\s116mdfl.sys (MCCI Corporation) DRV - (s116bus) -- C:\Windows\System32\drivers\s116bus.sys (MCCI Corporation) DRV - (TSHWMDTCP) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys () DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) DRV - (OVT511Plus) -- C:\Windows\System32\drivers\omcamvid.sys (OmniVision Technologies, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{D3844177-53F9-4AFB-BA06-F7800FDC1EB4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2962811509-3781454280-90558866-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-2962811509-3781454280-90558866-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2962811509-3781454280-90558866-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2962811509-3781454280-90558866-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2962811509-3781454280-90558866-1001\..\SearchScopes\{39C439B0-23AC-4372-9A43-81B577F16510}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms} IE - HKU\S-1-5-21-2962811509-3781454280-90558866-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2962811509-3781454280-90558866-1001\..\SearchScopes\{B9A020A0-1408-4A72-9C2F-5882ABBDB355}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms} IE - HKU\S-1-5-21-2962811509-3781454280-90558866-1001\..\SearchScopes\{D3844177-53F9-4AFB-BA06-F7800FDC1EB4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 IE - HKU\S-1-5-21-2962811509-3781454280-90558866-1001\..\SearchScopes\{DD9EA294-F754-4A74-B75E-7B5FDF70F2C2}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms} IE - HKU\S-1-5-21-2962811509-3781454280-90558866-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2962811509-3781454280-90558866-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-2962811509-3781454280-90558866-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=Pavilion&pf=desktop IE - HKU\S-1-5-21-2962811509-3781454280-90558866-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=Pavilion&pf=desktop IE - HKU\S-1-5-21-2962811509-3781454280-90558866-1003\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.6.4 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.17 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.07.14 08:37:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.07.02 21:55:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.07.14 08:36:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.07.02 21:55:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.07.14 08:36:55 | 000,000,000 | ---D | M] [2010.01.06 23:37:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rolf\AppData\Roaming\mozilla\Extensions [2013.07.29 17:54:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rolf\AppData\Roaming\mozilla\Firefox\Profiles\f8w0ilec.default\extensions [2010.07.18 09:41:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Rolf\AppData\Roaming\mozilla\Firefox\Profiles\f8w0ilec.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.07.21 18:56:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Rolf\AppData\Roaming\mozilla\Firefox\Profiles\f8w0ilec.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.07.20 10:34:13 | 000,621,019 | ---- | M] () (No name found) -- C:\Users\Rolf\AppData\Roaming\mozilla\firefox\profiles\f8w0ilec.default\extensions\toolbar@web.de.xpi [2013.07.20 10:35:05 | 000,001,050 | ---- | M] () -- C:\Users\Rolf\AppData\Roaming\mozilla\firefox\profiles\f8w0ilec.default\searchplugins\11-suche-1.xml [2013.07.20 10:35:05 | 000,002,418 | ---- | M] () -- C:\Users\Rolf\AppData\Roaming\mozilla\firefox\profiles\f8w0ilec.default\searchplugins\englische-ergebnisse-1.xml [2013.05.26 13:53:07 | 000,002,418 | ---- | M] () -- C:\Users\Rolf\AppData\Roaming\mozilla\firefox\profiles\f8w0ilec.default\searchplugins\englische-ergebnisse.xml [2013.07.20 10:35:05 | 000,010,701 | ---- | M] () -- C:\Users\Rolf\AppData\Roaming\mozilla\firefox\profiles\f8w0ilec.default\searchplugins\gmx-suche-1.xml [2013.05.26 13:53:07 | 000,010,701 | ---- | M] () -- C:\Users\Rolf\AppData\Roaming\mozilla\firefox\profiles\f8w0ilec.default\searchplugins\gmx-suche.xml [2013.07.20 10:35:05 | 000,002,432 | ---- | M] () -- C:\Users\Rolf\AppData\Roaming\mozilla\firefox\profiles\f8w0ilec.default\searchplugins\lastminute-1.xml [2013.05.26 13:53:07 | 000,002,432 | ---- | M] () -- C:\Users\Rolf\AppData\Roaming\mozilla\firefox\profiles\f8w0ilec.default\searchplugins\lastminute.xml [2013.07.20 10:35:05 | 000,005,682 | ---- | M] () -- C:\Users\Rolf\AppData\Roaming\mozilla\firefox\profiles\f8w0ilec.default\searchplugins\webde-suche-1.xml [2013.05.26 13:53:07 | 000,005,682 | ---- | M] () -- C:\Users\Rolf\AppData\Roaming\mozilla\firefox\profiles\f8w0ilec.default\searchplugins\webde-suche.xml [2013.07.02 21:55:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.07.02 21:55:50 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.07.14 08:36:41 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: RealDownloader = C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (1&&1 Internet AG Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKU\S-1-5-21-2962811509-3781454280-90558866-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMFBoxMonitor] C:\Program Files\FRITZ!Box Monitor\FRITZBoxMonitor.exe (AVM Berlin) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [CCUTRAYICON] FactoryMode File not found O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2962811509-3781454280-90558866-1001..\Run: [1&1 EasyLogin] C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe (1&1 Internet AG) O4 - HKU\S-1-5-21-2962811509-3781454280-90558866-1001..\Run: [Reminder] C:\Programme\Microsoft Money\System\REMINDER.EXE (Microsoft Corporation) O4 - HKU\S-1-5-21-2962811509-3781454280-90558866-1001..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson) O4 - HKU\S-1-5-21-2962811509-3781454280-90558866-1001..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2962811509-3781454280-90558866-1003..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk = C:\Programme\FRITZ!DSL\FritzDsl.exe (AVM Berlin) O4 - Startup: C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe (AVM Berlin) O4 - Startup: C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin) O4 - Startup: C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 10.13.2) O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62978D89-AA6C-46B1-81DE-73A4D305E983}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\clouds.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\clouds.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{6ef1d6fe-954e-11de-86ae-001a921022c7}\Shell - "" = AutoRun O33 - MountPoints2\{6ef1d6fe-954e-11de-86ae-001a921022c7}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{d01b34d1-17a9-11dd-9e6c-001a921022c7}\Shell - "" = AutoRun O33 - MountPoints2\{d01b34d1-17a9-11dd-9e6c-001a921022c7}\Shell\AutoRun\command - "" = H:\laucher.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.07.29 18:30:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rolf\Desktop\OTL.exe [2013.07.29 17:52:41 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.07.29 17:50:10 | 000,562,353 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Rolf\Desktop\JRT.exe [2013.07.26 21:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.07.26 21:31:52 | 000,000,000 | ---D | C] -- C:\Users\Rolf\Desktop\mbar-1.06.0.1004 [2013.07.26 19:57:45 | 000,000,000 | ---D | C] -- C:\FRST [2013.07.26 19:55:55 | 001,220,112 | ---- | C] (Farbar) -- C:\Users\Rolf\Desktop\FRST.exe [2013.07.26 19:18:03 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.07.14 08:38:02 | 000,000,000 | ---D | C] -- C:\Users\Rolf\AppData\Roaming\RealNetworks [2013.07.14 08:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks [2013.07.14 08:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks [2013.07.14 08:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared [2013.07.14 08:36:55 | 000,201,872 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll [2013.07.14 08:36:39 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll [2013.07.14 08:36:39 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll [2013.07.14 08:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks [2013.07.10 22:59:57 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.07.10 22:59:56 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.07.10 22:59:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.07.10 22:59:56 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.07.10 22:59:56 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.07.10 22:59:55 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.07.10 22:59:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.07.10 22:59:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.07.10 21:49:59 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.07.10 21:49:45 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013.07.10 21:49:45 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013.07.10 21:49:45 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013.07.10 21:49:45 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013.07.10 21:49:44 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013.07.10 21:49:44 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013.07.10 21:49:44 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013.07.10 21:49:44 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013.07.10 21:49:43 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL [2013.07.10 21:49:43 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll [2013.07.02 21:55:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2009.11.28 16:12:59 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe3ACE.dll ========== Files - Modified Within 30 Days ========== [2013.07.29 18:30:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rolf\Desktop\OTL.exe [2013.07.29 18:21:32 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.29 18:21:27 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.29 18:21:27 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.29 18:21:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.29 18:21:16 | 3219,611,648 | -HS- | M] () -- C:\hiberfil.sys [2013.07.29 18:19:57 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.07.29 18:19:05 | 000,000,104 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.07.29 18:14:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.29 17:51:12 | 000,666,633 | ---- | M] () -- C:\Users\Rolf\Desktop\adwcleaner.exe [2013.07.29 17:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.29 17:50:10 | 000,562,353 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Rolf\Desktop\JRT.exe [2013.07.29 17:48:26 | 010,648,480 | R--- | M] () -- C:\Users\Rolf\Documents\Meine Finanzen Sicherungskopie070507.mbf [2013.07.26 20:56:22 | 013,399,154 | ---- | M] () -- C:\Users\Rolf\Desktop\mbar-1.06.0.1004.zip [2013.07.26 20:52:07 | 000,377,856 | ---- | M] () -- C:\Users\Rolf\Desktop\gmer_2.1.19163.exe [2013.07.26 20:49:03 | 000,332,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.07.26 20:24:03 | 000,001,356 | ---- | M] () -- C:\Users\Rolf\AppData\Local\d3d9caps.dat [2013.07.26 19:55:56 | 001,220,112 | ---- | M] (Farbar) -- C:\Users\Rolf\Desktop\FRST.exe [2013.07.14 08:37:30 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2013.07.14 08:36:55 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll [2013.07.14 08:36:39 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll [2013.07.14 08:36:39 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll [2013.07.14 08:36:38 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll [2013.07.14 08:27:39 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.07.10 23:07:25 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.07.10 23:07:25 | 000,596,036 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.07.10 23:07:25 | 000,126,292 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.07.10 23:07:25 | 000,104,110 | ---- | M] () -- C:\Windows\System32\perfc009.dat ========== Files Created - No Company Name ========== [2013.07.29 18:17:55 | 000,000,104 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.07.29 17:51:11 | 000,666,633 | ---- | C] () -- C:\Users\Rolf\Desktop\adwcleaner.exe [2013.07.26 20:58:46 | 000,002,265 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk [2013.07.26 20:58:46 | 000,001,913 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.07.26 20:58:46 | 000,001,910 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2013.07.26 20:58:46 | 000,001,159 | ---- | C] () -- C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2013.07.26 20:58:46 | 000,001,033 | ---- | C] () -- C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk [2013.07.26 20:58:46 | 000,000,941 | ---- | C] () -- C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk [2013.07.26 20:58:46 | 000,000,851 | ---- | C] () -- C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk [2013.07.26 20:56:09 | 013,399,154 | ---- | C] () -- C:\Users\Rolf\Desktop\mbar-1.06.0.1004.zip [2013.07.26 20:52:07 | 000,377,856 | ---- | C] () -- C:\Users\Rolf\Desktop\gmer_2.1.19163.exe [2013.07.26 20:48:49 | 3219,611,648 | -HS- | C] () -- C:\hiberfil.sys [2013.07.14 08:37:30 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2012.09.11 08:19:02 | 001,053,848 | ---- | C] () -- C:\Windows\System32\ieconfig_1und1_svc.exe [2012.01.07 18:12:27 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2012.01.07 18:12:27 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2012.01.07 18:12:27 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2012.01.07 18:12:27 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2012.01.07 18:12:27 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2012.01.07 18:12:27 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2012.01.07 18:12:27 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2012.01.07 18:12:27 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2012.01.07 18:12:27 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2012.01.07 18:12:26 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2012.01.07 18:12:26 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2012.01.07 18:12:26 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2012.01.07 18:12:26 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2012.01.07 18:12:26 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2012.01.07 18:12:26 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2012.01.07 18:12:26 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2012.01.07 18:12:26 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2012.01.07 18:12:26 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2012.01.07 18:12:26 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2010.06.04 21:14:49 | 000,001,356 | ---- | C] () -- C:\Users\Rolf\AppData\Local\d3d9caps.dat [2009.08.30 12:22:35 | 000,000,054 | ---- | C] () -- C:\Users\Rolf\AppData\Roaming\wklnhst.dat [2008.10.28 22:55:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.10.19 12:58:48 | 001,456,640 | ---- | C] () -- C:\Program Files\Common Files\Falk Navi-Manager.msi [2007.10.07 18:36:02 | 000,023,888 | ---- | C] () -- C:\Users\Rolf\AppData\Roaming\UserTile.png [2007.09.23 23:33:19 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.07.21 20:13:34 | 000,050,176 | ---- | C] () -- C:\Users\Rolf\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > |
|
| Themen zu PC heute mit Trojaner infiziert PC geblockt |
| admin, anderen, appdata, bild, browser, computer, eingestellt, einzelner, fehlermeldung, forum, geblockt, heute, icon, infiziert, java, java update, laufwerke, nicht mehr, rechner, scan, temp, trojaner, update, virus, windows |
Linear-Darstellung
