|
Plagegeister aller Art und deren Bekämpfung: Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen TabWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
02.10.2013, 17:15 | #1 |
| Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab Hallo, gestern Abend wollte ich mir das Fußballspiel Dortmund : Marseille anschauen. Der Livestream startete nicht sofort... man mußte zunächst ein Programm installieren. Das habe ich getan und das war wohl ein Fehler Wenn ich nun in Firefox einen neuen Tab öffne, erscheint immer die folgende Seite: hxxp://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx --> komisch... das "hxxp://" sehe ich jetzt erst, wo ich den Link hier rein kopiert habe ;-) Ich habe zwar hier im Forum schon darüber gelesen, aber auch, dass man besser nichts alleine unternehmen soll. Leider habe ich das zu spät gelesen und habe schon ein paar Dinge durchgeführt. Auch habe ich schon mal die entsprechende Toolbar deinstalliert. Hier die durchgeführten Codes: 1) ADW-Cleaner: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.006 - Bericht erstellt am 01/10/2013 um 21:35:06 # Updated 01/10/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Ingo - INGOS-LAPTOP # Gestartet von : C:\Users\Ingo\Desktop\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\apn Ordner Gelöscht : C:\Program Files (x86)\Conduit Ordner Gelöscht : C:\Program Files (x86)\HDvidCodec.com Ordner Gelöscht : C:\Program Files (x86)\IminentToolbar Ordner Gelöscht : C:\Program Files (x86)\Mein Gutscheincode Finder Ordner Gelöscht : C:\Program Files (x86)\Plus-HD-2.2 [x] Nicht Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB Ordner Gelöscht : C:\Program Files (x86)\Common Files\Umbrella Ordner Gelöscht : C:\Users\Ingo\AppData\Local\PackageAware Ordner Gelöscht : C:\Users\Ingo\AppData\Local\Temp\apn Ordner Gelöscht : C:\Users\Ingo\AppData\LocalLow\AskToolbar Ordner Gelöscht : C:\Users\Ingo\AppData\LocalLow\Conduit Ordner Gelöscht : C:\Users\Ingo\AppData\LocalLow\pdfforge Ordner Gelöscht : C:\Users\Ingo\AppData\LocalLow\PriceGong [x] Nicht Gelöscht : C:\Users\Ingo\AppData\Roaming\dvdvideosoftiehelpers Ordner Gelöscht : C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDvidCodec.com Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Temp\boost_interprocess Ordner Gelöscht : C:\Users\Gast\AppData\Local\Temp\boost_interprocess Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\Conduit Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\pdfforge Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\PriceGong Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\Search Settings Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\softonic-de3 Ordner Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\e52n97zr.default\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07} Ordner Gelöscht : C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\lo97a2qd.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C} Ordner Gelöscht : C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\lo97a2qd.default\Extensions\{C50CA3C4-5656-43C2-A061-13E717F73FC8} Ordner Gelöscht : C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk Datei Gelöscht : C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\foxydeal.sqlite Datei Gelöscht : C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\searchplugins\Askcom.xml Datei Gelöscht : C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\searchplugins\ask-search.xml Datei Gelöscht : C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\lo97a2qd.default\searchplugins\Babylon.xml Datei Gelöscht : C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\searchplugins\Babylon.xml Datei Gelöscht : C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\searchplugins\Conduit.xml Datei Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\e52n97zr.default\searchplugins\icqplugin.xml Datei Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\e52n97zr.default\searchplugins\icqplugin-1.xml Datei Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\e52n97zr.default\searchplugins\icqplugin-2.xml Datei Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\e52n97zr.default\searchplugins\icqplugin-3.xml Datei Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\e52n97zr.default\searchplugins\icqplugin-4.xml Datei Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\e52n97zr.default\searchplugins\icqplugin-5.xml Datei Gelöscht : C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\searchplugins\iminent.xml Datei Gelöscht : C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\lo97a2qd.default\user.js Datei Gelöscht : C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\user.js Datei Gelöscht : C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage Datei Gelöscht : C:\Windows\Tasks\Plus-HD-2.2-chromeinstaller.job Datei Gelöscht : C:\Windows\System32\Tasks\Plus-HD-2.2-chromeinstaller Datei Gelöscht : C:\Windows\Tasks\Plus-HD-2.2-codedownloader.job Datei Gelöscht : C:\Windows\System32\Tasks\Plus-HD-2.2-codedownloader Datei Gelöscht : C:\Windows\Tasks\Plus-HD-2.2-enabler.job Datei Gelöscht : C:\Windows\System32\Tasks\Plus-HD-2.2-enabler Datei Gelöscht : C:\Windows\Tasks\Plus-HD-2.2-firefoxinstaller.job Datei Gelöscht : C:\Windows\System32\Tasks\Plus-HD-2.2-firefoxinstaller Datei Gelöscht : C:\Windows\Tasks\Plus-HD-2.2-updater.job Datei Gelöscht : C:\Windows\System32\Tasks\Plus-HD-2.2-updater ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader94947_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader94947_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_artweaver-plus_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_artweaver-plus_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-cd-ripper_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-cd-ripper_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gimp_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gimp_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_phpmyadmin_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_phpmyadmin_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_radiojack_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_radiojack_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_slimdrivers_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_slimdrivers_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796} Schlüssel Gelöscht : HKCU\Software\1ClickDownload Schlüssel Gelöscht : HKCU\Software\APN PIP Schlüssel Gelöscht : HKCU\Software\Conduit Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Plus-HD-2.2 Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong Schlüssel Gelöscht : HKLM\Software\Conduit Schlüssel Gelöscht : HKLM\Software\PIP Schlüssel Gelöscht : HKLM\Software\TENCENT Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP ***** [ Browser ] ***** -\\ Internet Explorer v10.0.9200.16686 -\\ Mozilla Firefox v24.0 (de) [ Datei : C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\eok8o42u.Websitebaker\prefs.js ] [ Datei : C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\l3vxubqb.WB\prefs.js ] [ Datei : C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\lo97a2qd.default\prefs.js ] Zeile gelöscht : user_pref("pttl.menu-search-groups-tab", false); Zeile gelöscht : user_pref("pttl.menu-search-groups-win", false); Zeile gelöscht : user_pref("quickstores.toolbar.affid", "2003"); Zeile gelöscht : user_pref("quickstores.toolbar.guid", "{C88C2B10-BAB9-A4D8-68D5-6ACB9CA5A605}"); [ Datei : C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\prefs.js ] Zeile gelöscht : user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Zeile gelöscht : user_pref("CT2431245.CTID", "CT2431245"); Zeile gelöscht : user_pref("CT2431245.CurrentServerDate", "24-9-2010"); Zeile gelöscht : user_pref("CT2431245.DialogsAlignMode", "LTR"); Zeile gelöscht : user_pref("CT2431245.DownloadReferralCookieData", ""); Zeile gelöscht : user_pref("CT2431245.EMailNotifierPollDate", "Fri Sep 24 2010 20:20:08 GMT+0200"); Zeile gelöscht : user_pref("CT2431245.FeedLastCount129009402595187825", 496); Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634014180506963", "Fri Sep 24 2010 20:20:11 GMT+0200"); Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634014269327586", "Fri Sep 24 2010 20:20:09 GMT+0200"); Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634014329599698", "Fri Sep 24 2010 20:20:09 GMT+0200"); Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634014537505092", "Fri Sep 24 2010 20:20:09 GMT+0200"); Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634014970726540", "Fri Sep 24 2010 20:20:09 GMT+0200"); Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634015410831318", "Fri Sep 24 2010 20:20:11 GMT+0200"); Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634015483395460", "Fri Sep 24 2010 20:20:10 GMT+0200"); Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634015636754705", "Fri Sep 24 2010 20:20:10 GMT+0200"); Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634015768347545", "Fri Sep 24 2010 20:20:10 GMT+0200"); Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634015855543602", "Fri Sep 24 2010 20:20:09 GMT+0200"); Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634016030710453", "Fri Sep 24 2010 20:20:09 GMT+0200"); Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634016114705611", "Fri Sep 24 2010 20:20:11 GMT+0200"); Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634016129205152", "Fri Sep 24 2010 20:20:11 GMT+0200"); Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634016143724791", "Fri Sep 24 2010 20:20:11 GMT+0200"); Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634016271239162", "Fri Sep 24 2010 20:20:11 GMT+0200"); Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634016568520719", "Fri Sep 24 2010 20:20:10 GMT+0200"); Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634016726993788", "Fri Sep 24 2010 20:20:09 GMT+0200"); Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634017109031809", "Fri Sep 24 2010 20:20:10 GMT+0200"); Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634017132743740", "Fri Sep 24 2010 20:20:10 GMT+0200"); Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634017299547668", "Fri Sep 24 2010 20:20:11 GMT+0200"); Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634017302327846", "Fri Sep 24 2010 20:20:10 GMT+0200"); Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634017344111490", "Fri Sep 24 2010 20:20:09 GMT+0200"); Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634017478360748", "Fri Sep 24 2010 20:20:12 GMT+0200"); Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634017732797593", "Fri Sep 24 2010 20:20:09 GMT+0200"); Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634017821686064", "Fri Sep 24 2010 20:20:11 GMT+0200"); Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634018090228721", "Fri Sep 24 2010 20:20:11 GMT+0200"); Zeile gelöscht : user_pref("CT2431245.FeedTTL7470634014269327586", 5); Zeile gelöscht : user_pref("CT2431245.FeedTTL7470634014537505092", 5); Zeile gelöscht : user_pref("CT2431245.FeedTTL7470634014970726540", 2); Zeile gelöscht : user_pref("CT2431245.FeedTTL7470634015636754705", 5); Zeile gelöscht : user_pref("CT2431245.FeedTTL7470634016568520719", 30); Zeile gelöscht : user_pref("CT2431245.FirstServerDate", "24-9-2010"); Zeile gelöscht : user_pref("CT2431245.FirstTime", true); Zeile gelöscht : user_pref("CT2431245.FirstTimeFF3", true); Zeile gelöscht : user_pref("CT2431245.FirstTimeSettingsDone", true); Zeile gelöscht : user_pref("CT2431245.FixPageNotFoundErrors", true); Zeile gelöscht : user_pref("CT2431245.GroupingServerCheckInterval", 1440); Zeile gelöscht : user_pref("CT2431245.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Zeile gelöscht : user_pref("CT2431245.Initialize", true); Zeile gelöscht : user_pref("CT2431245.InitializeCommonPrefs", true); Zeile gelöscht : user_pref("CT2431245.InstallationAndCookieDataSentCount", 1); Zeile gelöscht : user_pref("CT2431245.InstallationType", "UnknownIntegration"); Zeile gelöscht : user_pref("CT2431245.InstalledDate", "Fri Sep 24 2010 20:20:08 GMT+0200"); Zeile gelöscht : user_pref("CT2431245.InvalidateCache", false); Zeile gelöscht : user_pref("CT2431245.IsGrouping", false); Zeile gelöscht : user_pref("CT2431245.IsMulticommunity", false); Zeile gelöscht : user_pref("CT2431245.IsOpenThankYouPage", false); Zeile gelöscht : user_pref("CT2431245.IsOpenUninstallPage", true); Zeile gelöscht : user_pref("CT2431245.LanguagePackLastCheckTime", "Fri Sep 24 2010 20:20:10 GMT+0200"); Zeile gelöscht : user_pref("CT2431245.LanguagePackReloadIntervalMM", 1440); Zeile gelöscht : user_pref("CT2431245.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx"); Zeile gelöscht : user_pref("CT2431245.LastLogin_2.7.1.3", "Fri Sep 24 2010 20:20:10 GMT+0200"); Zeile gelöscht : user_pref("CT2431245.LatestVersion", "2.7.2.0"); Zeile gelöscht : user_pref("CT2431245.Locale", "de-de"); Zeile gelöscht : user_pref("CT2431245.LoginCache", 4); Zeile gelöscht : user_pref("CT2431245.MCDetectTooltipHeight", "83"); Zeile gelöscht : user_pref("CT2431245.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Zeile gelöscht : user_pref("CT2431245.MCDetectTooltipWidth", "295"); Zeile gelöscht : user_pref("CT2431245.RadioIsPodcast", false); Zeile gelöscht : user_pref("CT2431245.RadioLastCheckTime", "Fri Sep 24 2010 20:20:11 GMT+0200"); Zeile gelöscht : user_pref("CT2431245.RadioLastUpdateIPServer", "3"); Zeile gelöscht : user_pref("CT2431245.RadioLastUpdateServer", "129167771525870000"); Zeile gelöscht : user_pref("CT2431245.RadioMediaID", "20503672"); Zeile gelöscht : user_pref("CT2431245.RadioMediaType", "Media Player"); Zeile gelöscht : user_pref("CT2431245.RadioMenuSelectedID", "EBRadioMenu_CT243124520503672"); Zeile gelöscht : user_pref("CT2431245.RadioStationName", "Team%20Radio%20Deutschland"); Zeile gelöscht : user_pref("CT2431245.RadioStationURL", "hxxp://trd.stream.w-u-s.org:6666/dsl.m3u"); Zeile gelöscht : user_pref("CT2431245.SavedHomepage", "hxxp://www.google.de/ig?hl=de&source=iglk"); Zeile gelöscht : user_pref("CT2431245.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2431245&octid=EB_ORIGINAL_CTID&SearchSource=1"); Zeile gelöscht : user_pref("CT2431245.SearchFromAddressBarIsInit", true); Zeile gelöscht : user_pref("CT2431245.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q="); Zeile gelöscht : user_pref("CT2431245.SearchInNewTabEnabled", true); Zeile gelöscht : user_pref("CT2431245.SearchInNewTabIntervalMM", 1440); Zeile gelöscht : user_pref("CT2431245.SearchInNewTabLastCheckTime", "Fri Sep 24 2010 20:20:10 GMT+0200"); Zeile gelöscht : user_pref("CT2431245.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"); Zeile gelöscht : user_pref("CT2431245.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID"); Zeile gelöscht : user_pref("CT2431245.SettingsCheckIntervalMin", 120); Zeile gelöscht : user_pref("CT2431245.SettingsLastCheckTime", "Fri Sep 24 2010 20:20:07 GMT+0200"); Zeile gelöscht : user_pref("CT2431245.SettingsLastUpdate", "1284303435"); Zeile gelöscht : user_pref("CT2431245.ThirdPartyComponentsInterval", 504); Zeile gelöscht : user_pref("CT2431245.ThirdPartyComponentsLastCheck", "Fri Sep 24 2010 20:20:06 GMT+0200"); Zeile gelöscht : user_pref("CT2431245.ThirdPartyComponentsLastUpdate", "1255348257"); Zeile gelöscht : user_pref("CT2431245.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112"); Zeile gelöscht : user_pref("CT2431245.UserID", "UN63168868325081721"); Zeile gelöscht : user_pref("CT2431245.WeatherNetwork", ""); Zeile gelöscht : user_pref("CT2431245.WeatherPollDate", "Fri Sep 24 2010 20:20:10 GMT+0200"); Zeile gelöscht : user_pref("CT2431245.WeatherUnit", "C"); Zeile gelöscht : user_pref("CT2431245.alertChannelId", "825452"); Zeile gelöscht : user_pref("CT2431245.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E"); Zeile gelöscht : user_pref("CT2431245.clientLogIsEnabled", false); Zeile gelöscht : user_pref("CT2431245.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"); Zeile gelöscht : user_pref("CT2431245.myStuffEnabled", true); Zeile gelöscht : user_pref("CT2431245.myStuffPublihserMinWidth", 400); Zeile gelöscht : user_pref("CT2431245.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"); Zeile gelöscht : user_pref("CT2431245.myStuffServiceIntervalMM", 1440); Zeile gelöscht : user_pref("CT2431245.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT"); Zeile gelöscht : user_pref("CT2431245.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"); Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"803651ba7facb1:0\""); Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"07b2625f8cb1:0\""); Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000"); Zeile gelöscht : user_pref("CommunityToolbar.EngineHiddenByUser", true); Zeile gelöscht : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine"); Zeile gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com"); Zeile gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine"); Zeile gelöscht : user_pref("CommunityToolbar.IsEngineShown", false); Zeile gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", ""); Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", ""); Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", ""); Zeile gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=slv5-ab-&p="); Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2431245"); Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2431245"); Zeile gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun May 01 2011 21:07:04 GMT+0200"); Zeile gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Zeile gelöscht : user_pref("CommunityToolbar.alert.locale", "en"); Zeile gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Zeile gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun May 01 2011 21:07:01 GMT+0200"); Zeile gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1303303927"); Zeile gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Zeile gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Zeile gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false); Zeile gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Zeile gelöscht : user_pref("CommunityToolbar.alert.userId", "0f96ce25-f01d-423e-8042-82fdc3aebda6"); Zeile gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Sep 24 2010 20:20:10 GMT+0200"); Zeile gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Zeile gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Zeile gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2431245"); Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "softonic-de3 Customized Web Search"); Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"); Zeile gelöscht : user_pref("extensions.toolbar@ask.com.install-event-fired", true); Zeile gelöscht : user_pref("extensions.toolbar_CME-V7@apn.ask.com.install-event-fired", true); Zeile gelöscht : user_pref("extensions.tweaktube.addit.remoteInstallItems", "{ \"software\": {\"13\": {\"id\": \"13\",\"title\": \"PriceGong\",\"type\": \"XPI\",\"url\": \"hxxps://www.softpublisher.com/downloads/price[...] Zeile gelöscht : user_pref("extensions.vshare@toolbar.update.enabled", false); Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...] Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*"); Zeile gelöscht : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}"); Zeile gelöscht : user_pref("pttl.menu-search-groups-tab", false); Zeile gelöscht : user_pref("pttl.menu-search-groups-win", false); Zeile gelöscht : user_pref("quickstores.toolbar.affid", "2003"); Zeile gelöscht : user_pref("quickstores.toolbar.guid", "{C88C2B10-BAB9-A4D8-68D5-6ACB9CA5A605}"); [ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\e52n97zr.default\prefs.js ] Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...] Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*"); Zeile gelöscht : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}"); Zeile gelöscht : user_pref("icqtoolbar.allowSendURL", false); Zeile gelöscht : user_pref("icqtoolbar.engineVerified", false); Zeile gelöscht : user_pref("icqtoolbar.geolastmodified", 1309511571); Zeile gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options"); Zeile gelöscht : user_pref("icqtoolbar.history", "bmw%20enduro||bmw%20motorrad%20cross||tr||eigene%20fritzbox%20webadresse||fritzbox%20seite%20webadresse||fritzbox%20seite%20%20webadresse||fritzbox%20seite%20adresse||[...] Zeile gelöscht : user_pref("icqtoolbar.icqgeo", 49); Zeile gelöscht : user_pref("icqtoolbar.installTime", "1309162272"); Zeile gelöscht : user_pref("icqtoolbar.installsource", "1"); Zeile gelöscht : user_pref("icqtoolbar.newtab_state", "1"); Zeile gelöscht : user_pref("icqtoolbar.numberOfSearches", 0); Zeile gelöscht : user_pref("icqtoolbar.previousFFVersion", "5.0"); Zeile gelöscht : user_pref("icqtoolbar.skip_default_search", "no"); Zeile gelöscht : user_pref("icqtoolbar.suggestions", false); Zeile gelöscht : user_pref("icqtoolbar.uniqueID", "128905353312890534951294237825028"); Zeile gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1309511574); Zeile gelöscht : user_pref("icqtoolbar.version", "1.2.6"); Zeile gelöscht : user_pref("icqtoolbar.voucherHideClicks", 0); Zeile gelöscht : user_pref("icqtoolbar.voucherMoreLinkClicks", 0); Zeile gelöscht : user_pref("icqtoolbar.voucherRedeemClicks", 0); Zeile gelöscht : user_pref("icqtoolbar.voucherWasShown", 0); Zeile gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false); Zeile gelöscht : user_pref("icqtoolbar.xmlLanguage", "de"); Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q="); -\\ Google Chrome v [ Datei : C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [33576 octets] - [01/10/2013 21:15:36] AdwCleaner[S0].txt - [32276 octets] - [01/10/2013 21:35:06] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [32337 octets] ########## 2. dds.txt DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16686 BrowserJavaVersion: 10.25.2 Run by Ingo at 22:38:09 on 2013-10-01 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4063.1967 [GMT 2:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\PROGRAM FILES\IDT\WDM\STACSV64.EXE C:\Windows\system32\AUDIODG.EXE C:\Windows\system32\svchost.exe -k NetworkService C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVXDSYNC.EXE C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\Avast5\AvastSvc.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe C:\PROGRAM FILES\IDT\WDM\AESTSR64.EXE C:\Program Files (x86)\Backup Service Home 3\BSHService.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe F:\DHCP-Server\dhcpsrv.exe C:\PROGRAM FILES\INTEL\WIFI\BIN\EVTENG.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files (x86)\Avast5\AvastUI.exe C:\Windows\SysWOW64\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Windows\SysWOW64\NlsSrv32.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe D:\programme\maxdome\DCBin\DCService.exe C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\REGSRVC.EXE C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe D:\Programme\Secunia\PSI\PSIA.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\system32\SearchIndexer.exe D:\Programme\System Explorer\service\SystemExplorerService64.exe D:\Programme\Secunia\PSI\sua.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\explorer.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxps://www.google.de/ mWinlogon: Userinit = userinit.exe, BHO: {11111111-1111-1111-1111-110311301136} - <orphaned> BHO: {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - <orphaned> BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - <orphaned> BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files (x86)\Avast5\aswWebRepIE.dll BHO: Windows Live Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} - <orphaned> TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files (x86)\Avast5\aswWebRepIE.dll uRun: [clipdiary] D:\Programme\Clipdiary\clipdiary.exe uRun: [MWSnap] "C:\Program Files (x86)\MWSnap\MWSnap.exe" uRun: [DeskSave] D:\Programme\Desksave\DeskSave.exe uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" uRun: [PureSync] "C:\Program Files (x86)\PureSync\PureSyncTray.exe" uRun: [SystemExplorerAutoStart] "D:\Programme\System Explorer\SystemExplorer.exe" /TRAY mRun: [AdressLittle] D:\Programme\Adress Little 2.0\ageb.exe /geb mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe mRun: [avast] "C:\Program Files (x86)\Avast5\avastUI.exe" /nogui mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload StartupFolder: C:\Users\Ingo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PERSBA~1.LNK - D:\Programme\Personal Backup 5\Persbackup.exe StartupFolder: C:\Users\Ingo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SYSTEM~1\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE StartupFolder: C:\Users\Ingo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SYSTEM~1\SYSTEM~1.LNK - D:\Programme\System Explorer\SystemExplorer.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - D:\Programme\Secunia\PSI\psi_tray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 mPolicies-System: HideFastUserSwitching = dword:0 IE: add to &BOM - D:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta IE: An OneNote s&enden - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 IE: Free YouTube Download - C:\Users\Ingo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm IE: Free YouTube to Mp3 Converter - C:\Users\Ingo\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.178.1 TCP: Interfaces\{27B2EBF4-4FE1-4E15-85D3-A92B7F9110BF} : NameServer = 192.168.178.1 TCP: Interfaces\{F0DE66A5-7F08-4BB9-B55E-D34FE758B7CE} : DHCPNameServer = 192.168.178.1 TCP: Interfaces\{F0DE66A5-7F08-4BB9-B55E-D34FE758B7CE}\64259445A51224F6870273333303 : DHCPNameServer = 192.168.178.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll SEH: UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Plus-HD-2.2: {11111111-1111-1111-1111-110311301136} - x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files (x86)\Avast5\aswWebRepIE64.dll x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-BHO: ExplorerWatcher Class: {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} - d:\Programme\Clover\TabHelper64.dll x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files (x86)\Avast5\aswWebRepIE64.dll x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\ FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ FF - component: C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll FF - component: C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\extensions\fb_add_on@avm.de\components\FB_AddOn.dll FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Ingo\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll FF - plugin: C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - plugin: D:\Programme\Foxit Reader\plugins\npfoxitpdf.dll FF - plugin: D:\Programme\Foxit Reader\plugins\npFoxitReaderPlugin.dll . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-28 65336] R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-28 204880] R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-2-24 1030952] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-8-23 378944] R1 raddrvv3;raddrvv3;C:\Windows\SysWOW64\rserver30\raddrvv3.sys [2007-10-31 68632] R1 Uim_VIM;UIM Virtual Image Plugin;C:\Windows\System32\drivers\uim_vimx64.sys [2011-11-17 352816] R2 AAV UpdateService;AAV UpdateService;C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-9-8 89600] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-8-23 33400] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-8-23 80816] R2 avast! Antivirus;avast! Antivirus;C:\Program Files (x86)\Avast5\AvastSvc.exe [2013-10-1 46808] R2 Backup Service Home-Dienst;Backup Service Home-Dienst;C:\Program Files (x86)\Backup Service Home 3\BSHService.exe [2012-9-14 17920] R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648] R2 DHCPServer;DHCP Server;F:\DHCP-Server\dhcpsrv.exe [2011-11-21 106496] R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136] R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000] R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\System32\NlsSrv32.exe --> C:\Windows\System32\NlsSrv32.exe [?] R2 Prosieben;maxdome Download Manager;D:\Programme\maxdome\DCBin\DCService.exe [2009-5-1 77032] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-12 1153368] R2 Secunia PSI Agent;Secunia PSI Agent;D:\Programme\Secunia\PSI\PSIA.exe --start-service --> D:\Programme\Secunia\PSI\PSIA.exe --start-service [?] R2 Secunia Update Agent;Secunia Update Agent;D:\Programme\Secunia\PSI\sua.exe --start-service --> D:\Programme\Secunia\PSI\sua.exe --start-service [?] R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232] R3 mirrorv3;mirrorv3;C:\Windows\System32\drivers\rminiv3.sys [2007-8-17 5632] R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-8 533096] R3 SystemExplorerHelpService;System Explorer Service;D:\Programme\System Explorer\service\SystemExplorerService64.exe [2012-2-24 807896] S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848] S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864] S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;C:\Windows\System32\drivers\hcw95bda.sys [2012-3-22 658944] S3 hcw95rc;Hauppauge MOD7700 IR Driver;C:\Windows\System32\drivers\hcw95rc.sys [2012-3-22 19840] S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2013-3-5 327704] S3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2013-3-5 6379288] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240] S3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw1v64.sys [2009-10-15 7058432] S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392] S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368] S3 RServer3;Radmin Server V3;C:\Windows\SysWOW64\rserver30\rserver3.exe [2007-10-31 1246536] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-10-15 225280] S3 SamsungAllShareV2.0;Samsung AllShare PC;C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-3-2 25504] S3 SimpleSlideShowServer;SimpleSlideShowServer;C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-3-2 27584] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864] S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2011-9-8 15672] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-23 59392] S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-29 1255736] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120] . =============== File Associations =============== . FileExt: .txt: Applications\notepad++.exe="D:\Programme\Notepad++\notepad++.exe" "%1" [UserChoice] . =============== Created Last 30 ================ . 2013-10-01 19:54:50 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{05FF8AE9-4E04-4A59-8895-29D28278704A}\offreg.dll 2013-10-01 19:14:50 -------- d-----w- C:\AdwCleaner 2013-10-01 18:09:52 -------- d-----w- C:\Program Files (x86)\HDvid Codec V1 2013-10-01 17:30:08 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2013-10-01 17:04:46 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{05FF8AE9-4E04-4A59-8895-29D28278704A}\mpengine.dll 2013-09-11 18:22:48 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys 2013-09-11 18:19:59 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2013-09-11 18:17:44 3155456 ----a-w- C:\Windows\System32\win32k.sys . ==================== Find3M ==================== . 2013-10-01 17:29:44 973736 ----a-w- C:\Windows\System32\deployJava1.dll 2013-10-01 17:29:44 1095080 ----a-w- C:\Windows\System32\npDeployJava1.dll 2013-09-19 17:59:47 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-09-19 17:59:46 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-08-30 07:48:10 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2013-08-30 07:48:10 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys 2013-08-30 07:48:10 204880 ----a-w- C:\Windows\System32\drivers\aswVmm.sys 2013-08-30 07:48:10 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2013-08-30 07:48:09 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2013-08-30 07:47:40 41664 ----a-w- C:\Windows\avastSS.scr 2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll 2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-08-07 02:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll 2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll 2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll 2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll 2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe 2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe 2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL 2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll 2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll 2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll 2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll 2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll 2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll 2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2010-07-21 22:35:56 703352 ----a-w- C:\Program Files (x86)\autoruns.exe . ============= FINISH: 22:38:59,15 =============== 3. Attach.txt Code:
ATTFilter . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 23.08.2010 19:02:43 System Uptime: 01.10.2013 21:37:34 (1 hours ago) . Motherboard: Hewlett-Packard | | 306C Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz | CPU | 1188/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 125 GiB total, 51,636 GiB free. D: is FIXED (NTFS) - 88 GiB total, 78,121 GiB free. E: is CDROM () F: is FIXED (NTFS) - 20 GiB total, 6,969 GiB free. G: is FIXED (NTFS) - 37 GiB total, 11,365 GiB free. H: is FIXED (NTFS) - 15 GiB total, 7,923 GiB free. X: is FIXED (NTFS) - 13 GiB total, 2,129 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco Systems VPN Adapter for 64-bit Windows Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter for 64-bit Windows PNP Device ID: ROOT\NET\0000 Service: CVirtA . ==== System Restore Points =================== . RP599: 11.09.2013 20:09:23 - Windows Update RP600: 11.09.2013 22:19:55 - Windows Update RP601: 12.09.2013 22:17:50 - Windows Update RP602: 13.09.2013 20:32:20 - Windows Update RP603: 14.09.2013 10:15:55 - Windows Update RP604: 18.09.2013 18:49:07 - Windows Update RP605: 24.09.2013 18:11:08 - Windows Update RP606: 01.10.2013 19:01:51 - Windows Update RP607: 01.10.2013 19:29:11 - Installed Java 7 Update 40 (64-bit) RP608: 01.10.2013 20:15:35 - Revo Uninstaller's restore point - ffdshow v1.2.4422 [2012-04-09] RP609: 01.10.2013 20:18:23 - Revo Uninstaller's restore point - Ask Toolbar RP610: 01.10.2013 20:20:19 - Revo Uninstaller's restore point - Iminent RP611: 01.10.2013 20:31:04 - Revo Uninstaller's restore point - Plus-HD-2.2 . ==== Installed Programs ====================== . 7-Zip 9.30 (x64 edition) AAVUpdateManager ACDSee 8 Adobe AIR Adobe Download Assistant Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Shockwave Player Adobe Shockwave Player 11.6 Adobe Shockwave Player 12.0 Adress Little 2.0 Any Video Converter 3.0.7 Apple Application Support Apple Software Update AquaSoft SnapTip Artweaver Free 3.0 Ashampoo Burning Studio 2013 v.11.0.5 aTube Catcher Audacity 2.0.3 avast! Free Antivirus Backup Service Home 3.4.4.1 Biet-O-Matic v2.14.6 Bing Bar Brother MFL-Pro Suite MFC-7840W Camtasia Studio 7 CanoScan Toolbox Ver4.9 CCleaner CDBurnerXP Cisco Systems VPN Client 5.0.07.0290 Classic Menu 3.x for Office 2007 Clipdiary 1.4 Clover 3.0 Compatibility Pack für 2007 Office System CPUID CPU-Z 1.58 CyberLink PowerDVD 9 CyberLink YouCam Debugging Tools for Windows Debugging Tools for Windows (x64) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Defraggler DivX-Setup DivX Author 1.5 ERUNT 1.1j EVEREST Corporate Edition v5.02 Exifer FileZilla Client 3.7.3 FormatFactory 2.60 Fotosizer 1.37 Foxit Reader Free CD Ripper V2.0 Free FLV Converter V 6.92.0 Free Video to JPG Converter version 5.0.21.1212 Free Word/Doc Txt to Image Jpg/Jpeg Bmp Tiff Png Converter 5.6 Free YouTube Download version 3.0.18.1123 Free YouTube to MP3 Converter version 3.8 FreePDF (Remove only) Garmin POI Loader Garmin USB Drivers Garmin WebUpdater GIMP 2.8.4 Glary Registry Repair 3.3.0.852 Google Chrome Google Earth Plug-in GPL Ghostscript 8.71 HDvid Codec V1 Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678) HP Customer Experience Enhancements HP Wireless Assistant IDT Audio ImgBurn Intel PROSet Wireless Intel(R) PROSet/Wireless WiFi-Software IrfanView (remove only) Java 7 Update 25 Java 7 Update 40 (64-bit) Java Auto Updater Junk Mail filter update KaloMa 4.72 KeePass Password Safe 2.22 LAME v3.99.3 (for Windows) Logitech Webcam Software Logitech Webcam Software-Treiberpaket Malwarebytes Anti-Malware Version 1.75.0.1300 Manual CanoScan LiDE 35 maxdome Download Manager 4.1.300.78 MediaCoder x64 0.7.3.4685 MediaCoder x64 0.8.17 Mein Gutscheincode Finder 1.0.0.0 Meine Ausnahmen Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft .NET Framework 4 Extended Microsoft Application Compatibility Toolkit 5.6 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (German) 2010 Microsoft Office Excel MUI (German) 2010 Microsoft Office Groove MUI (German) 2010 Microsoft Office InfoPath MUI (German) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (German) 2010 Microsoft Office Outlook MUI (German) 2010 Microsoft Office PowerPoint MUI (German) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proof (Italian) 2010 Microsoft Office Proofing (German) 2010 Microsoft Office Publisher MUI (German) 2010 Microsoft Office Shared 64-bit MUI (German) 2010 Microsoft Office Shared MUI (German) 2010 Microsoft Office Word MUI (German) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server Compact 3.5 SP1 English Microsoft SQL Server Compact 3.5 SP1 x64 English Microsoft Sync Framework 2.0 Core Components (x64) ENU Microsoft Sync Framework 2.0 Core Components (x86) ENU Microsoft Sync Framework 2.0 Provider Services (x64) ENU Microsoft Sync Framework 2.0 Provider Services (x86) ENU Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 24.0 (x86 de) Mozilla Maintenance Service Mp3tag v2.55a MSVC80_x64_v2 MSVC80_x86_v2 MSVC90_x64 MSVC90_x86 MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MWSnap 3 No23 Recorder Notepad++ NVIDIA 3D Vision Controller Driver NVIDIA 3D Vision Controller Driver 270.61 NVIDIA Grafiktreiber 270.61 NVIDIA HD-Audiotreiber 1.2.22.1 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX-Systemsoftware 9.10.0514 NVIDIA Systemsteuerung 270.61 NVIDIA Update 1.1.34 NVIDIA Update Components O&O SafeErase Paragon Backup & Recovery™ 2012 Free PC Connectivity Solution PDFCreator Personal Backup 5.4 PhotoFiltre 7 Power2Go PowerDirector Prism Videodatei-Konverter PureSync PureSync 3.7.6 PVSonyDll QuickConvert Video QuickTime Radmin Server 3.1 Radmin Viewer 3.4 Realtek Ethernet Controller Driver Realtek USB 2.0 Card Reader REAPER (x64) Recovery Manager Recuva RedMon - Redirection Port Monitor Revo Uninstaller 1.92 Samsung AllShare Scribus 1.4.1 Secunia PSI (2.0.0.3001) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Excel 2010 (KB2760597) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft Outlook 2010 (KB2794707) 32-Bit Edition Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760769) 32-Bit Edition Serif PagePlus 11 Serif PagePlus 11 - Installer Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002) Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) SIW version 2011.10.29 Skype™ 5.10 SlimDrivers SopCast 3.5.0 SpeedCommander 13 (x64) Spybot - Search & Destroy Steuer-Spar-Erklärung 2012 Steuer-Spar-Erklärung 2013 SuperMailer 5.71 swMSM Synaptics Pointing Device Driver System Explorer 3.9.0 System Requirements Lab for Intel tango solo TeraCopy 2.27 Ulead PhotoImpact 12 UltraSearch V1.7.1 Uninstall 1.0.0.1 Unlocker 1.9.0-x64 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition VC80CRTRedist - 8.0.50727.4053 VideoPad Video Editor Visual C++ 9.0 CRT (x86) WinSXS MSM VLC media player 2.1.0 Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) Windows 7 Upgrade Advisor Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) Windows Live-Uploadtool Windows Live Anmelde-Assistent Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalerie Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Sync Windows Live Writer Windows Media Player Firefox Plugin Winmail Opener 1.4 WinMend Folder Hidden 1.4.1 Wise Registry Cleaner Free 5.72 WOW Slider XAMPP 1.7.7 Xenu's Link Sleuth Yahoo! Messenger YAMAHA Musicsoft Downloader 5 . ==== End Of File =========================== Wenn ich nun einen neuen TAB öffne, erscheint immer noch die o.g. Seite... allerdings nicht mehr mit den kompletten Inhalten. Was muss ich nun tun? Danke und schöne Grüße, imebro |
02.10.2013, 18:40 | #2 |
/// the machine /// TB-Ausbilder | Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab hi,
__________________Downloade Dir bitte Malwarebytes Anti-Malware
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
02.10.2013, 21:40 | #3 |
| Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab Hallo und danke für Deine Hilfe.
__________________Hier schon mal das erste LOG von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.10.01.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16686 Ingo :: INGOS-LAPTOP [Administrator] 02.10.2013 20:14:58 mbam-log-2013-10-02 (20-14-58).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 276443 Laufzeit: 8 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKLM\SOFTWARE\Google\Chrome\Extensions\dnllcmllkjofnojidnaknldfehfhehoo (PUP.Optional.HDVidCodec.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: 233476790368182545563276623017112349037 -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 2 C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0 (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 14 C:\Windows\Installer\4ca3a5.msi (PUP.Optional.Iminent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\appCntrl.js (PUP.Optional.Iminent.A) -> Löschen bei Neustart. C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\bg.html (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\bg.js (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\CrmAdpt.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\ct.js (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\CTB.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\dpk.js (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\hprtkMsg.htm (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\hprtkMsg.js (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\json2.min.js (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\logo.png (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\manifest.json (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\pref.json (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.3 (09.27.2013:1) OS: Windows 7 Home Premium x64 Ran by Ingo on 02.10.2013 at 21:36:30,68 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{438C9553-B864-4C13-B737-F09D7BCD6F05} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{525A2FD5-8D69-439B-A5EB-CE645A2BA753} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59EF587E-2401-4364-A826-473F98A0EA1F} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AB1653C3-F899-43FB-9D39-3B88CB26FF50} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311301136} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311301136} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealio_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealio_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealio_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealio_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311301136} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BBE81E03-745C-4281-ACAD-C00843D294FC} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Ingo\AppData\Roaming\dvdvideosoftiehelpers" ~~~ FireFox Successfully deleted: [File] C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\extensions\hdvc3@hdvidcodec.com.xpi Successfully deleted the following from C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\prefs.js user_pref("browser.newtab.url", "hxxp://start.iminent.com/?ref=NewTab&appId=D7423D57-9F3A-4336-9F6B-4E2354318E2E"); user_pref("extensions.customizegoogle.cookies.SafeSearch", "empty"); user_pref("extensions.customizegoogle.cookies.enableSafeSearch", false); user_pref("extensions.ffxtlbr@iminent.com.install-event-fired", true); user_pref("extensions.iminent.admin", false); user_pref("extensions.iminent.aflt", "orgnl"); user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}"); user_pref("extensions.iminent.autoRvrt", "false"); user_pref("extensions.iminent.dfltLng", ""); user_pref("extensions.iminent.excTlbr", false); user_pref("extensions.iminent.ffxUnstlRst", false); user_pref("extensions.iminent.id", "2486214f0000000000000026c717d371"); user_pref("extensions.iminent.instlDay", "15979"); user_pref("extensions.iminent.instlRef", ""); user_pref("extensions.iminent.newTab", false); user_pref("extensions.iminent.prdct", "iminent"); user_pref("extensions.iminent.prtnrId", "iminent"); user_pref("extensions.iminent.rvrt", "false"); user_pref("extensions.iminent.smplGrp", "none"); user_pref("extensions.iminent.tlbrId", "base"); user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q="); user_pref("extensions.iminent.vrsn", "1.8.25.0"); user_pref("extensions.iminent.vrsnTs", "1.8.25.020:12:06"); user_pref("extensions.iminent.vrsni", "1.8.25.0"); user_pref("extensions.webbooster@iminent.com.install-event-fired", true); user_pref("foxlingo.excite", false); user_pref("foxlingo.ixquickdefaultlang", "deutsch"); user_pref("iminent.LayoutId", "1"); user_pref("iminent.ShowThankyouPixel", "0"); user_pref("iminent.registerToolbarEvent109", "1380651194369"); user_pref("iminent.registerToolbarEvent111", "1380651194453"); user_pref("iminent.registerToolbarEvent112", "1380651224278"); user_pref("iminent.registerToolbarEvent122", "1380651194466"); user_pref("iminent.version", "7.36.1.1"); user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.36.1.1\",\"InstallEventCTime\":1380651141833,\"InstallEvent\":\"True\"}"); user_pref("tweaktube.pref.cacheInfo", "({'hxxp://wedata.net/databases/AutoPagerize/items.json':{url:\"hxxp://wedata.net/databases/AutoPagerize/items.json\", expire:(new Date(1 Emptied folder: C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\minidumps [143 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 02.10.2013 at 21:49:11,91 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Und hier das FRST-LOG: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013 Ran by Ingo (administrator) on INGOS-LAPTOP on 02-10-2013 22:51:22 Running from C:\Users\Ingo\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (IDT, Inc.) C:\PROGRAM FILES\IDT\WDM\STACSV64.EXE (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (NVIDIA Corporation) C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVXDSYNC.EXE (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (AVAST Software) C:\Program Files (x86)\Avast5\AvastSvc.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe (Andrea Electronics Corporation) C:\PROGRAM FILES\IDT\WDM\AESTSR64.EXE (Alexander Seeliger Software) C:\Program Files (x86)\Backup Service Home 3\BSHService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Uwe A. Ruttkamp) F:\DHCP-Server\dhcpsrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Intel(R) Corporation) C:\PROGRAM FILES\INTEL\WIFI\BIN\EVTENG.EXE (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (JAM Software) d:\Programme\UltraSearch\UltraSearch.exe (Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NlsSrv32.exe (Entriq, Inc.) D:\programme\maxdome\DCBin\DCService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE () D:\Programme\Clipdiary\ClipDiary.exe (Mirek Wojtowicz) C:\Program Files (x86)\MWSnap\MWSnap.exe (Intel(R) Corporation) C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\REGSRVC.EXE () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe () D:\Programme\Desksave\DeskSave.exe (Secunia) D:\Programme\Secunia\PSI\PSIA.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Jumping Bytes) C:\Program Files (x86)\PureSync\PureSyncTray.exe (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Mister Group) D:\Programme\System Explorer\SystemExplorer.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Secunia) D:\Programme\Secunia\PSI\psi_tray.exe (AVAST Software) C:\Program Files (x86)\Avast5\AvastUI.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Mister Group) D:\Programme\System Explorer\service\SystemExplorerService64.exe (Secunia) D:\Programme\Secunia\PSI\sua.exe () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe (Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2000-01-01] (IDT, Inc.) HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation) HKCU\...\Run: [clipdiary] - D:\Programme\Clipdiary\clipdiary.exe [208896 2007-05-22] () HKCU\...\Run: [MWSnap] - C:\Program Files (x86)\MWSnap\MWSnap.exe [427008 2002-07-06] (Mirek Wojtowicz) HKCU\...\Run: [DeskSave] - D:\Programme\Desksave\DeskSave.exe [82944 2008-07-26] () HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation) HKCU\...\Run: [PureSync] - C:\Program Files (x86)\PureSync\PureSyncTray.exe [907808 2013-04-29] (Jumping Bytes) HKCU\...\Run: [SystemExplorerAutoStart] - D:\Programme\System Explorer\SystemExplorer.exe [2610648 2012-06-18] (Mister Group) HKCU\...\Policies\system: [DisableLockWorkstation] 0 HKCU\...\Policies\system: [DisableChangePassword] 0 HKLM-x32\...\Run: [AdressLittle] - D:\Programme\Adress Little 2.0\ageb.exe [65536 2009-03-13] (Joachim Stroemer) HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company) HKLM-x32\...\Run: [avast] - C:\Program Files (x86)\Avast5\avastUI.exe [4858968 2013-08-30] (AVAST Software) HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2010624 2013-07-20] (Dominik Reichl) HKU\Administrator\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden HKU\Administrator\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW HKU\Administrator\...\Run: [clipdiary] - D:\Programme\Clipdiary\clipdiary.exe [208896 2007-05-22] () HKU\Administrator\...\Run: [DriverMax] - [x] HKU\Administrator\...\Run: [DriverMax_RESTART] - [x] HKU\Administrator\...\Run: [PC Suite Tray] - "D:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray HKU\Administrator\...\Run: [phonostarTimer] - D:\Programme\phonostar-Player\phonostarTimer.exe HKU\Administrator\...\Policies\system: [DisableLockWorkstation] 0 HKU\Administrator\...\Policies\system: [DisableChangePassword] 0 HKU\Gast\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden HKU\Gast\...\Run: [PC Suite Tray] - "D:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray HKU\Gast\...\Run: [SpywareTerminatorUpdate] - "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" HKU\Gast\...\Run: [ICQ] - C:\Users\Gast\AppData\Roaming\ICQ\Application\ICQ7.2\ICQ.exe [133432 2011-01-05] (ICQ, LLC.) HKU\Gast\...\Policies\system: [DisableLockWorkstation] 0 HKU\Gast\...\Policies\system: [DisableChangePassword] 0 Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk ShortcutTarget: Persbackup.lnk -> D:\Programme\Personal Backup 5\Persbackup.exe (J. Rathlev, IEAP, Uni-Kiel) Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQNOT/4 SearchScopes: HKLM - DefaultScope {D4F58562-A3C4-48B7-AE7B-98467EA87900} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {D4F58562-A3C4-48B7-AE7B-98467EA87900} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox SearchScopes: HKCU - {BA3E27DB-425D-4E00-AD57-83689D8ECADD} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} BHO: Plus-HD-2.2 - {11111111-1111-1111-1111-110311301136} - C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-bho64.dll No File BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files (x86)\Avast5\aswWebRepIE64.dll (AVAST Software) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: ExplorerWatcher Class - {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} - d:\Programme\Clover\TabHelper64.dll (EJIE Technology) BHO-x32: No Name - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - No File BHO-x32: No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files (x86)\Avast5\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: No Name - {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} - No File Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files (x86)\Avast5\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files (x86)\Avast5\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File DPF: HKLM-x32 {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [52272 2009-11-07] (EasyBits Software Corp.) ShellExecuteHooks-x32: - UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File [ ] Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{27B2EBF4-4FE1-4E15-85D3-A92B7F9110BF}: [NameServer]192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", ""); FF SearchEngineOrder.1: Ask Search FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", ""); FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.1 - D:\Programme\VLC-Player\npvlc.dll No File FF Plugin: @videolan.org/vlc,version=2.1.0-git-20120125-2155 - D:\Programme\VLC-Player\npvlc.dll No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll No File FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - D:\Programme\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=1.1.11 - D:\Programme\VLC-Player\npvlc.dll No File FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Ingo\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Ingo\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Deutsches Wörterbuch, erweitert für Österreich - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\de-AT@dictionaries.addons.mozilla.org FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\de-DE@dictionaries.addons.mozilla(2).org FF Extension: Deutsches Wörterbuch - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\de-DE@dictionaries.addons.mozilla.org FF Extension: Fast Translation - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\fasttrans@kemot FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\fb_add_on@avm.de FF Extension: FlashFirebug - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\flashfirebug@o-minds.com FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\ich@maltegoetz.de FF Extension: Open Image In New Tab - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\imagetab@next.gen.nz FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\linkalert.conlan@addons.mozilla.com FF Extension: New Tab Button on Tab Right - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{05BF52F6-A4F9-48B9-84ED-F8D83762E619}(2) FF Extension: Garmin Communicator - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} FF Extension: Metal Lion - iCe - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{1AFC82C3-0154-4b09-878B-D68500EFBE76}(2) FF Extension: PDF Download - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} FF Extension: Html Validator - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} FF Extension: Modern Modoki - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{4a428302-5267-4749-bb22-459b3236695f}(2) FF Extension: Walnut for Firefox - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}(2) FF Extension: ColorZilla - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} FF Extension: Modern Aluminum - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{835A3F80-DF39-11D9-A0B5-000D0B3AEB26}(2) FF Extension: BugMeNot - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42} FF Extension: DownloadHelper - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: DownloadHelper - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2) FF Extension: Whitehart - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9}(2) FF Extension: Fox!Box - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8} FF Extension: Print - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{f199da35-0a9a-4ce9-8f59-c68524deba93} FF Extension: aeroimproved - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\aeroimproved@rsjtdrjgfuzkfg.com.xpi FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\Extensions.001 FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\Extensions.rdf FF Extension: firebug - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\firebug@software.joehewitt.com.xpi FF Extension: firebug - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\firebug@tools.sitepoint.com.xpi FF Extension: FirePHPExtension-Build - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\FirePHPExtension-Build@firephp.org.xpi FF Extension: guiconfig - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\guiconfig@slosd.net.xpi FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\installed-extensions.txt FF Extension: langpack-de - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\langpack-de@firefox.mozilla.org.xpi FF Extension: newtaburl - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\newtaburl@sogame.cat.xpi FF Extension: nosquint - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\nosquint@urandom.ca.xpi FF Extension: sroussey - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\sroussey@illumination-for-developers.com.xpi FF Extension: youtube2mp3 - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\youtube2mp3@mondayx.de.xpi FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}.xpi FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}.xpi FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF HKLM-x32\...\Firefox\Extensions: [PHPEditXdebugExtension@waterproof.fr] - C:\Program Files\PHPEdit\Tools\FirefoxExtension\unpacked FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files (x86)\Avast5\WebRep\FF FF Extension: avast! Online Security - C:\Program Files (x86)\Avast5\WebRep\FF FF HKCU\...\Firefox\Extensions: [finder@meingutscheincode.de] - C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox FF HKCU\...\Firefox\Extensions: [PHPEditXdebugExtension@waterproof.fr] - C:\Program Files\PHPEdit\Tools\FirefoxExtension\unpacked Chrome: ======= CHR Extension: (PHP Docs) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aofkhphjhkanpddmfmbckdlcajhnehlf\1.3_0 CHR Extension: (Web Developer) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4.1_0 CHR Extension: (YouTube) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0 CHR Extension: (Firebug Lite for Google Chrome\u2122) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0 CHR Extension: (Adblock Plus (Beta)) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0 CHR Extension: (Google Search) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0 CHR Extension: (Session Buddy) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko\2.1.3_0 CHR Extension: (FTP Free) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdgcfaoankkonoiichmblcfijkomfbn\2.5_0 CHR Extension: (avast! WebRep) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0 CHR Extension: (New Tab Redirect!) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.5_0 CHR Extension: (Mein Gutscheincode Finder) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfpelakfkbbkkdchaaaknckhoadkcbo\1.0.2_0 CHR Extension: (Popup HTML Editor) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjpagcblmlakmpcihopmpfknakkimjdh\0.2_0 CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.10_0 CHR Extension: (Stylebot) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiaejidbmkiecgbjeifoejpgmdaleoha\1.7.3.1_0 CHR Extension: (Gmail) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM-x32\...\Chrome\Extension: [jgfpelakfkbbkkdchaaaknckhoadkcbo] - C:\Program Files (x86)\Mein Gutscheincode Finder\Chrome\chrome-extension.crx CHR StartMenuInternet: Google Chrome - C:\Users\Ingo\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 avast! Antivirus; C:\Program Files (x86)\Avast5\AvastSvc.exe [46808 2013-08-30] (AVAST Software) R2 Backup Service Home-Dienst; C:\Program Files (x86)\Backup Service Home 3\BSHService.exe [17920 2012-02-15] (Alexander Seeliger Software) R2 DHCPServer; F:\DHCP-Server\dhcpsrv.exe [106496 2011-12-17] (Uwe A. Ruttkamp) S3 MyWiFiDHCPDNS; C:\PROGRAM FILES\INTEL\WIFI\BIN\PANDHCPDNS.EXE [340240 2011-05-02] () R2 Prosieben; D:\programme\maxdome\DCBin\DCService.exe [77032 2009-05-01] (Entriq, Inc.) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] () S3 RServer3; C:\Windows\SysWOW64\rserver30\RServer3.exe [1246536 2007-10-31] (Famatech International Corp.) R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) R2 Secunia PSI Agent; D:\Programme\Secunia\PSI\PSIA.exe [993848 2011-01-10] (Secunia) R2 Secunia Update Agent; D:\Programme\Secunia\PSI\sua.exe [399416 2011-01-10] (Secunia) R3 SystemExplorerHelpService; D:\Programme\System Explorer\service\SystemExplorerService64.exe [807896 2012-05-21] (Mister Group) R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x] ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] () S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2009-12-18] () S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2009-12-18] () S3 CrystalSysInfo; D:\Programme\MediaCoder\SysInfoX64.sys [18128 2007-09-25] () R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [658944 2011-12-12] (Hauppauge Computer Works, Inc.) S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [19840 2011-12-12] (Hauppauge Computer Works, Inc.) R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () R3 mirrorv3; C:\Windows\System32\DRIVERS\rminiv3.sys [5632 2007-08-17] (Famatech International Corp.) R1 raddrvv3; C:\Windows\SysWOW64\rserver30\raddrvv3.sys [68632 2007-10-31] (Famatech International Corp.) S1 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [15672 2011-09-08] () R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-11-17] (Windows (R) 2000 DDK provider) R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-11-17] (Paragon) R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-11-17] (Paragon) U5 UnlockerDriver5; D:\Programme\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [x] S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-02 21:49 - 2013-10-02 21:49 - 00005555 _____ C:\Users\Ingo\Desktop\JRT.txt 2013-10-02 21:36 - 2013-10-02 21:36 - 00000000 ____D C:\Windows\ERUNT 2013-10-02 20:37 - 2013-10-02 20:37 - 00038159 _____ C:\Users\Ingo\Desktop\Addition.txt 2013-10-02 20:34 - 2013-10-02 20:34 - 00000000 ____D C:\FRST 2013-10-02 20:33 - 2013-10-02 20:23 - 01954124 _____ (Farbar) C:\Users\Ingo\Desktop\FRST64.exe 2013-10-02 08:38 - 2013-10-02 20:22 - 00000000 ____D C:\Users\Ingo\Desktop\Trojanerboard Hilfen 2013-10-01 22:39 - 2013-10-01 22:39 - 00014479 _____ C:\Users\Ingo\Desktop\attach.txt 2013-10-01 22:39 - 2013-10-01 22:38 - 00024500 _____ C:\Users\Ingo\Desktop\dds.txt 2013-10-01 21:53 - 2013-10-01 21:53 - 00700783 ____R (Swearware) C:\Users\Ingo\Desktop\dds+.exe 2013-10-01 21:50 - 2013-10-01 21:50 - 00448512 _____ (OldTimer Tools) C:\Users\Ingo\Desktop\TFC.exe 2013-10-01 21:14 - 2013-10-01 21:36 - 00000000 ____D C:\AdwCleaner 2013-10-01 21:11 - 2013-10-01 21:11 - 00003152 _____ C:\Windows\System32\Tasks\{A968F0EA-B486-4AA9-A39A-1C751C1F20EA} 2013-10-01 20:11 - 2013-10-01 20:21 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog 2013-10-01 19:30 - 2013-10-01 19:29 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-10-01 19:30 - 2013-10-01 19:29 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-10-01 19:30 - 2013-10-01 19:29 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-10-01 19:30 - 2013-10-01 19:29 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2013-10-01 19:29 - 2013-10-01 19:29 - 00000000 ____D C:\Program Files\Java 2013-10-01 19:15 - 2013-10-01 22:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-09-28 11:41 - 2013-09-28 11:41 - 00001274 _____ C:\Users\Ingo\Desktop\WebCam.lnk 2013-09-23 17:46 - 2013-10-02 20:28 - 00014488 _____ C:\Windows\PFRO.log 2013-09-23 17:46 - 2013-10-02 20:28 - 00000896 _____ C:\Windows\setupact.log 2013-09-23 17:46 - 2013-09-23 17:46 - 00000000 _____ C:\Windows\setuperr.log 2013-09-22 12:37 - 2013-10-02 20:36 - 01201159 _____ C:\Windows\WindowsUpdate.log 2013-09-11 22:37 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-11 22:37 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-11 22:37 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-09-11 22:37 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-11 22:37 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-11 22:37 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-11 22:37 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-11 22:37 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-11 22:37 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-11 22:37 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-11 22:37 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-09-11 22:37 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-09-11 22:37 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-09-11 22:37 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-09-11 22:37 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-09-11 22:37 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-09-11 22:37 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-09-11 22:37 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-09-11 22:37 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-09-11 22:37 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-09-11 22:37 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-09-11 22:37 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-09-11 22:37 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-09-11 22:37 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-09-11 22:37 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-09-11 22:37 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-11 22:37 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-09-11 22:37 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-09-11 22:37 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-09-11 22:36 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-11 22:36 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-09-11 20:29 - 2013-09-24 18:16 - 00000000 ____D C:\Users\Ingo\Desktop\Iris 2013-09-11 20:22 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2013-09-11 20:20 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-09-11 20:20 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-09-11 20:20 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2013-09-11 20:20 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-09-11 20:20 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2013-09-11 20:20 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2013-09-11 20:20 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2013-09-11 20:20 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2013-09-11 20:20 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-09-11 20:20 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-09-11 20:20 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-09-11 20:20 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-09-11 20:20 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2013-09-11 20:20 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2013-09-11 20:20 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2013-09-11 20:19 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2013-09-11 20:19 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-09-11 20:19 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-09-11 20:19 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-09-11 20:19 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-09-11 20:19 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-09-11 20:17 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-09-11 20:16 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2013-09-11 20:16 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2013-09-11 20:16 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-09-11 20:16 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-09-08 14:11 - 2013-09-08 14:11 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7 2013-09-05 19:37 - 2013-09-05 19:48 - 00000000 ____D C:\Users\Ingo\Desktop\Ahnenforschung ==================== One Month Modified Files and Folders ======= 2013-10-02 22:48 - 2010-08-31 21:05 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\clipdiary 2013-10-02 22:44 - 2012-02-02 09:56 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-02 22:37 - 2010-08-23 19:02 - 00000000 ____D C:\Users\Ingo 2013-10-02 22:32 - 2013-01-22 21:06 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3237284612-487690776-1710373329-1001UA.job 2013-10-02 22:02 - 2013-09-22 12:37 - 01201159 _____ C:\Windows\WindowsUpdate.log 2013-10-02 21:59 - 2012-03-31 22:10 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-02 21:49 - 2013-10-02 21:49 - 00005555 _____ C:\Users\Ingo\Desktop\JRT.txt 2013-10-02 21:36 - 2013-10-02 21:36 - 00000000 ____D C:\Windows\ERUNT 2013-10-02 20:38 - 2009-07-14 06:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-02 20:38 - 2009-07-14 06:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-02 20:37 - 2013-10-02 20:37 - 00038159 _____ C:\Users\Ingo\Desktop\Addition.txt 2013-10-02 20:34 - 2013-10-02 20:34 - 00000000 ____D C:\FRST 2013-10-02 20:29 - 2012-02-02 09:56 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-02 20:28 - 2013-09-23 17:46 - 00014488 _____ C:\Windows\PFRO.log 2013-10-02 20:28 - 2013-09-23 17:46 - 00000896 _____ C:\Windows\setupact.log 2013-10-02 20:28 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-02 20:23 - 2013-10-02 20:33 - 01954124 _____ (Farbar) C:\Users\Ingo\Desktop\FRST64.exe 2013-10-02 20:22 - 2013-10-02 08:38 - 00000000 ____D C:\Users\Ingo\Desktop\Trojanerboard Hilfen 2013-10-02 17:53 - 2012-07-04 20:05 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\KeePass 2013-10-02 17:52 - 2009-11-08 05:20 - 00700592 _____ C:\Windows\system32\perfh007.dat 2013-10-02 17:52 - 2009-11-08 05:20 - 00149356 _____ C:\Windows\system32\perfc007.dat 2013-10-02 17:52 - 2009-07-14 07:13 - 01622004 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-02 17:51 - 2012-09-14 18:21 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe 2 2013-10-02 17:15 - 2010-09-10 18:14 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CA70E5AD-9D55-49AB-9231-E8CBF2D6A45F} 2013-10-01 22:39 - 2013-10-01 22:39 - 00014479 _____ C:\Users\Ingo\Desktop\attach.txt 2013-10-01 22:38 - 2013-10-01 22:39 - 00024500 _____ C:\Users\Ingo\Desktop\dds.txt 2013-10-01 22:26 - 2013-10-01 19:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-10-01 21:53 - 2013-10-01 21:53 - 00700783 ____R (Swearware) C:\Users\Ingo\Desktop\dds+.exe 2013-10-01 21:50 - 2013-10-01 21:50 - 00448512 _____ (OldTimer Tools) C:\Users\Ingo\Desktop\TFC.exe 2013-10-01 21:41 - 2010-08-31 21:04 - 00000000 ___RD C:\Users\Ingo\Desktop\Wartung 2013-10-01 21:37 - 2012-04-23 20:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-10-01 21:36 - 2013-10-01 21:14 - 00000000 ____D C:\AdwCleaner 2013-10-01 21:34 - 2011-05-15 11:01 - 00000000 ____D C:\Program Files (x86)\NirSoft Utilities 2013-10-01 21:11 - 2013-10-01 21:11 - 00003152 _____ C:\Windows\System32\Tasks\{A968F0EA-B486-4AA9-A39A-1C751C1F20EA} 2013-10-01 20:21 - 2013-10-01 20:11 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog 2013-10-01 19:29 - 2013-10-01 19:30 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-10-01 19:29 - 2013-10-01 19:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-10-01 19:29 - 2013-10-01 19:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-10-01 19:29 - 2013-10-01 19:30 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2013-10-01 19:29 - 2013-10-01 19:29 - 00000000 ____D C:\Program Files\Java 2013-10-01 19:29 - 2013-01-22 23:25 - 01095080 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2013-10-01 19:29 - 2010-09-09 20:59 - 00973736 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2013-10-01 19:23 - 2009-11-07 22:02 - 00000000 ____D C:\Windows\SysWOW64\Adobe 2013-10-01 19:17 - 2010-08-23 21:50 - 00000000 ____D C:\Users\Ingo\AppData\Local\Mozilla 2013-10-01 18:48 - 2012-07-25 10:39 - 00004166 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-10-01 18:46 - 2010-08-23 20:47 - 00000000 ____D C:\Program Files (x86)\Avast5 2013-10-01 18:45 - 2010-08-23 20:47 - 00000000 _____ C:\Windows\SysWOW64\config.nt 2013-09-29 08:58 - 2010-10-11 20:41 - 00007680 _____ C:\Users\Ingo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-09-28 12:32 - 2013-01-22 21:06 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3237284612-487690776-1710373329-1001Core.job 2013-09-28 11:41 - 2013-09-28 11:41 - 00001274 _____ C:\Users\Ingo\Desktop\WebCam.lnk 2013-09-28 11:25 - 2013-03-05 21:35 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs 2013-09-24 18:16 - 2013-09-11 20:29 - 00000000 ____D C:\Users\Ingo\Desktop\Iris 2013-09-23 17:46 - 2013-09-23 17:46 - 00000000 _____ C:\Windows\setuperr.log 2013-09-22 12:37 - 2011-11-12 19:22 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-09-22 12:35 - 2009-09-07 03:57 - 00000000 ____D C:\Windows\Panther 2013-09-19 19:59 - 2012-03-31 22:10 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-09-19 19:59 - 2012-03-31 22:10 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-09-19 19:59 - 2011-05-21 12:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-09-15 10:48 - 2010-08-23 21:50 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\Mozilla 2013-09-13 19:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-09-12 19:53 - 2010-08-23 20:32 - 00000000 ___RD C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-12 19:53 - 2010-08-23 20:32 - 00000000 ___RD C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-09-12 19:53 - 2010-08-23 19:02 - 00000000 ___RD C:\Users\Ingo\Dokumente 2013-09-12 19:38 - 2009-07-14 06:45 - 00569096 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-11 22:36 - 2013-08-14 20:23 - 00000000 ____D C:\Windows\system32\MRT 2013-09-11 22:33 - 2010-08-23 21:06 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-09-11 22:33 - 2009-11-07 21:39 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-09-08 14:17 - 2011-05-03 12:00 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\vlc 2013-09-08 14:11 - 2013-09-08 14:11 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7 2013-09-08 14:11 - 2012-03-15 20:41 - 00000694 _____ C:\Users\UpdatusUser\Desktop\PhotoFiltre 7.lnk 2013-09-08 14:11 - 2012-03-15 20:41 - 00000694 _____ C:\Users\Gast\Desktop\PhotoFiltre 7.lnk 2013-09-08 14:11 - 2012-03-15 20:41 - 00000694 _____ C:\Users\Administrator\Desktop\PhotoFiltre 7.lnk 2013-09-05 19:48 - 2013-09-05 19:37 - 00000000 ____D C:\Users\Ingo\Desktop\Ahnenforschung 2013-09-02 20:51 - 2012-06-27 20:25 - 00000000 ____D C:\Users\Ingo\Desktop\W E B Files to move or delete: ==================== C:\ProgramData\kp_0loor.pad ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-01 19:53 ==================== End Of Log ============================ --- --- --- Danke und schöne Grüße, imebro Geändert von imebro (02.10.2013 um 21:56 Uhr) |
03.10.2013, 07:54 | #4 |
/// the machine /// TB-Ausbilder | Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen TabESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
03.10.2013, 11:54 | #5 |
| Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab Hallo und danke für die weiteren Tipps. Hier das ESET-Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=a9cf64cbe576ec4690fa3856491e1b95 # engine=13131 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-10-03 10:50:14 # local_time=2013-10-03 12:50:14 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776573 100 94 54212 132427264 0 0 # scanned=259230 # found=0 # cleaned=0 # scan_time=8598 Code:
ATTFilter Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Secunia PSI (2.0.0.3001) Malwarebytes Anti-Malware Version 1.75.0.1300 Wise Registry Cleaner Free 5.72 Java 7 Update 25 Adobe Flash Player 11.8.800.168 Mozilla Firefox (24.0) Google Chrome 29.0.1547.76 Google Chrome 30.0.1599.66 ````````Process Check: objlist.exe by Laurent```````` Avast5 AvastSvc.exe Avast5 AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013 Ran by Ingo (administrator) on INGOS-LAPTOP on 03-10-2013 13:02:31 Running from C:\Users\Ingo\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (IDT, Inc.) C:\PROGRAM FILES\IDT\WDM\STACSV64.EXE (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (NVIDIA Corporation) C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVXDSYNC.EXE (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (AVAST Software) C:\Program Files (x86)\Avast5\AvastSvc.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe (Andrea Electronics Corporation) C:\PROGRAM FILES\IDT\WDM\AESTSR64.EXE (Alexander Seeliger Software) C:\Program Files (x86)\Backup Service Home 3\BSHService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Uwe A. Ruttkamp) F:\DHCP-Server\dhcpsrv.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) C:\PROGRAM FILES\INTEL\WIFI\BIN\EVTENG.EXE () D:\Programme\Clipdiary\ClipDiary.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NlsSrv32.exe (Mirek Wojtowicz) C:\Program Files (x86)\MWSnap\MWSnap.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () D:\Programme\Desksave\DeskSave.exe (JAM Software) d:\Programme\UltraSearch\UltraSearch.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Jumping Bytes) C:\Program Files (x86)\PureSync\PureSyncTray.exe (Entriq, Inc.) D:\programme\maxdome\DCBin\DCService.exe (Mister Group) D:\Programme\System Explorer\SystemExplorer.exe (Secunia) D:\Programme\Secunia\PSI\psi_tray.exe (Intel(R) Corporation) C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\REGSRVC.EXE (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (AVAST Software) C:\Program Files (x86)\Avast5\AvastUI.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Secunia) D:\Programme\Secunia\PSI\PSIA.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Mister Group) D:\Programme\System Explorer\service\SystemExplorerService64.exe (Secunia) D:\Programme\Secunia\PSI\sua.exe () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe (Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE (EJIE Technology) D:\Programme\Clover\clover.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2000-01-01] (IDT, Inc.) HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation) HKCU\...\Run: [clipdiary] - D:\Programme\Clipdiary\clipdiary.exe [208896 2007-05-22] () HKCU\...\Run: [MWSnap] - C:\Program Files (x86)\MWSnap\MWSnap.exe [427008 2002-07-06] (Mirek Wojtowicz) HKCU\...\Run: [DeskSave] - D:\Programme\Desksave\DeskSave.exe [82944 2008-07-26] () HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation) HKCU\...\Run: [PureSync] - C:\Program Files (x86)\PureSync\PureSyncTray.exe [907808 2013-04-29] (Jumping Bytes) HKCU\...\Run: [SystemExplorerAutoStart] - D:\Programme\System Explorer\SystemExplorer.exe [2610648 2012-06-18] (Mister Group) HKCU\...\Policies\system: [DisableLockWorkstation] 0 HKCU\...\Policies\system: [DisableChangePassword] 0 HKLM-x32\...\Run: [AdressLittle] - D:\Programme\Adress Little 2.0\ageb.exe [65536 2009-03-13] (Joachim Stroemer) HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company) HKLM-x32\...\Run: [avast] - C:\Program Files (x86)\Avast5\avastUI.exe [4858968 2013-08-30] (AVAST Software) HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2010624 2013-07-20] (Dominik Reichl) HKU\Administrator\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden HKU\Administrator\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW HKU\Administrator\...\Run: [clipdiary] - D:\Programme\Clipdiary\clipdiary.exe [208896 2007-05-22] () HKU\Administrator\...\Run: [DriverMax] - [x] HKU\Administrator\...\Run: [DriverMax_RESTART] - [x] HKU\Administrator\...\Run: [PC Suite Tray] - "D:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray HKU\Administrator\...\Run: [phonostarTimer] - D:\Programme\phonostar-Player\phonostarTimer.exe HKU\Administrator\...\Policies\system: [DisableLockWorkstation] 0 HKU\Administrator\...\Policies\system: [DisableChangePassword] 0 HKU\Gast\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden HKU\Gast\...\Run: [PC Suite Tray] - "D:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray HKU\Gast\...\Run: [SpywareTerminatorUpdate] - "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" HKU\Gast\...\Run: [ICQ] - C:\Users\Gast\AppData\Roaming\ICQ\Application\ICQ7.2\ICQ.exe [133432 2011-01-05] (ICQ, LLC.) HKU\Gast\...\Policies\system: [DisableLockWorkstation] 0 HKU\Gast\...\Policies\system: [DisableChangePassword] 0 Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk ShortcutTarget: Persbackup.lnk -> D:\Programme\Personal Backup 5\Persbackup.exe (J. Rathlev, IEAP, Uni-Kiel) Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQNOT/4 SearchScopes: HKLM - DefaultScope {D4F58562-A3C4-48B7-AE7B-98467EA87900} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {D4F58562-A3C4-48B7-AE7B-98467EA87900} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox SearchScopes: HKCU - {BA3E27DB-425D-4E00-AD57-83689D8ECADD} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} BHO: Plus-HD-2.2 - {11111111-1111-1111-1111-110311301136} - C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-bho64.dll No File BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files (x86)\Avast5\aswWebRepIE64.dll (AVAST Software) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: ExplorerWatcher Class - {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} - d:\Programme\Clover\TabHelper64.dll (EJIE Technology) BHO-x32: No Name - {11111111-1111-1111-1111-110311301136} - No File BHO-x32: No Name - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - No File BHO-x32: No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files (x86)\Avast5\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: No Name - {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} - No File Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files (x86)\Avast5\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files (x86)\Avast5\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File DPF: HKLM-x32 {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [52272 2009-11-07] (EasyBits Software Corp.) ShellExecuteHooks-x32: - UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File [ ] Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{27B2EBF4-4FE1-4E15-85D3-A92B7F9110BF}: [NameServer]192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default FF NewTab: hxxp://www.google.de FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", ""); FF SearchEngineOrder.1: Ask Search FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", ""); FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.1 - D:\Programme\VLC-Player\npvlc.dll No File FF Plugin: @videolan.org/vlc,version=2.1.0-git-20120125-2155 - D:\Programme\VLC-Player\npvlc.dll No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll No File FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - D:\Programme\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=1.1.11 - D:\Programme\VLC-Player\npvlc.dll No File FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Ingo\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Ingo\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Deutsches Wörterbuch, erweitert für Österreich - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\de-AT@dictionaries.addons.mozilla.org FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\de-DE@dictionaries.addons.mozilla(2).org FF Extension: Deutsches Wörterbuch - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\de-DE@dictionaries.addons.mozilla.org FF Extension: Fast Translation - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\fasttrans@kemot FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\fb_add_on@avm.de FF Extension: FlashFirebug - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\flashfirebug@o-minds.com FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\ich@maltegoetz.de FF Extension: Open Image In New Tab - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\imagetab@next.gen.nz FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\linkalert.conlan@addons.mozilla.com FF Extension: New Tab Button on Tab Right - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{05BF52F6-A4F9-48B9-84ED-F8D83762E619}(2) FF Extension: Garmin Communicator - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} FF Extension: Metal Lion - iCe - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{1AFC82C3-0154-4b09-878B-D68500EFBE76}(2) FF Extension: PDF Download - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} FF Extension: Html Validator - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} FF Extension: Modern Modoki - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{4a428302-5267-4749-bb22-459b3236695f}(2) FF Extension: Walnut for Firefox - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}(2) FF Extension: ColorZilla - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} FF Extension: Modern Aluminum - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{835A3F80-DF39-11D9-A0B5-000D0B3AEB26}(2) FF Extension: BugMeNot - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42} FF Extension: DownloadHelper - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: DownloadHelper - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2) FF Extension: Whitehart - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9}(2) FF Extension: Fox!Box - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8} FF Extension: Print - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{f199da35-0a9a-4ce9-8f59-c68524deba93} FF Extension: aeroimproved - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\aeroimproved@rsjtdrjgfuzkfg.com.xpi FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\Extensions.001 FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\Extensions.rdf FF Extension: firebug - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\firebug@software.joehewitt.com.xpi FF Extension: firebug - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\firebug@tools.sitepoint.com.xpi FF Extension: FirePHPExtension-Build - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\FirePHPExtension-Build@firephp.org.xpi FF Extension: guiconfig - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\guiconfig@slosd.net.xpi FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\installed-extensions.txt FF Extension: langpack-de - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\langpack-de@firefox.mozilla.org.xpi FF Extension: newtaburl - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\newtaburl@sogame.cat.xpi FF Extension: nosquint - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\nosquint@urandom.ca.xpi FF Extension: sroussey - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\sroussey@illumination-for-developers.com.xpi FF Extension: youtube2mp3 - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\youtube2mp3@mondayx.de.xpi FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}.xpi FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}.xpi FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF HKLM-x32\...\Firefox\Extensions: [PHPEditXdebugExtension@waterproof.fr] - C:\Program Files\PHPEdit\Tools\FirefoxExtension\unpacked FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files (x86)\Avast5\WebRep\FF FF Extension: avast! Online Security - C:\Program Files (x86)\Avast5\WebRep\FF FF HKCU\...\Firefox\Extensions: [finder@meingutscheincode.de] - C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox FF HKCU\...\Firefox\Extensions: [PHPEditXdebugExtension@waterproof.fr] - C:\Program Files\PHPEdit\Tools\FirefoxExtension\unpacked Chrome: ======= CHR Extension: (PHP Docs) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aofkhphjhkanpddmfmbckdlcajhnehlf\1.3_0 CHR Extension: (Web Developer) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4.1_0 CHR Extension: (YouTube) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0 CHR Extension: (Firebug Lite for Google Chrome\u2122) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0 CHR Extension: (Adblock Plus (Beta)) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0 CHR Extension: (Google Search) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0 CHR Extension: (Session Buddy) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko\2.1.3_0 CHR Extension: (FTP Free) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdgcfaoankkonoiichmblcfijkomfbn\2.5_0 CHR Extension: (avast! WebRep) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0 CHR Extension: (New Tab Redirect!) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.5_0 CHR Extension: (Mein Gutscheincode Finder) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfpelakfkbbkkdchaaaknckhoadkcbo\1.0.2_0 CHR Extension: (Popup HTML Editor) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjpagcblmlakmpcihopmpfknakkimjdh\0.2_0 CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.10_0 CHR Extension: (Stylebot) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiaejidbmkiecgbjeifoejpgmdaleoha\1.7.3.1_0 CHR Extension: (Gmail) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM-x32\...\Chrome\Extension: [jgfpelakfkbbkkdchaaaknckhoadkcbo] - C:\Program Files (x86)\Mein Gutscheincode Finder\Chrome\chrome-extension.crx CHR StartMenuInternet: Google Chrome - C:\Users\Ingo\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 avast! Antivirus; C:\Program Files (x86)\Avast5\AvastSvc.exe [46808 2013-08-30] (AVAST Software) R2 Backup Service Home-Dienst; C:\Program Files (x86)\Backup Service Home 3\BSHService.exe [17920 2012-02-15] (Alexander Seeliger Software) R2 DHCPServer; F:\DHCP-Server\dhcpsrv.exe [106496 2011-12-17] (Uwe A. Ruttkamp) S3 MyWiFiDHCPDNS; C:\PROGRAM FILES\INTEL\WIFI\BIN\PANDHCPDNS.EXE [340240 2011-05-02] () R2 Prosieben; D:\programme\maxdome\DCBin\DCService.exe [77032 2009-05-01] (Entriq, Inc.) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] () S3 RServer3; C:\Windows\SysWOW64\rserver30\RServer3.exe [1246536 2007-10-31] (Famatech International Corp.) R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) R2 Secunia PSI Agent; D:\Programme\Secunia\PSI\PSIA.exe [993848 2011-01-10] (Secunia) R2 Secunia Update Agent; D:\Programme\Secunia\PSI\sua.exe [399416 2011-01-10] (Secunia) R3 SystemExplorerHelpService; D:\Programme\System Explorer\service\SystemExplorerService64.exe [807896 2012-05-21] (Mister Group) R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x] ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] () S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2009-12-18] () S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2009-12-18] () S3 CrystalSysInfo; D:\Programme\MediaCoder\SysInfoX64.sys [18128 2007-09-25] () R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [658944 2011-12-12] (Hauppauge Computer Works, Inc.) S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [19840 2011-12-12] (Hauppauge Computer Works, Inc.) R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () R3 mirrorv3; C:\Windows\System32\DRIVERS\rminiv3.sys [5632 2007-08-17] (Famatech International Corp.) R1 raddrvv3; C:\Windows\SysWOW64\rserver30\raddrvv3.sys [68632 2007-10-31] (Famatech International Corp.) S1 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [15672 2011-09-08] () R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-11-17] (Windows (R) 2000 DDK provider) R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-11-17] (Paragon) R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-11-17] (Paragon) U5 UnlockerDriver5; D:\Programme\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [x] S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-03 13:02 - 2013-10-02 20:23 - 01954124 _____ (Farbar) C:\Users\Ingo\Desktop\FRST64.exe 2013-10-02 21:36 - 2013-10-02 21:36 - 00000000 ____D C:\Windows\ERUNT 2013-10-02 20:34 - 2013-10-02 20:34 - 00000000 ____D C:\FRST 2013-10-02 08:38 - 2013-10-02 20:22 - 00000000 ____D C:\Users\Ingo\Desktop\Trojanerboard Hilfen 2013-10-01 21:14 - 2013-10-01 21:36 - 00000000 ____D C:\AdwCleaner 2013-10-01 21:11 - 2013-10-01 21:11 - 00003152 _____ C:\Windows\System32\Tasks\{A968F0EA-B486-4AA9-A39A-1C751C1F20EA} 2013-10-01 20:11 - 2013-10-01 20:21 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog 2013-10-01 19:30 - 2013-10-01 19:29 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-10-01 19:30 - 2013-10-01 19:29 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-10-01 19:30 - 2013-10-01 19:29 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-10-01 19:30 - 2013-10-01 19:29 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2013-10-01 19:29 - 2013-10-01 19:29 - 00000000 ____D C:\Program Files\Java 2013-10-01 19:15 - 2013-10-01 22:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-09-28 11:41 - 2013-09-28 11:41 - 00001274 _____ C:\Users\Ingo\Desktop\WebCam.lnk 2013-09-23 17:46 - 2013-10-03 09:25 - 00014782 _____ C:\Windows\PFRO.log 2013-09-23 17:46 - 2013-10-03 09:25 - 00000952 _____ C:\Windows\setupact.log 2013-09-23 17:46 - 2013-09-23 17:46 - 00000000 _____ C:\Windows\setuperr.log 2013-09-22 12:37 - 2013-10-03 12:46 - 01254042 _____ C:\Windows\WindowsUpdate.log 2013-09-11 22:37 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-11 22:37 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-11 22:37 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-09-11 22:37 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-11 22:37 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-11 22:37 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-11 22:37 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-11 22:37 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-11 22:37 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-11 22:37 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-11 22:37 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-09-11 22:37 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-09-11 22:37 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-09-11 22:37 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-09-11 22:37 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-09-11 22:37 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-09-11 22:37 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-09-11 22:37 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-09-11 22:37 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-09-11 22:37 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-09-11 22:37 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-09-11 22:37 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-09-11 22:37 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-09-11 22:37 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-09-11 22:37 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-09-11 22:37 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-11 22:37 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-09-11 22:37 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-09-11 22:37 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-09-11 22:36 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-11 22:36 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-09-11 20:29 - 2013-09-24 18:16 - 00000000 ____D C:\Users\Ingo\Desktop\Iris 2013-09-11 20:22 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2013-09-11 20:20 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-09-11 20:20 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-09-11 20:20 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2013-09-11 20:20 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-09-11 20:20 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2013-09-11 20:20 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2013-09-11 20:20 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2013-09-11 20:20 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2013-09-11 20:20 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-09-11 20:20 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-09-11 20:20 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-09-11 20:20 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-09-11 20:20 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2013-09-11 20:20 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2013-09-11 20:20 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2013-09-11 20:19 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2013-09-11 20:19 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-09-11 20:19 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-09-11 20:19 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-09-11 20:19 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-09-11 20:19 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-09-11 20:17 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-09-11 20:16 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2013-09-11 20:16 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2013-09-11 20:16 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-09-11 20:16 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-09-08 14:11 - 2013-09-08 14:11 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7 2013-09-05 19:37 - 2013-09-05 19:48 - 00000000 ____D C:\Users\Ingo\Desktop\Ahnenforschung ==================== One Month Modified Files and Folders ======= 2013-10-03 13:00 - 2010-08-31 21:05 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\clipdiary 2013-10-03 12:59 - 2012-03-31 22:10 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-03 12:51 - 2010-08-23 19:02 - 00000000 ____D C:\Users\Ingo 2013-10-03 12:46 - 2013-09-22 12:37 - 01254042 _____ C:\Windows\WindowsUpdate.log 2013-10-03 12:44 - 2012-02-02 09:56 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-03 12:44 - 2012-02-02 09:56 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-03 12:32 - 2013-01-22 21:06 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3237284612-487690776-1710373329-1001UA.job 2013-10-03 12:32 - 2013-01-22 21:06 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3237284612-487690776-1710373329-1001Core.job 2013-10-03 09:40 - 2009-07-14 06:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-03 09:40 - 2009-07-14 06:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-03 09:26 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-03 09:25 - 2013-09-23 17:46 - 00014782 _____ C:\Windows\PFRO.log 2013-10-03 09:25 - 2013-09-23 17:46 - 00000952 _____ C:\Windows\setupact.log 2013-10-02 21:36 - 2013-10-02 21:36 - 00000000 ____D C:\Windows\ERUNT 2013-10-02 20:34 - 2013-10-02 20:34 - 00000000 ____D C:\FRST 2013-10-02 20:23 - 2013-10-03 13:02 - 01954124 _____ (Farbar) C:\Users\Ingo\Desktop\FRST64.exe 2013-10-02 20:22 - 2013-10-02 08:38 - 00000000 ____D C:\Users\Ingo\Desktop\Trojanerboard Hilfen 2013-10-02 17:53 - 2012-07-04 20:05 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\KeePass 2013-10-02 17:52 - 2009-11-08 05:20 - 00700592 _____ C:\Windows\system32\perfh007.dat 2013-10-02 17:52 - 2009-11-08 05:20 - 00149356 _____ C:\Windows\system32\perfc007.dat 2013-10-02 17:52 - 2009-07-14 07:13 - 01622004 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-02 17:51 - 2012-09-14 18:21 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe 2 2013-10-02 17:15 - 2010-09-10 18:14 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CA70E5AD-9D55-49AB-9231-E8CBF2D6A45F} 2013-10-01 22:26 - 2013-10-01 19:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-10-01 21:41 - 2010-08-31 21:04 - 00000000 ___RD C:\Users\Ingo\Desktop\Wartung 2013-10-01 21:37 - 2012-04-23 20:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-10-01 21:36 - 2013-10-01 21:14 - 00000000 ____D C:\AdwCleaner 2013-10-01 21:34 - 2011-05-15 11:01 - 00000000 ____D C:\Program Files (x86)\NirSoft Utilities 2013-10-01 21:11 - 2013-10-01 21:11 - 00003152 _____ C:\Windows\System32\Tasks\{A968F0EA-B486-4AA9-A39A-1C751C1F20EA} 2013-10-01 20:21 - 2013-10-01 20:11 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog 2013-10-01 19:29 - 2013-10-01 19:30 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-10-01 19:29 - 2013-10-01 19:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-10-01 19:29 - 2013-10-01 19:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-10-01 19:29 - 2013-10-01 19:30 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2013-10-01 19:29 - 2013-10-01 19:29 - 00000000 ____D C:\Program Files\Java 2013-10-01 19:29 - 2013-01-22 23:25 - 01095080 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2013-10-01 19:29 - 2010-09-09 20:59 - 00973736 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2013-10-01 19:23 - 2009-11-07 22:02 - 00000000 ____D C:\Windows\SysWOW64\Adobe 2013-10-01 19:17 - 2010-08-23 21:50 - 00000000 ____D C:\Users\Ingo\AppData\Local\Mozilla 2013-10-01 18:48 - 2012-07-25 10:39 - 00004166 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-10-01 18:46 - 2010-08-23 20:47 - 00000000 ____D C:\Program Files (x86)\Avast5 2013-10-01 18:45 - 2010-08-23 20:47 - 00000000 _____ C:\Windows\SysWOW64\config.nt 2013-09-29 08:58 - 2010-10-11 20:41 - 00007680 _____ C:\Users\Ingo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-09-28 11:41 - 2013-09-28 11:41 - 00001274 _____ C:\Users\Ingo\Desktop\WebCam.lnk 2013-09-28 11:25 - 2013-03-05 21:35 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs 2013-09-24 18:16 - 2013-09-11 20:29 - 00000000 ____D C:\Users\Ingo\Desktop\Iris 2013-09-23 17:46 - 2013-09-23 17:46 - 00000000 _____ C:\Windows\setuperr.log 2013-09-22 12:37 - 2011-11-12 19:22 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-09-22 12:35 - 2009-09-07 03:57 - 00000000 ____D C:\Windows\Panther 2013-09-19 19:59 - 2012-03-31 22:10 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-09-19 19:59 - 2012-03-31 22:10 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-09-19 19:59 - 2011-05-21 12:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-09-15 10:48 - 2010-08-23 21:50 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\Mozilla 2013-09-13 19:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-09-12 19:53 - 2010-08-23 20:32 - 00000000 ___RD C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-12 19:53 - 2010-08-23 20:32 - 00000000 ___RD C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-09-12 19:53 - 2010-08-23 19:02 - 00000000 ___RD C:\Users\Ingo\Dokumente 2013-09-12 19:38 - 2009-07-14 06:45 - 00569096 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-11 22:36 - 2013-08-14 20:23 - 00000000 ____D C:\Windows\system32\MRT 2013-09-11 22:33 - 2010-08-23 21:06 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-09-11 22:33 - 2009-11-07 21:39 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-09-08 14:17 - 2011-05-03 12:00 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\vlc 2013-09-08 14:11 - 2013-09-08 14:11 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7 2013-09-08 14:11 - 2012-03-15 20:41 - 00000694 _____ C:\Users\UpdatusUser\Desktop\PhotoFiltre 7.lnk 2013-09-08 14:11 - 2012-03-15 20:41 - 00000694 _____ C:\Users\Gast\Desktop\PhotoFiltre 7.lnk 2013-09-08 14:11 - 2012-03-15 20:41 - 00000694 _____ C:\Users\Administrator\Desktop\PhotoFiltre 7.lnk 2013-09-05 19:48 - 2013-09-05 19:37 - 00000000 ____D C:\Users\Ingo\Desktop\Ahnenforschung Files to move or delete: ==================== C:\ProgramData\kp_0loor.pad ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-01 19:53 ==================== End Of Log ============================ Vielen Dank und schöne Grüße, imebro Geändert von imebro (03.10.2013 um 12:05 Uhr) |
04.10.2013, 01:49 | #6 |
/// the machine /// TB-Ausbilder | Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled () C:\ProgramData\kp_0loor.pad Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Noch Probleme?
__________________ --> Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab |
05.10.2013, 10:49 | #7 |
| Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab Hallo und danke für den weiteren Tipp. Hier die Fixlog.txt: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013 Ran by Ingo at 2013-10-04 22:15:38 Run:1 Running from C:\Users\Ingo\Desktop\Wartung\Trojanerboard Hilfen Boot Mode: Normal ============================================== Content of fixlist: ***************** Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled () C:\ProgramData\kp_0loor.pad ***************** C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled => Moved successfully. C:\ProgramData\kp_0loor.pad => Moved successfully. ==== End of Fixlog ==== Danke & schöne Grüße, imebro Was ich heute Morgen festgestellt habe, als ich das Laptop gestartet hatte, war, dass sich ein Explorer-Fenster öffnete mit folgendem Pfad: "C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled" Ich nehme an, das hat mit der LOG-Datei "Fixlog.txt" zu tun, da dieser Pfad auch dort genannt war. Passiert das jetzt bei jedem Start? Achjaaaa... muss ich jetzt noch etwas unternehmen? Im Grunde läuft alles ja wieder. Danke für Deine super Hilfe und schöne Grüße, imebro |
05.10.2013, 11:39 | #8 |
/// the machine /// TB-Ausbilder | Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab Zeig mal bitte einen Screenshot von dem Fenster und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
05.10.2013, 16:33 | #9 |
| Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab Hallo und danke. Hier der Link zum Screenshot: "hxxp://s7.directupload.net/file/d/3401/rqbkuodi_jpg.htm" ** keine Ahnung wie man hier einen Link einsetzt - funktioniert irgendwie nicht anders. Daher schreibe ich es nur einfach so rein (hxxp ersetzen durch http) ** Und hier das neue FRST-Log: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013 Ran by Ingo (administrator) on INGOS-LAPTOP on 05-10-2013 17:30:10 Running from C:\Users\Ingo\Desktop\Wartung\Trojanerboard Hilfen Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (IDT, Inc.) C:\PROGRAM FILES\IDT\WDM\STACSV64.EXE (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (NVIDIA Corporation) C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVXDSYNC.EXE (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (AVAST Software) C:\Program Files (x86)\Avast5\AvastSvc.exe () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe (Andrea Electronics Corporation) C:\PROGRAM FILES\IDT\WDM\AESTSR64.EXE (Alexander Seeliger Software) C:\Program Files (x86)\Backup Service Home 3\BSHService.exe (JAM Software) d:\Programme\UltraSearch\UltraSearch.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Uwe A. Ruttkamp) F:\DHCP-Server\dhcpsrv.exe (Intel(R) Corporation) C:\PROGRAM FILES\INTEL\WIFI\BIN\EVTENG.EXE (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NlsSrv32.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Entriq, Inc.) D:\programme\maxdome\DCBin\DCService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\REGSRVC.EXE () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE () D:\Programme\Clipdiary\ClipDiary.exe (Mirek Wojtowicz) C:\Program Files (x86)\MWSnap\MWSnap.exe (Secunia) D:\Programme\Secunia\PSI\PSIA.exe () D:\Programme\Desksave\DeskSave.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Jumping Bytes) C:\Program Files (x86)\PureSync\PureSyncTray.exe (Mister Group) D:\Programme\System Explorer\SystemExplorer.exe (Secunia) D:\Programme\Secunia\PSI\psi_tray.exe (Mister Group) D:\Programme\System Explorer\service\SystemExplorerService64.exe (Secunia) D:\Programme\Secunia\PSI\sua.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (AVAST Software) C:\Program Files (x86)\Avast5\AvastUI.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe (Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE (EJIE Technology) D:\Programme\Clover\clover.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2000-01-01] (IDT, Inc.) HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation) HKCU\...\Run: [clipdiary] - D:\Programme\Clipdiary\clipdiary.exe [208896 2007-05-22] () HKCU\...\Run: [MWSnap] - C:\Program Files (x86)\MWSnap\MWSnap.exe [427008 2002-07-06] (Mirek Wojtowicz) HKCU\...\Run: [DeskSave] - D:\Programme\Desksave\DeskSave.exe [82944 2008-07-26] () HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation) HKCU\...\Run: [PureSync] - C:\Program Files (x86)\PureSync\PureSyncTray.exe [907808 2013-04-29] (Jumping Bytes) HKCU\...\Run: [SystemExplorerAutoStart] - D:\Programme\System Explorer\SystemExplorer.exe [2610648 2012-06-18] (Mister Group) HKCU\...\Policies\system: [DisableLockWorkstation] 0 HKCU\...\Policies\system: [DisableChangePassword] 0 HKLM-x32\...\Run: [AdressLittle] - D:\Programme\Adress Little 2.0\ageb.exe [65536 2009-03-13] (Joachim Stroemer) HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company) HKLM-x32\...\Run: [avast] - C:\Program Files (x86)\Avast5\avastUI.exe [4858968 2013-08-30] (AVAST Software) HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2010624 2013-07-20] (Dominik Reichl) HKU\Administrator\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden HKU\Administrator\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW HKU\Administrator\...\Run: [clipdiary] - D:\Programme\Clipdiary\clipdiary.exe [208896 2007-05-22] () HKU\Administrator\...\Run: [DriverMax] - [x] HKU\Administrator\...\Run: [DriverMax_RESTART] - [x] HKU\Administrator\...\Run: [PC Suite Tray] - "D:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray HKU\Administrator\...\Run: [phonostarTimer] - D:\Programme\phonostar-Player\phonostarTimer.exe HKU\Administrator\...\Policies\system: [DisableLockWorkstation] 0 HKU\Administrator\...\Policies\system: [DisableChangePassword] 0 HKU\Gast\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden HKU\Gast\...\Run: [PC Suite Tray] - "D:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray HKU\Gast\...\Run: [SpywareTerminatorUpdate] - "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" HKU\Gast\...\Run: [ICQ] - C:\Users\Gast\AppData\Roaming\ICQ\Application\ICQ7.2\ICQ.exe [133432 2011-01-05] (ICQ, LLC.) HKU\Gast\...\Policies\system: [DisableLockWorkstation] 0 HKU\Gast\...\Policies\system: [DisableChangePassword] 0 Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk ShortcutTarget: Persbackup.lnk -> D:\Programme\Personal Backup 5\Persbackup.exe (J. Rathlev, IEAP, Uni-Kiel) Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQNOT/4 SearchScopes: HKLM - DefaultScope {D4F58562-A3C4-48B7-AE7B-98467EA87900} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {D4F58562-A3C4-48B7-AE7B-98467EA87900} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox SearchScopes: HKCU - {BA3E27DB-425D-4E00-AD57-83689D8ECADD} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} BHO: No Name - {11111111-1111-1111-1111-110311301136} - No File BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files (x86)\Avast5\aswWebRepIE64.dll (AVAST Software) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: ExplorerWatcher Class - {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} - d:\Programme\Clover\TabHelper64.dll (EJIE Technology) BHO-x32: No Name - {11111111-1111-1111-1111-110311301136} - No File BHO-x32: No Name - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - No File BHO-x32: No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files (x86)\Avast5\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: No Name - {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} - No File Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files (x86)\Avast5\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files (x86)\Avast5\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File DPF: HKLM-x32 {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [52272 2009-11-07] (EasyBits Software Corp.) ShellExecuteHooks-x32: - UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File [ ] Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{27B2EBF4-4FE1-4E15-85D3-A92B7F9110BF}: [NameServer]192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default FF NewTab: hxxp://www.google.de FF SearchEngineOrder.1: Google FF SelectedSearchEngine: Google FF Homepage: hxxp://www.google.de/ FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.1 - D:\Programme\VLC-Player\npvlc.dll No File FF Plugin: @videolan.org/vlc,version=2.1.0-git-20120125-2155 - D:\Programme\VLC-Player\npvlc.dll No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll No File FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - D:\Programme\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=1.1.11 - D:\Programme\VLC-Player\npvlc.dll No File FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Ingo\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Ingo\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Deutsches Wörterbuch, erweitert für Österreich - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\de-AT@dictionaries.addons.mozilla.org FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\de-DE@dictionaries.addons.mozilla(2).org FF Extension: Deutsches Wörterbuch - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\de-DE@dictionaries.addons.mozilla.org FF Extension: Fast Translation - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\fasttrans@kemot FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\fb_add_on@avm.de FF Extension: FlashFirebug - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\flashfirebug@o-minds.com FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\ich@maltegoetz.de FF Extension: Open Image In New Tab - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\imagetab@next.gen.nz FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\linkalert.conlan@addons.mozilla.com FF Extension: New Tab Button on Tab Right - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{05BF52F6-A4F9-48B9-84ED-F8D83762E619}(2) FF Extension: Garmin Communicator - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} FF Extension: Metal Lion - iCe - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{1AFC82C3-0154-4b09-878B-D68500EFBE76}(2) FF Extension: Html Validator - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} FF Extension: Modern Modoki - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{4a428302-5267-4749-bb22-459b3236695f}(2) FF Extension: Walnut for Firefox - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}(2) FF Extension: ColorZilla - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} FF Extension: Modern Aluminum - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{835A3F80-DF39-11D9-A0B5-000D0B3AEB26}(2) FF Extension: BugMeNot - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42} FF Extension: DownloadHelper - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: DownloadHelper - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2) FF Extension: Whitehart - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9}(2) FF Extension: Fox!Box - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8} FF Extension: Print - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{f199da35-0a9a-4ce9-8f59-c68524deba93} FF Extension: aeroimproved - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\aeroimproved@rsjtdrjgfuzkfg.com.xpi FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\Extensions.001 FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\Extensions.rdf FF Extension: firebug - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\firebug@software.joehewitt.com.xpi FF Extension: firebug - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\firebug@tools.sitepoint.com.xpi FF Extension: FirePHPExtension-Build - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\FirePHPExtension-Build@firephp.org.xpi FF Extension: guiconfig - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\guiconfig@slosd.net.xpi FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\installed-extensions.txt FF Extension: langpack-de - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\langpack-de@firefox.mozilla.org.xpi FF Extension: newtaburl - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\newtaburl@sogame.cat.xpi FF Extension: nosquint - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\nosquint@urandom.ca.xpi FF Extension: sroussey - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\sroussey@illumination-for-developers.com.xpi FF Extension: youtube2mp3 - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\youtube2mp3@mondayx.de.xpi FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}.xpi FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}.xpi FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF HKLM-x32\...\Firefox\Extensions: [PHPEditXdebugExtension@waterproof.fr] - C:\Program Files\PHPEdit\Tools\FirefoxExtension\unpacked FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files (x86)\Avast5\WebRep\FF FF Extension: avast! Online Security - C:\Program Files (x86)\Avast5\WebRep\FF FF HKCU\...\Firefox\Extensions: [finder@meingutscheincode.de] - C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox FF HKCU\...\Firefox\Extensions: [PHPEditXdebugExtension@waterproof.fr] - C:\Program Files\PHPEdit\Tools\FirefoxExtension\unpacked Chrome: ======= CHR Extension: (PHP Docs) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aofkhphjhkanpddmfmbckdlcajhnehlf\1.3_0 CHR Extension: (Web Developer) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4.1_0 CHR Extension: (YouTube) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0 CHR Extension: (Firebug Lite for Google Chrome\u2122) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0 CHR Extension: (Adblock Plus (Beta)) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0 CHR Extension: (Google Search) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0 CHR Extension: (Session Buddy) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko\2.1.3_0 CHR Extension: (avast! WebRep) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0 CHR Extension: (New Tab Redirect!) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.5_0 CHR Extension: (Mein Gutscheincode Finder) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfpelakfkbbkkdchaaaknckhoadkcbo\1.0.2_0 CHR Extension: (Popup HTML Editor) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjpagcblmlakmpcihopmpfknakkimjdh\0.2_0 CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.10_0 CHR Extension: (Stylebot) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiaejidbmkiecgbjeifoejpgmdaleoha\1.7.3.1_0 CHR Extension: (Gmail) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM-x32\...\Chrome\Extension: [jgfpelakfkbbkkdchaaaknckhoadkcbo] - C:\Program Files (x86)\Mein Gutscheincode Finder\Chrome\chrome-extension.crx CHR StartMenuInternet: Google Chrome - C:\Users\Ingo\AppData\Local\Google\Chrome\Application\chrome.exe CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 avast! Antivirus; C:\Program Files (x86)\Avast5\AvastSvc.exe [46808 2013-08-30] (AVAST Software) R2 Backup Service Home-Dienst; C:\Program Files (x86)\Backup Service Home 3\BSHService.exe [17920 2012-02-15] (Alexander Seeliger Software) R2 DHCPServer; F:\DHCP-Server\dhcpsrv.exe [106496 2011-12-17] (Uwe A. Ruttkamp) S3 MyWiFiDHCPDNS; C:\PROGRAM FILES\INTEL\WIFI\BIN\PANDHCPDNS.EXE [340240 2011-05-02] () R2 Prosieben; D:\programme\maxdome\DCBin\DCService.exe [77032 2009-05-01] (Entriq, Inc.) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] () S3 RServer3; C:\Windows\SysWOW64\rserver30\RServer3.exe [1246536 2007-10-31] (Famatech International Corp.) R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) R2 Secunia PSI Agent; D:\Programme\Secunia\PSI\PSIA.exe [993848 2011-01-10] (Secunia) R2 Secunia Update Agent; D:\Programme\Secunia\PSI\sua.exe [399416 2011-01-10] (Secunia) R3 SystemExplorerHelpService; D:\Programme\System Explorer\service\SystemExplorerService64.exe [807896 2012-05-21] (Mister Group) R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x] ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] () S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2009-12-18] () S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2009-12-18] () S3 CrystalSysInfo; D:\Programme\MediaCoder\SysInfoX64.sys [18128 2007-09-25] () R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [658944 2011-12-12] (Hauppauge Computer Works, Inc.) S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [19840 2011-12-12] (Hauppauge Computer Works, Inc.) R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () R3 mirrorv3; C:\Windows\System32\DRIVERS\rminiv3.sys [5632 2007-08-17] (Famatech International Corp.) R1 raddrvv3; C:\Windows\SysWOW64\rserver30\raddrvv3.sys [68632 2007-10-31] (Famatech International Corp.) S1 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [15672 2011-09-08] () R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-11-17] (Windows (R) 2000 DDK provider) R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-11-17] (Paragon) R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-11-17] (Paragon) U5 UnlockerDriver5; D:\Programme\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [x] S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-05 10:01 - 2013-10-05 16:15 - 00000112 _____ C:\Windows\setupact.log 2013-10-05 10:01 - 2013-10-05 10:01 - 00000000 _____ C:\Windows\setuperr.log 2013-10-05 09:59 - 2013-10-05 16:15 - 00000592 _____ C:\Windows\PFRO.log 2013-10-02 21:36 - 2013-10-02 21:36 - 00000000 ____D C:\Windows\ERUNT 2013-10-02 20:34 - 2013-10-02 20:34 - 00000000 ____D C:\FRST 2013-10-01 21:14 - 2013-10-01 21:36 - 00000000 ____D C:\AdwCleaner 2013-10-01 21:11 - 2013-10-01 21:11 - 00003152 _____ C:\Windows\System32\Tasks\{A968F0EA-B486-4AA9-A39A-1C751C1F20EA} 2013-10-01 20:11 - 2013-10-01 20:21 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog 2013-10-01 19:30 - 2013-10-01 19:29 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-10-01 19:30 - 2013-10-01 19:29 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-10-01 19:30 - 2013-10-01 19:29 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-10-01 19:30 - 2013-10-01 19:29 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2013-10-01 19:29 - 2013-10-01 19:29 - 00000000 ____D C:\Program Files\Java 2013-10-01 19:15 - 2013-10-01 22:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-09-28 11:41 - 2013-09-28 11:41 - 00001274 _____ C:\Users\Ingo\Desktop\WebCam.lnk 2013-09-22 12:37 - 2013-10-05 16:22 - 01479143 _____ C:\Windows\WindowsUpdate.log 2013-09-11 22:37 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-11 22:37 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-11 22:37 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-09-11 22:37 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-11 22:37 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-11 22:37 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-11 22:37 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-11 22:37 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-11 22:37 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-11 22:37 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-11 22:37 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-09-11 22:37 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-09-11 22:37 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-09-11 22:37 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-09-11 22:37 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-09-11 22:37 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-09-11 22:37 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-09-11 22:37 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-09-11 22:37 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-09-11 22:37 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-09-11 22:37 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-09-11 22:37 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-09-11 22:37 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-09-11 22:37 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-09-11 22:37 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-09-11 22:37 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-11 22:37 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-09-11 22:37 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-09-11 22:37 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-09-11 22:36 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-11 22:36 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-09-11 20:29 - 2013-09-24 18:16 - 00000000 ____D C:\Users\Ingo\Desktop\Iris 2013-09-11 20:22 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2013-09-11 20:20 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-09-11 20:20 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-09-11 20:20 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2013-09-11 20:20 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-09-11 20:20 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2013-09-11 20:20 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2013-09-11 20:20 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2013-09-11 20:20 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2013-09-11 20:20 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-09-11 20:20 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-09-11 20:20 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-09-11 20:20 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-09-11 20:20 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2013-09-11 20:20 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2013-09-11 20:20 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2013-09-11 20:19 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2013-09-11 20:19 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-09-11 20:19 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-09-11 20:19 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-09-11 20:19 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-09-11 20:19 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-09-11 20:19 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-09-11 20:17 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-09-11 20:16 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2013-09-11 20:16 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2013-09-11 20:16 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-09-11 20:16 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-09-08 14:11 - 2013-09-08 14:11 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7 2013-09-05 19:37 - 2013-09-05 19:48 - 00000000 ____D C:\Users\Ingo\Desktop\Ahnenforschung ==================== One Month Modified Files and Folders ======= 2013-10-05 17:28 - 2010-08-31 21:05 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\clipdiary 2013-10-05 17:06 - 2010-08-23 19:02 - 00000000 ____D C:\Users\Ingo 2013-10-05 16:59 - 2012-03-31 22:10 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-05 16:44 - 2012-02-02 09:56 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-05 16:36 - 2013-01-22 21:06 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3237284612-487690776-1710373329-1001UA.job 2013-10-05 16:24 - 2009-07-14 06:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-05 16:24 - 2009-07-14 06:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-05 16:22 - 2013-09-22 12:37 - 01479143 _____ C:\Windows\WindowsUpdate.log 2013-10-05 16:21 - 2009-11-08 05:20 - 00700592 _____ C:\Windows\system32\perfh007.dat 2013-10-05 16:21 - 2009-11-08 05:20 - 00149356 _____ C:\Windows\system32\perfc007.dat 2013-10-05 16:21 - 2009-07-14 07:13 - 01622004 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-05 16:17 - 2012-07-25 10:39 - 00004166 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-10-05 16:15 - 2013-10-05 10:01 - 00000112 _____ C:\Windows\setupact.log 2013-10-05 16:15 - 2013-10-05 09:59 - 00000592 _____ C:\Windows\PFRO.log 2013-10-05 16:15 - 2012-02-02 09:56 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-05 16:15 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-05 12:51 - 2010-08-31 21:14 - 00000000 ____D C:\Users\Ingo\Desktop\Tools 2013-10-05 12:32 - 2013-01-22 21:06 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3237284612-487690776-1710373329-1001Core.job 2013-10-05 10:14 - 2010-09-10 18:14 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CA70E5AD-9D55-49AB-9231-E8CBF2D6A45F} 2013-10-05 10:01 - 2013-10-05 10:01 - 00000000 _____ C:\Windows\setuperr.log 2013-10-04 22:42 - 2011-11-12 19:22 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-10-03 17:40 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-10-03 13:38 - 2010-08-31 21:04 - 00000000 ___RD C:\Users\Ingo\Desktop\Wartung 2013-10-02 21:36 - 2013-10-02 21:36 - 00000000 ____D C:\Windows\ERUNT 2013-10-02 20:34 - 2013-10-02 20:34 - 00000000 ____D C:\FRST 2013-10-02 17:53 - 2012-07-04 20:05 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\KeePass 2013-10-02 17:51 - 2012-09-14 18:21 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe 2 2013-10-01 22:26 - 2013-10-01 19:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-10-01 21:37 - 2012-04-23 20:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-10-01 21:36 - 2013-10-01 21:14 - 00000000 ____D C:\AdwCleaner 2013-10-01 21:34 - 2011-05-15 11:01 - 00000000 ____D C:\Program Files (x86)\NirSoft Utilities 2013-10-01 21:11 - 2013-10-01 21:11 - 00003152 _____ C:\Windows\System32\Tasks\{A968F0EA-B486-4AA9-A39A-1C751C1F20EA} 2013-10-01 20:21 - 2013-10-01 20:11 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog 2013-10-01 19:29 - 2013-10-01 19:30 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-10-01 19:29 - 2013-10-01 19:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-10-01 19:29 - 2013-10-01 19:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-10-01 19:29 - 2013-10-01 19:30 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2013-10-01 19:29 - 2013-10-01 19:29 - 00000000 ____D C:\Program Files\Java 2013-10-01 19:29 - 2013-01-22 23:25 - 01095080 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2013-10-01 19:29 - 2010-09-09 20:59 - 00973736 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2013-10-01 19:23 - 2009-11-07 22:02 - 00000000 ____D C:\Windows\SysWOW64\Adobe 2013-10-01 19:17 - 2010-08-23 21:50 - 00000000 ____D C:\Users\Ingo\AppData\Local\Mozilla 2013-10-01 18:46 - 2010-08-23 20:47 - 00000000 ____D C:\Program Files (x86)\Avast5 2013-10-01 18:45 - 2010-08-23 20:47 - 00000000 _____ C:\Windows\SysWOW64\config.nt 2013-09-29 08:58 - 2010-10-11 20:41 - 00007680 _____ C:\Users\Ingo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-09-28 11:41 - 2013-09-28 11:41 - 00001274 _____ C:\Users\Ingo\Desktop\WebCam.lnk 2013-09-28 11:25 - 2013-03-05 21:35 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs 2013-09-24 18:16 - 2013-09-11 20:29 - 00000000 ____D C:\Users\Ingo\Desktop\Iris 2013-09-22 12:35 - 2009-09-07 03:57 - 00000000 ____D C:\Windows\Panther 2013-09-19 19:59 - 2012-03-31 22:10 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-09-19 19:59 - 2012-03-31 22:10 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-09-19 19:59 - 2011-05-21 12:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-09-15 10:48 - 2010-08-23 21:50 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\Mozilla 2013-09-13 19:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-09-12 19:53 - 2010-08-23 20:32 - 00000000 ___RD C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-12 19:53 - 2010-08-23 20:32 - 00000000 ___RD C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-09-12 19:53 - 2010-08-23 19:02 - 00000000 ___RD C:\Users\Ingo\Dokumente 2013-09-12 19:38 - 2009-07-14 06:45 - 00569096 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-11 22:36 - 2013-08-14 20:23 - 00000000 ____D C:\Windows\system32\MRT 2013-09-11 22:33 - 2010-08-23 21:06 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-09-11 22:33 - 2009-11-07 21:39 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-09-08 14:17 - 2011-05-03 12:00 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\vlc 2013-09-08 14:11 - 2013-09-08 14:11 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7 2013-09-08 14:11 - 2012-03-15 20:41 - 00000694 _____ C:\Users\UpdatusUser\Desktop\PhotoFiltre 7.lnk 2013-09-08 14:11 - 2012-03-15 20:41 - 00000694 _____ C:\Users\Gast\Desktop\PhotoFiltre 7.lnk 2013-09-08 14:11 - 2012-03-15 20:41 - 00000694 _____ C:\Users\Administrator\Desktop\PhotoFiltre 7.lnk 2013-09-05 19:48 - 2013-09-05 19:37 - 00000000 ____D C:\Users\Ingo\Desktop\Ahnenforschung ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-01 19:53 ==================== End Of Log ============================ Schöne Grüße, imebro Geändert von imebro (05.10.2013 um 16:57 Uhr) |
05.10.2013, 19:47 | #10 |
/// the machine /// TB-Ausbilder | Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab Navigiere im Explorer mal zu dem angegebenen Autostart Ordner und lösche was drin is. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKCU\...\Run: [SystemExplorerAutoStart] - D:\Programme\System Explorer\SystemExplorer.exe [2610648 2012-06-18] (Mister Group) Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled () Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
06.10.2013, 09:35 | #11 |
| Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab Hallo... Hier die Fixlog.txt: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013 Ran by Ingo at 2013-10-05 21:13:53 Run:2 Running from C:\Users\Ingo\Desktop\Wartung\Trojanerboard Hilfen Boot Mode: Normal ============================================== Content of fixlist: ***************** HKCU\...\Run: [SystemExplorerAutoStart] - D:\Programme\System Explorer\SystemExplorer.exe [2610648 2012-06-18] (Mister Group) Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled () ***************** HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\SystemExplorerAutoStart => Value deleted successfully. "C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled" => Could not move. ==== End of Fixlog ==== imebro --------------------------- Und auch heute Morgen wurde beim Start des Laptops wieder das Explorer-Fenster geöffnet "SystemExplorerDisab". Hier der Screenshot: Oder hier wieder der Direktlink (wieder hxxp durch http ersetzen): hxxp://www.bilder-hochladen.net/files/erc4-3-eccb.jpg Wie kann ich das verhindern? Danke & schöne Grüße, imebro Geändert von imebro (06.10.2013 um 09:41 Uhr) |
06.10.2013, 16:39 | #12 |
/// the machine /// TB-Ausbilder | Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
06.10.2013, 19:06 | #13 |
| Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab OK... habe die OTL-Logfiles nun erstellt. Logfile 1: OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.10.2013 19:31:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ingo\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16686) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 36,15% Memory free 7,93 Gb Paging File | 5,02 Gb Available in Paging File | 63,22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 125,46 Gb Total Space | 48,73 Gb Free Space | 38,84% Space Free | Partition Type: NTFS Drive D: | 88,36 Gb Total Space | 77,89 Gb Free Space | 88,15% Space Free | Partition Type: NTFS Drive F: | 19,53 Gb Total Space | 6,90 Gb Free Space | 35,33% Space Free | Partition Type: NTFS Drive G: | 37,11 Gb Total Space | 11,07 Gb Free Space | 29,84% Space Free | Partition Type: NTFS Drive H: | 14,67 Gb Total Space | 7,92 Gb Free Space | 54,01% Space Free | Partition Type: NTFS Drive X: | 12,76 Gb Total Space | 2,13 Gb Free Space | 16,69% Space Free | Partition Type: NTFS Computer Name: INGOS-LAPTOP | User Name: Ingo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Ingo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Users\Ingo\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Program Files (x86)\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\PureSync\PureSyncTray.exe (Jumping Bytes) PRC - d:\Programme\UltraSearch\UltraSearch.exe (JAM Software) PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - F:\DHCP-Server\dhcpsrv.exe (Uwe A. Ruttkamp) PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - D:\Programme\Secunia\PSI\psia.exe (Secunia) PRC - D:\Programme\Secunia\PSI\sua.exe (Secunia) PRC - D:\Programme\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\LVPrS64H.exe (Logitech Inc.) PRC - C:\Windows\SysWOW64\NlsSrv32.exe (Nalpeiron Ltd.) PRC - D:\Programme\maxdome\DCBin\DCService.exe (Entriq, Inc.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () PRC - D:\Programme\Desksave\DeskSave.exe () PRC - D:\Programme\Clipdiary\ClipDiary.exe () PRC - C:\Program Files (x86)\MWSnap\MWSnap.exe (Mirek Wojtowicz) ========== Modules (No Company Name) ========== MOD - C:\Users\Ingo\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - D:\Programme\FileZilla FTP Client\fzshellext.dll () MOD - C:\Users\Ingo\AppData\Roaming\Dropbox\bin\libcef.dll () MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll () MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll () MOD - D:\Programme\Desksave\DeskSave.exe () MOD - D:\Programme\Clipdiary\ClipDiary.exe () MOD - D:\Programme\Clipdiary\sqlite3.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (avast! Antivirus) -- C:\Program Files (x86)\Avast5\AvastSvc.exe (AVAST Software) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (SystemExplorerHelpService) -- D:\Programme\System Explorer\service\SystemExplorerService64.exe (Mister Group) SRV - (SamsungAllShareV2.0) -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.) SRV - (SimpleSlideShowServer) -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe (Samsung Electronics Co., Ltd.) SRV - (Backup Service Home-Dienst) -- C:\Program Files (x86)\Backup Service Home 3\BSHService.exe (Alexander Seeliger Software) SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (DHCPServer) -- F:\DHCP-Server\dhcpsrv.exe (Uwe A. Ruttkamp) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe () SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Secunia PSI Agent) -- D:\Programme\Secunia\PSI\psia.exe (Secunia) SRV - (Secunia Update Agent) -- D:\Programme\Secunia\PSI\sua.exe (Secunia) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (LVPrcS64) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (nlsX86cc) -- C:\Windows\SysWOW64\NlsSrv32.exe (Nalpeiron Ltd.) SRV - (Prosieben) -- D:\programme\maxdome\DCBin\DCService.exe (Entriq, Inc.) SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) SRV - (AAV UpdateService) -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () SRV - (RServer3) -- C:\Windows\SysWOW64\rserver30\RServer3.exe (Famatech International Corp.) SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.) SRV - (AESTFilters) -- C:\Programme\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys () DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys () DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (hcw95rc) -- C:\Windows\SysNative\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hcw95bda) -- C:\Windows\SysNative\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon) DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows (R) 2000 DDK provider) DRV:64bit: - (Uim_VIM) -- C:\Windows\SysNative\drivers\uim_vimx64.sys (Paragon) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys () DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia) DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys () DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.) DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys () DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys () DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (NETw1v64) -- C:\Windows\SysNative\drivers\NETw1v64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (mirrorv3) -- C:\Windows\SysNative\drivers\rminiv3.sys (Famatech International Corp.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV - (cleanhlp) -- D:\Programme\Emsisoft Emergency Kit\Run\cleanhlp64.sys (Emsisoft GmbH) DRV - (UnlockerDriver5) -- D:\Programme\Unlocker\UnlockerDriver5.sys () DRV - (cpudrv64) -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys () DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (raddrvv3) -- C:\Windows\SysWOW64\rserver30\raddrvv3.sys (Famatech International Corp.) DRV - (CrystalSysInfo) -- D:\Programme\MediaCoder\SysInfoX64.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D4F58562-A3C4-48B7-AE7B-98467EA87900} IE:64bit: - HKLM\..\SearchScopes\{D4F58562-A3C4-48B7-AE7B-98467EA87900}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{D4F58562-A3C4-48B7-AE7B-98467EA87900}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQNOT/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com IE - HKCU\..\SearchScopes,DefaultScope = {D4F58562-A3C4-48B7-AE7B-98467EA87900} IE - HKCU\..\SearchScopes\{BA3E27DB-425D-4E00-AD57-83689D8ECADD}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} IE - HKCU\..\SearchScopes\{D4F58562-A3C4-48B7-AE7B-98467EA87900}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2 FF - prefs.js..extensions.enabledItems: de-AT@dictionaries.addons.mozilla.org:2.0.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: {2E18002D-DF43-4c65-9FDA-40D02F066D9E}:1.6.1 FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.1.1 FF - prefs.js..extensions.enabledItems: fb_add_on@avm.de:1.5.5 FF - prefs.js..extensions.enabledItems: {cdbbb3f6-a50e-4b20-a154-5fcbb3bbf43d}:1.2.6 FF - prefs.js..extensions.enabledItems: linkalert.conlan@addons.mozilla.com:1.0.1 FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.2 FF - prefs.js..extensions.enabledItems: imagetab@next.gen.nz:1.1 FF - prefs.js..extensions.enabledItems: {c151d79e-e61b-4a90-a887-5a46d38fba99}:2.6 FF - prefs.js..extensions.enabledItems: {f199da35-0a9a-4ce9-8f59-c68524deba93}:0.3.3 FF - prefs.js..extensions.enabledItems: {9ab67d74-ec41-4cb2-b417-df5d93ba1beb}:1.5.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: info@youtube-mp3.org:1.0.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: D:\Programme\VLC-Player\npvlc.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0-git-20120125-2155: D:\Programme\VLC-Player\npvlc.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: D:\Programme\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: D:\Programme\VLC-Player\npvlc.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ingo\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ingo\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\PHPEditXdebugExtension@waterproof.fr: C:\Program Files\PHPEdit\Tools\FirefoxExtension\unpacked FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files (x86)\Avast5\WebRep\FF [2013.10.01 18:45:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.10.01 19:15:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.10.01 19:15:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\PHPEditXdebugExtension@waterproof.fr: C:\Program Files\PHPEdit\Tools\FirefoxExtension\unpacked [2010.12.20 20:44:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\Extensions [2010.12.20 20:44:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de [2013.10.01 21:35:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions [2010.08.26 21:41:48 | 000,000,000 | ---D | M] (New Tab Button Position) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{05BF52F6-A4F9-48B9-84ED-F8D83762E619} [2010.08.26 21:41:48 | 000,000,000 | ---D | M] (New Tab Button on Tab Right) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{05BF52F6-A4F9-48B9-84ED-F8D83762E619}(2) [2010.08.26 21:41:47 | 000,000,000 | ---D | M] ("Open Long Url [de]") -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{10F04CC7-50E2-4564-99EC-6E9B27985908} [2010.08.26 21:41:46 | 000,000,000 | ---D | M] (Metal Lion - iCe) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{1AFC82C3-0154-4b09-878B-D68500EFBE76}(2) [2010.08.26 21:41:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.26 21:41:44 | 000,000,000 | ---D | M] (Extended Copy Menu) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{2E18002D-DF43-4c65-9FDA-40D02F066D9E} [2010.08.26 21:41:44 | 000,000,000 | ---D | M] (Modern Modoki) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{4a428302-5267-4749-bb22-459b3236695f}(2) [2010.08.26 21:41:43 | 000,000,000 | ---D | M] (Walnut for Firefox) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}(2) [2010.08.26 21:41:43 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467} [2010.08.26 21:41:42 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2010.08.26 21:41:39 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.08.26 21:41:35 | 000,000,000 | ---D | M] (TableTools) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{7C7F5C11-4ACD-4CDB-9293-2E3F46654E2A} [2010.08.26 21:41:34 | 000,000,000 | ---D | M] (Modern Aluminum) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{835A3F80-DF39-11D9-A0B5-000D0B3AEB26}(2) [2010.08.26 21:41:34 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42} [2010.08.26 21:41:34 | 000,000,000 | ---D | M] (Table2Clipboard) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb} [2010.08.26 21:41:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.08.26 21:41:30 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2) [2010.08.26 21:41:29 | 000,000,000 | ---D | M] (Pearl Crescent Page Saver Basic) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99} [2010.08.26 21:41:28 | 000,000,000 | ---D | M] (Plain Text to Link [de]) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{C90B0826-5A17-4970-A5BF-A43D22452E21} [2010.08.26 21:41:26 | 000,000,000 | ---D | M] (JavaScript Options) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{cdbbb3f6-a50e-4b20-a154-5fcbb3bbf43d} [2010.08.26 21:41:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.08.26 21:41:24 | 000,000,000 | ---D | M] (Whitehart) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9}(2) [2010.08.26 21:41:22 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.08.26 21:41:21 | 000,000,000 | ---D | M] (Print) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{f199da35-0a9a-4ce9-8f59-c68524deba93} [2010.08.26 21:41:21 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb} [2010.08.26 21:42:06 | 000,000,000 | ---D | M] (German Dictionary, extended for Austria) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\de-AT@dictionaries.addons.mozilla.org [2010.08.26 21:41:54 | 000,000,000 | ---D | M] ("Deutsches Wörterbuch">) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\de-DE@dictionaries.addons.mozilla(2).org [2010.08.26 21:41:50 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\fb_add_on@avm.de [2010.08.26 21:41:49 | 000,000,000 | ---D | M] (Open Image In New Tab) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\imagetab@next.gen.nz [2010.08.26 21:41:49 | 000,000,000 | ---D | M] (YouTube mp3) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\info@youtube-mp3.org [2010.08.26 21:41:48 | 000,000,000 | ---D | M] ("Link Alert") -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\linkalert.conlan@addons.mozilla.com [2013.10.04 20:57:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions [2010.08.26 22:11:32 | 000,000,000 | ---D | M] (New Tab Button on Tab Right) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\{05BF52F6-A4F9-48B9-84ED-F8D83762E619}(2) [2012.12.01 11:55:27 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2010.08.26 22:11:32 | 000,000,000 | ---D | M] (Metal Lion - iCe) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\{1AFC82C3-0154-4b09-878B-D68500EFBE76}(2) [2012.11.29 18:51:52 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} [2010.08.26 22:11:32 | 000,000,000 | ---D | M] (Modern Modoki) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\{4a428302-5267-4749-bb22-459b3236695f}(2) [2010.08.26 22:11:33 | 000,000,000 | ---D | M] (Walnut for Firefox) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}(2) [2012.08.02 08:29:08 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2010.08.26 22:11:33 | 000,000,000 | ---D | M] (Modern Aluminum) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\{835A3F80-DF39-11D9-A0B5-000D0B3AEB26}(2) [2010.08.26 22:11:34 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42} [2013.08.28 20:09:11 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.08.26 22:11:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2) [2010.08.26 22:11:36 | 000,000,000 | ---D | M] (Whitehart) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9}(2) [2011.01.22 15:17:50 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8} [2011.02.17 19:36:05 | 000,000,000 | ---D | M] (Print) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\{f199da35-0a9a-4ce9-8f59-c68524deba93} [2012.10.14 15:59:40 | 000,000,000 | ---D | M] (German Dictionary, extended for Austria) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\de-AT@dictionaries.addons.mozilla.org [2010.08.26 22:11:31 | 000,000,000 | ---D | M] ("Deutsches Wörterbuch">) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\de-DE@dictionaries.addons.mozilla(2).org [2012.10.14 15:59:40 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\de-DE@dictionaries.addons.mozilla.org [2013.07.21 17:19:05 | 000,000,000 | ---D | M] (Fast Translation) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\fasttrans@kemot [2013.04.14 09:36:37 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\fb_add_on@avm.de [2013.06.22 14:59:43 | 000,000,000 | ---D | M] (FlashFirebug) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\flashfirebug@o-minds.com [2013.07.25 16:09:51 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\ich@maltegoetz.de [2010.08.26 22:11:32 | 000,000,000 | ---D | M] (Open Image In New Tab) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\imagetab@next.gen.nz [2011.03.16 19:22:46 | 000,000,000 | ---D | M] ("Link Alert") -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\linkalert.conlan@addons.mozilla.com [2006.11.08 22:56:36 | 000,461,885 | ---- | M] () (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\lo97a2qd.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}(2)\chrome(2)\tmp.xpi [2006.11.08 22:45:26 | 000,290,557 | ---- | M] () (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\lo97a2qd.default\extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9}(2)\chrome(2)\tmp.xpi [2013.07.02 19:25:32 | 000,853,030 | ---- | M] () (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\extensions\aeroimproved@rsjtdrjgfuzkfg.com.xpi [2013.10.04 20:57:12 | 002,209,401 | ---- | M] () (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\extensions\firebug@software.joehewitt.com.xpi [2012.04.19 20:45:38 | 000,870,767 | ---- | M] () (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\extensions\firebug@tools.sitepoint.com.xpi [2013.09.07 16:36:58 | 000,084,201 | ---- | M] () (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\extensions\FirePHPExtension-Build@firephp.org.xpi [2011.10.19 14:08:19 | 000,174,405 | ---- | M] () (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\extensions\guiconfig@slosd.net.xpi [2013.10.01 19:17:54 | 000,348,387 | ---- | M] () (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\extensions\langpack-de@firefox.mozilla.org.xpi [2013.10.02 23:09:38 | 000,051,994 | ---- | M] () (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\extensions\newtaburl@sogame.cat.xpi [2013.05.04 09:13:34 | 000,114,250 | ---- | M] () (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\extensions\nosquint@urandom.ca.xpi [2013.08.03 11:24:46 | 000,276,275 | ---- | M] () (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\extensions\sroussey@illumination-for-developers.com.xpi [2012.03.01 20:11:10 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\extensions\youtube2mp3@mondayx.de.xpi [2011.08.12 19:36:49 | 000,031,532 | ---- | M] () (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}.xpi [2013.08.02 10:44:07 | 000,224,035 | ---- | M] () (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012.07.20 16:24:40 | 000,111,899 | ---- | M] () (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}.xpi [2013.07.31 09:39:45 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2006.11.08 22:56:36 | 000,461,885 | ---- | M] () (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}(2)\chrome(2)\tmp.xpi [2006.11.08 22:45:26 | 000,290,557 | ---- | M] () (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9}(2)\chrome(2)\tmp.xpi [2013.10.01 19:15:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013.10.01 19:15:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B} File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\{2E18002D-DF43-4C65-9FDA-40D02F066D9E} File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\{66E978CD-981F-47DF-AC42-E3CF417C1467} File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\{6AC85730-7D0F-4DE0-B3FA-21142DD85326} File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\{987311C6-B504-4AA2-90BF-60CC49808D42} File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\{9AB67D74-EC41-4CB2-B417-DF5D93BA1BEB} File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C} File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D} File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\{C151D79E-E61B-4A90-A887-5A46D38FBA99} File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\{C50CA3C4-5656-43C2-A061-13E717F73FC8} File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\{CDBBB3F6-A50E-4B20-A154-5FCBB3BBF43D} File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D} File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8} File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\{F199DA35-0A9A-4CE9-8F59-C68524DEBA93} File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\DE-AT@DICTIONARIES.ADDONS.MOZILLA.ORG File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\FB_ADD_ON@AVM.DE File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\IMAGETAB@NEXT.GEN.NZ File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\INFO@YOUTUBE-MP3.ORG File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\LINKALERT.CONLAN@ADDONS.MOZILLA.COM File not found (No name found) -- D:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} File not found (No name found) -- D:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} File not found (No name found) -- D:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} File not found (No name found) -- D:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} File not found (No name found) -- D:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} File not found (No name found) -- D:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.09.21 20:48:15 | 000,065,536 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npfoxitpdf.dll [2010.10.27 14:41:47 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2009.08.03 15:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npOGAPlugin.dll ========== Chrome ========== CHR - homepage: CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: CHR - Extension: No name found = C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aofkhphjhkanpddmfmbckdlcajhnehlf\1.3_0\ CHR - Extension: No name found = C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4.1_0\ CHR - Extension: No name found = C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0\ CHR - Extension: No name found = C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\ CHR - Extension: No name found = C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko\2.1.3_0\ CHR - Extension: No name found = C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\ CHR - Extension: No name found = C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\ CHR - Extension: No name found = C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.5_0\ CHR - Extension: No name found = C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfpelakfkbbkkdchaaaknckhoadkcbo\1.0.2_0\ CHR - Extension: No name found = C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjpagcblmlakmpcihopmpfknakkimjdh\0.2_0\ CHR - Extension: No name found = C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.10_0\ CHR - Extension: No name found = C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.9_0\ CHR - Extension: No name found = C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiaejidbmkiecgbjeifoejpgmdaleoha\1.7.3.1_0\ CHR - Extension: No name found = C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiaejidbmkiecgbjeifoejpgmdaleoha\1.7_0\ CHR - Extension: No name found = C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (no name) - {11111111-1111-1111-1111-110311301136} - No CLSID value found. O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files (x86)\Avast5\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (ExplorerWatcher Class) - {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} - d:\Programme\Clover\TabHelper64.dll (EJIE Technology) O2 - BHO: (no name) - {11111111-1111-1111-1111-110311301136} - No CLSID value found. O2 - BHO: (no name) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - No CLSID value found. O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files (x86)\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files (x86)\Avast5\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files (x86)\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [AdressLittle] D:\Programme\Adress Little 2.0\ageb.exe (Joachim Stroemer) O4 - HKLM..\Run: [avast] C:\Program Files (x86)\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKCU..\Run: [clipdiary] D:\Programme\Clipdiary\ClipDiary.exe () O4 - HKCU..\Run: [DeskSave] D:\Programme\Desksave\DeskSave.exe () O4 - HKCU..\Run: [MWSnap] C:\Program Files (x86)\MWSnap\MWSnap.exe (Mirek Wojtowicz) O4 - HKCU..\Run: [PureSync] C:\Program Files (x86)\PureSync\PureSyncTray.exe (Jumping Bytes) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ingo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk = D:\Programme\Personal Backup 5\Persbackup.exe (J. Rathlev, IEAP, Uni-Kiel) O4 - Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled [2013.10.04 22:15:38 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: add to &BOM - D:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta () O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Ingo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ingo\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm File not found O8 - Extra context menu item: add to &BOM - D:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: Free YouTube Download - C:\Users\Ingo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ingo\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.7.0_01) O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27B2EBF4-4FE1-4E15-85D3-A92B7F9110BF}: NameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0DE66A5-7F08-4BB9-B55E-D34FE758B7CE}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O28 - HKLM ShellExecuteHooks: UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.03.12 23:30:26 | 000,000,000 | ---D | M] - F:\Auto-Shutdown -- [ NTFS ] O32 - AutoRun File - [2010.08.24 20:32:47 | 000,000,000 | ---D | M] - F:\Autoruns -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.10.06 19:30:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ingo\Desktop\OTL.exe [2013.10.06 15:36:08 | 000,000,000 | ---D | C] -- C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2013.10.06 15:35:04 | 000,000,000 | ---D | C] -- C:\Users\Ingo\AppData\Roaming\Dropbox [2013.10.05 18:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013.10.02 21:36:27 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.10.02 20:34:46 | 000,000,000 | ---D | C] -- C:\FRST [2013.10.01 21:14:50 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2013.10.01 19:34:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.10.01 19:30:17 | 000,312,744 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.10.01 19:30:08 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013.10.01 19:30:08 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013.10.01 19:30:08 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.10.01 19:30:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [2013.10.01 19:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.10.01 19:15:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.09.28 11:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2013.09.11 22:37:20 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.09.11 22:37:20 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.09.11 22:37:17 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.09.11 22:37:17 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.09.11 22:37:17 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.09.11 22:37:17 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.09.11 22:37:16 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.09.11 22:37:16 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.09.11 22:37:16 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.09.11 22:37:16 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.09.11 22:37:15 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.09.11 22:37:11 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.09.11 22:37:10 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.09.11 22:37:10 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.09.11 22:37:09 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.09.11 20:29:43 | 000,000,000 | ---D | C] -- C:\Users\Ingo\Desktop\Iris [2013.09.11 20:22:48 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys [2013.09.11 20:20:10 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.09.11 20:20:09 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.09.11 20:20:08 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.09.11 20:20:07 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013.09.11 20:20:06 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.09.11 20:20:04 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.09.11 20:20:02 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.09.11 20:20:01 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.09.11 20:20:01 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.09.11 20:20:00 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.09.11 20:20:00 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.09.11 20:20:00 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.09.11 20:19:59 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.09.11 20:19:59 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.09.11 20:19:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.09.11 20:19:58 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.09.11 20:19:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.09.11 20:19:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.09.11 20:19:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.09.11 20:19:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.09.11 20:19:56 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.09.11 20:19:52 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.09.11 20:19:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.09.11 20:19:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.09.11 20:19:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.09.11 20:19:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.09.11 20:19:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.09.11 20:19:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.09.11 20:19:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.09.11 20:19:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.09.11 20:19:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.09.11 20:19:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.09.11 20:19:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.09.11 20:19:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.09.11 20:19:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.09.11 20:19:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.09.11 20:19:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.09.11 20:19:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.09.11 20:19:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.09.11 20:19:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.09.11 20:19:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.09.11 20:19:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.09.11 20:19:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.09.11 20:19:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.09.11 20:19:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.09.11 20:19:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.09.11 20:19:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.09.11 20:19:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.09.11 20:19:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.09.11 20:19:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.09.11 20:19:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.09.11 20:19:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.09.11 20:19:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.09.11 20:19:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.09.11 20:19:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.09.11 20:19:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.09.11 20:19:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.09.11 20:19:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.09.11 20:19:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.09.11 20:19:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.09.11 20:19:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.09.11 20:19:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.09.11 20:19:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.09.11 20:19:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.09.11 20:19:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.09.11 20:19:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.09.11 20:19:21 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.09.11 20:19:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.09.11 20:19:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.09.11 20:19:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.09.11 20:19:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.09.11 20:19:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.09.11 20:19:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.09.11 20:19:18 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.09.11 20:19:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013.09.11 20:19:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll [2013.09.11 20:19:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.09.11 20:16:08 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013.09.08 14:11:40 | 000,000,000 | ---D | C] -- C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7 [2010.08.30 22:14:15 | 000,703,352 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files (x86)\autoruns.exe [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.10.06 19:32:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3237284612-487690776-1710373329-1001UA.job [2013.10.06 18:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.10.06 18:44:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.10.06 15:36:33 | 000,001,060 | ---- | M] () -- C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.10.06 13:17:28 | 000,026,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.10.06 13:17:28 | 000,026,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.10.06 13:05:39 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.10.06 13:04:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.10.06 13:04:16 | 3195,211,776 | -HS- | M] () -- C:\hiberfil.sys [2013.10.06 10:19:33 | 000,076,322 | ---- | M] () -- C:\Users\Ingo\Desktop\SystemExplorerDisab.jpg [2013.10.05 16:21:46 | 001,622,004 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.10.05 16:21:46 | 000,700,592 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.10.05 16:21:46 | 000,655,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.10.05 16:21:46 | 000,149,356 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.10.05 16:21:46 | 000,122,136 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.10.05 12:32:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3237284612-487690776-1710373329-1001Core.job [2013.10.03 13:36:22 | 000,042,359 | ---- | M] () -- C:\Users\Ingo\Desktop\Firefox Startseite wiederherstellen (about_config).jpg [2013.10.02 08:38:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ingo\Desktop\OTL.exe [2013.10.01 20:21:08 | 000,000,898 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013.10.01 19:29:53 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.10.01 19:29:48 | 000,312,744 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.10.01 19:29:48 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013.10.01 19:29:47 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013.10.01 19:29:44 | 001,095,080 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013.10.01 19:29:44 | 000,973,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013.10.01 18:45:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013.09.29 08:58:17 | 000,007,680 | ---- | M] () -- C:\Users\Ingo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.09.28 11:41:14 | 000,001,274 | ---- | M] () -- C:\Users\Ingo\Desktop\WebCam.lnk [2013.09.28 11:25:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs [2013.09.19 19:59:47 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.09.19 19:59:46 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.09.18 19:59:41 | 000,074,253 | ---- | M] () -- C:\Users\Ingo\Desktop\Kleid.jpg [2013.09.12 19:38:19 | 000,569,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.10.06 15:36:33 | 000,001,060 | ---- | C] () -- C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.10.06 10:19:33 | 000,076,322 | ---- | C] () -- C:\Users\Ingo\Desktop\SystemExplorerDisab.jpg [2013.10.03 13:36:22 | 000,042,359 | ---- | C] () -- C:\Users\Ingo\Desktop\Firefox Startseite wiederherstellen (about_config).jpg [2013.10.01 20:11:26 | 000,000,898 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013.09.28 11:41:14 | 000,001,274 | ---- | C] () -- C:\Users\Ingo\Desktop\WebCam.lnk [2013.09.18 19:59:41 | 000,074,253 | ---- | C] () -- C:\Users\Ingo\Desktop\Kleid.jpg [2013.07.23 17:02:05 | 000,000,367 | ---- | C] () -- C:\Users\Ingo\Heimnetzgruppe - Verknüpfung.lnk [2013.04.08 18:33:01 | 000,001,464 | ---- | C] () -- C:\Users\Ingo\AppData\Local\recently-used.xbel [2012.08.29 21:34:56 | 000,001,011 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012.08.29 21:34:56 | 000,000,159 | ---- | C] () -- C:\Windows\brpcfx.ini [2012.08.29 21:34:36 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.08.29 21:34:36 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7840W.DAT [2012.08.29 21:33:29 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll [2012.08.29 21:33:29 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2012.08.29 21:33:29 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2012.08.29 21:33:22 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2012.08.29 21:33:10 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2012.04.19 20:45:46 | 000,000,000 | ---- | C] () -- C:\Users\Ingo\mm_backup.cfg [2012.03.22 19:36:17 | 000,007,250 | ---- | C] () -- C:\Windows\HCWPNP.INI [2012.03.21 21:29:59 | 000,038,194 | ---- | C] () -- C:\Windows\Irremote.ini [2012.03.21 21:29:33 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI [2012.03.21 21:29:32 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2012.03.21 21:29:07 | 000,142,337 | ---- | C] () -- C:\Windows\SysWow64\Wait.exe [2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2012.01.04 13:28:18 | 000,000,030 | ---- | C] () -- C:\Windows\Iedit_.INI [2011.07.31 14:21:53 | 000,004,096 | -H-- | C] () -- C:\Users\Ingo\AppData\Local\keyfile3.drm [2011.05.21 23:10:58 | 000,000,017 | ---- | C] () -- C:\Users\Ingo\AppData\Local\resmon.resmoncfg [2011.03.21 19:41:21 | 000,001,854 | ---- | C] () -- C:\Users\Ingo\AppData\Roaming\GhostObjGAFix.xml [2011.02.12 21:11:50 | 000,001,478 | ---- | C] () -- C:\Users\Ingo\AppData\Local\RecConfig.xml [2010.10.11 20:41:15 | 000,007,680 | ---- | C] () -- C:\Users\Ingo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.25 21:23:01 | 000,000,970 | ---- | C] () -- C:\Users\Ingo\Windows-EasyTransfer.lnk [2010.08.25 21:23:01 | 000,000,758 | ---- | C] () -- C:\Users\Ingo\autorun.inf ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:D282699C @Alternate Data Stream - 128 bytes -> C:\Windows:nlsPreferences < End of report > Danke und schöne Grüße, imebro |
06.10.2013, 19:08 | #14 |
| Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab Logfile 2: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 06.10.2013 19:31:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ingo\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16686) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 36,15% Memory free 7,93 Gb Paging File | 5,02 Gb Available in Paging File | 63,22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 125,46 Gb Total Space | 48,73 Gb Free Space | 38,84% Space Free | Partition Type: NTFS Drive D: | 88,36 Gb Total Space | 77,89 Gb Free Space | 88,15% Space Free | Partition Type: NTFS Drive F: | 19,53 Gb Total Space | 6,90 Gb Free Space | 35,33% Space Free | Partition Type: NTFS Drive G: | 37,11 Gb Total Space | 11,07 Gb Free Space | 29,84% Space Free | Partition Type: NTFS Drive H: | 14,67 Gb Total Space | 7,92 Gb Free Space | 54,01% Space Free | Partition Type: NTFS Drive X: | 12,76 Gb Total Space | 2,13 Gb Free Space | 16,69% Space Free | Partition Type: NTFS Computer Name: INGOS-LAPTOP | User Name: Ingo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Browse with &IrfanView] -- "D:\Programme\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Browse with &IrfanView] -- "D:\Programme\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06366168-DAD6-4C6E-80FA-1E89689AA882}" = lport=2869 | protocol=6 | dir=in | app=system | "{074EBFF9-35EB-4B11-BBA0-64EF42217D8C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{198F806B-9732-4A0C-BBB9-591C612A0501}" = lport=138 | protocol=17 | dir=in | app=system | "{1A757C14-7185-4B2D-BA6E-ECDA2F88F7FF}" = lport=139 | protocol=6 | dir=in | app=system | "{1A809390-A4C9-4A7A-93C1-17A5C6337459}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4D303C6E-7A3E-4DC8-A2A9-8FE28D63F765}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4F2E3E09-1F18-43EE-A626-00E28E92A86E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{64F5D961-8FAC-46C6-ACD1-051FD2E398D8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6581DF9B-4339-4CC9-AEEC-D672163FDD37}" = lport=137 | protocol=17 | dir=in | app=system | "{680346CE-C737-4A84-A89C-DB6FF8A73D16}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{71904ABB-BC06-4068-A237-343BDC0E7823}" = rport=10243 | protocol=6 | dir=out | app=system | "{719B96B4-4512-4241-8F59-6BB5F58456B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7B52DB5C-CE39-4579-B2C6-E7DB474E3A2F}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | "{7D07B51A-1BE5-44EE-8407-96A372139024}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{815AAF9C-92C9-444D-802A-E53D5B9AE7B4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{84EBC75B-FD34-4F56-AE70-6016D37C1E3C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{855154D1-96DF-498E-BBFA-6C34DCCC42F8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{85FD5620-8316-4E67-8985-416BD3F308C6}" = rport=139 | protocol=6 | dir=out | app=system | "{87B119B7-1FE6-4F1A-B4A7-6777BABE365E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8AA6527B-6FB4-49CB-ADC5-F89E49AA1F1D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{9B040E42-784C-4209-9EFB-269C1C44CC8A}" = lport=2869 | protocol=6 | dir=in | app=system | "{A84FE5C1-184A-4B26-9134-396A75848214}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{A850FF5C-B389-4C76-AA8F-469E840F3FB7}" = lport=445 | protocol=6 | dir=in | app=system | "{B33F91B8-7279-47C0-B1EC-D39627A35FC7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{B5B9E1D6-BE5F-4B62-9B8D-E863C9B954A7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BAC23F8D-6981-4406-BBCC-C137E3F50017}" = rport=445 | protocol=6 | dir=out | app=system | "{BD5FC5E2-84FC-4C40-8ED2-7919FA3C2160}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{C43F2715-742C-46C3-8856-C36FFBB1169E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{CCAA4026-37E8-4A17-97B0-E152346C3490}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D0B6277F-C631-4EB8-8A6C-07E540B6823F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D36D9AC0-B95D-4C37-A17C-F3CE6574B49C}" = lport=10243 | protocol=6 | dir=in | app=system | "{E3142ADE-C50A-490A-B81F-FC6C986C6EB0}" = rport=138 | protocol=17 | dir=out | app=system | "{E93FED5E-49AC-403B-A8E1-D571E161D9FE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EDA8D151-7095-40B7-8222-9862A21E8B06}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{F54CD8E5-7C90-4B7A-AAC9-76073BDD10A6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FBD8D561-E344-483F-B904-4C0F181F03DA}" = rport=137 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02A46836-0FF8-440A-A33F-8C07E501284E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{09ECBB24-5D36-4837-95E5-65B0FE9AEF42}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{0EC56A15-79C2-4D62-AC51-2D6F4A13E8A2}" = protocol=6 | dir=in | app=f:\treiber mfc-7840w\mflpro\data\disk1\setup.exe | "{21574E57-7113-4A3B-9C64-9B825A57AF7C}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{23B71276-1738-4640-A054-3E47D42B7754}" = protocol=6 | dir=in | app=f:\dhcp-server\dhcpsrv.exe | "{2C14D968-CAAF-4E68-B6B2-DC2CEB4502B6}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{31563EB8-10C4-4E11-9468-B174E506EC66}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe | "{4195E1BB-9224-4421-9517-21E0EB3D981E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{43F84C40-C6A4-4F9A-834B-1EA35F20F66E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4B086F20-0C84-417F-BE1B-35F627C99949}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{4B68C902-ABE4-4C9F-9E7F-04AFC73E0BF8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4C168F4B-9088-4825-B4CA-E229242A78D0}" = protocol=17 | dir=in | app=f:\dhcp-server\dhcpsrv.exe | "{5276215A-A624-42A8-9280-26F2F685852D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{58567428-1EB4-47A0-BA6B-3A6CCEB66D48}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{58CF6643-98BF-4688-9983-C08A5D28ECF9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{58F1A695-F09E-4C88-ADE6-A004444001B0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{5F24F9EA-0A09-4309-9CB4-B2B71506EDD1}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl07b\faxrx.exe | "{7076A16A-28A6-4750-AA4E-2B27A7593EF4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{74999CFD-76D8-486D-A511-5C90F74AA5C9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{779D3E59-398A-4481-888C-14801DD84E70}" = protocol=17 | dir=in | app=c:\windows\syswow64\rserver30\rserver3.exe | "{7BFD4E40-8B54-4AB6-A6DF-C24D34A8E0C3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd9\powerdvd9.exe | "{8115DC36-7184-4043-8814-9B36BF45B0E7}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl07b\faxrx.exe | "{842D286C-D1E2-480D-BEF5-022C1575C223}" = protocol=17 | dir=in | app=f:\dhcp-server\dhcpsrv.exe | "{89BED5BC-A0BB-412E-B764-FBA8F732500E}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{8A56E43D-4C9D-4274-B77F-F5E6C201F0AA}" = protocol=6 | dir=in | app=c:\users\ingo\appdata\roaming\dropbox\bin\dropbox.exe | "{8AB8F995-1D76-4F3E-8703-E52B9C3F06D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8D5802AF-899C-4A8D-893E-E3A59823DCE8}" = protocol=6 | dir=in | app=f:\dhcp-server\dhcpsrv.exe | "{972A8B14-A4AB-48DA-9B0C-003F966428FC}" = protocol=17 | dir=in | app=f:\dhcp-server\dhcpsrv.exe | "{9CE5C5AF-114F-4B57-8775-3D4E31D17447}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{9EC1A2CD-FA3B-4B09-9102-06104F9931D4}" = protocol=6 | dir=in | app=c:\windows\syswow64\rserver30\rserver3.exe | "{A8C2632C-F5E5-4378-9A11-7FF730550C41}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{AC695EE5-7B41-424B-8A94-FF4E4B6551D4}" = protocol=17 | dir=in | app=c:\users\ingo\appdata\roaming\dropbox\bin\dropbox.exe | "{AF536ACB-6A67-4E74-9E26-60939810B411}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B89777F6-9450-4D3D-B312-09D7CBFD9F0B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B91BCEEA-2D90-4160-9CAA-0929E42F9935}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BC33EE4C-1B97-423F-B5CD-BBA6AA15C243}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BEDD31F8-E2FD-4CF5-8BA7-916CE18E4FC1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{C26AB08B-7AC8-4F52-BFB7-4EC575FAC0BC}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{C97F0BE4-4BEC-4276-BDFE-AC9B013850D8}" = protocol=17 | dir=in | app=f:\treiber mfc-7840w\mflpro\data\disk1\setup.exe | "{CA884448-E191-474F-AD4F-8D21B0B3DA7C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{CAB335AC-1636-4F6A-8111-C647C584855E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{CDAF3765-266B-4861-8AD2-4CF232EEC860}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe | "{D22E2EDA-4D5C-42A5-B64D-BB007AB36609}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | "{D775D469-94D4-423B-B6F0-0867D7D644AC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D8A039E8-0219-4E17-BFB0-2314775F69F7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D9EB1BFE-6404-402F-BDA6-053018ABEDEB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E864882B-FD90-4116-B531-091CB86AB4B3}" = protocol=6 | dir=in | app=f:\dhcp-server\dhcpsrv.exe | "{F5AA5E7D-D1D7-4F8A-9864-B7A1B0A5EE9B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F61DA2C0-BED1-4003-B3D8-91D15CF7DD75}" = protocol=6 | dir=out | app=system | "{FB27B6A7-B83D-47C9-A165-126BCFD5E43B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FCC5CDC6-DA1A-4B05-849B-0121CCA67D80}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe | "TCP Query User{06903B51-649C-4BAE-9FDB-D7F1B86E39F8}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "TCP Query User{388D31BC-FB58-4168-90DC-4C0F0D0298DF}C:\program files (x86)\brother\brmfl07b\faxrx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl07b\faxrx.exe | "TCP Query User{392AA1D8-1F5D-4010-865C-8BD64D0E6B5F}D:\programme\screamer radio\screamer.exe" = protocol=6 | dir=in | app=d:\programme\screamer radio\screamer.exe | "TCP Query User{393F8C24-8EE9-4A86-AB24-F5C6CD94AE93}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "TCP Query User{3EAAE2DF-F5E1-4726-B55D-7419A2F0AFDC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{676136DA-377E-4D29-BDC6-D466BB8730F5}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "TCP Query User{699FBCAB-CA15-451A-813E-788726B67BDF}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | "TCP Query User{724A27DB-0209-4DCC-B710-834245DAB3BF}D:\programme\screamer radio\screamer.exe" = protocol=6 | dir=in | app=d:\programme\screamer radio\screamer.exe | "TCP Query User{76434226-4834-4650-A537-BB2E161E1037}D:\programme\atube catcher 2.0\yct.exe" = protocol=6 | dir=in | app=d:\programme\atube catcher 2.0\yct.exe | "TCP Query User{8951CB7F-CFE3-499B-847B-BAE19102E85B}C:\users\gast\appdata\roaming\icq\application\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\users\gast\appdata\roaming\icq\application\icq7.2\icq.exe | "TCP Query User{958B0B1B-F7AF-4442-8773-1273D7A84B96}C:\users\gast\appdata\roaming\icq\application\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\users\gast\appdata\roaming\icq\application\icq7.2\icq.exe | "TCP Query User{98BD4E89-938A-4DCD-A157-DE3E9A86ECE3}C:\program files (x86)\microsoft office\office14\groove.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "TCP Query User{A416389E-8594-403A-9EA4-8BCD84DCA489}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | "TCP Query User{FE8081C6-8873-41FC-8351-85D416B939DE}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "UDP Query User{0D7811D9-4DA4-443F-B9D1-1B8A76702A16}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "UDP Query User{2326E0AD-E1D7-4027-80ED-32E79D049D4C}C:\program files (x86)\microsoft office\office14\groove.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "UDP Query User{2B868334-FF07-4643-ACB9-18FF68A9E3DC}C:\users\gast\appdata\roaming\icq\application\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\users\gast\appdata\roaming\icq\application\icq7.2\icq.exe | "UDP Query User{2D816D3E-67DA-49FA-86E0-1F9FDE98F329}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "UDP Query User{458F9C4E-517C-4B70-882C-969F08AA0F47}D:\programme\atube catcher 2.0\yct.exe" = protocol=17 | dir=in | app=d:\programme\atube catcher 2.0\yct.exe | "UDP Query User{506E0B3F-1E27-448C-9CB7-E59AD4D81F9F}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "UDP Query User{6F3FB105-6EBC-42A3-83F4-D7AB7369AA5A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{9445C9C5-DC66-40E2-87C5-885C34551EFD}D:\programme\screamer radio\screamer.exe" = protocol=17 | dir=in | app=d:\programme\screamer radio\screamer.exe | "UDP Query User{964F3624-B37B-4042-8608-0FFD4B1ACAE3}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | "UDP Query User{A17F91D2-1D08-4E4A-AA3D-BE00FF61A687}D:\programme\screamer radio\screamer.exe" = protocol=17 | dir=in | app=d:\programme\screamer radio\screamer.exe | "UDP Query User{A990BA79-211C-4ADA-8BAA-E53FCFF9C758}C:\users\gast\appdata\roaming\icq\application\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\users\gast\appdata\roaming\icq\application\icq7.2\icq.exe | "UDP Query User{BEEFE771-D8DC-4EBA-AFA2-3A12FBD8BD85}C:\program files (x86)\brother\brmfl07b\faxrx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl07b\faxrx.exe | "UDP Query User{C1820C29-D326-4241-ADEE-AC9D480CA1E8}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "UDP Query User{E94E6F64-9F15-410E-9307-721056A868DD}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{21ee2cf4-b39a-4456-9137-345405891e36}.sdb" = Meine Ausnahmen "{23170F69-40C1-2702-0930-000001000000}" = 7-Zip 9.30 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86417040FF}" = Java 7 Update 40 (64-bit) "{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi-Software "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{7F2E5C3B-DBDF-469D-AD8D-F686D3B71176}" = Debugging Tools for Windows (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 270.61 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 270.61 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.61 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.1.34 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.22.1 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{D86BF639-AFA1-462A-AB44-593F71A4D7E2}" = O&O SafeErase "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) "CCleaner" = CCleaner "CPUID CPU-Z_is1" = CPUID CPU-Z 1.58 "Defraggler" = Defraggler "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "GIMP-2_is1" = GIMP 2.8.4 "lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket "MediaCoder x64" = MediaCoder x64 0.8.17 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "ProInst" = Intel PROSet Wireless "REAPER" = REAPER (x64) "Recuva" = Recuva "Redirection Port Monitor" = RedMon - Redirection Port Monitor "SpeedCommander 13 (x64)" = SpeedCommander 13 (x64) "SynTPDeinstKey" = Synaptics Pointing Device Driver "TeraCopy_is1" = TeraCopy 2.27 "Unlocker" = Unlocker 1.9.0-x64 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0A07E5D2-DAFB-42A9-8927-05C5F8E35F1A}" = Serif PagePlus 11 "{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}" = Microsoft Application Compatibility Toolkit 5.6 "{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12 "{1C943495-B69F-4D41-AE0E-23C57ECD90EE}" = Debugging Tools for Windows "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2517B7EA-6C03-4D86-A1B1-F3FE1C3BC03B}" = Radmin Viewer 3.4 "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 25 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3D4FEB69-2D56-42FA-9854-B47C53B398A3}_is1" = Serif PagePlus 11 - Installer "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{409ECFF1-9CC7-43A8-B28A-B7F0B7CB04D1}_is1" = Classic Menu 3.x for Office 2007 "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite MFC-7840W "{48BCA9A6-1D2A-4E4B-BB55-F82A888CE344}" = Garmin POI Loader "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant "{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{55718B4B90B54F7EADC5621C750A14E6}" = DivX Author 1.5 "{5979B77A-9AE6-4E75-AED8-283C5E16C02D}_is1" = Backup Service Home 3.4.4.1 "{5B5A4F65-E053-4F25-0001-73D921B41131}" = QuickConvert Video "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AA4C799-BF98-4573-9C83-0C8E4EA46D14}" = Manual CanoScan LiDE 35 "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6BF1780B-36EA-432B-9451-DD84FF5C9D52}" = Radmin Server 3.1 "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6D3C6846-CDB6-418F-8FDB-DA21FE064F86}" = YAMAHA Musicsoft Downloader 5 "{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{751F6A0B-FDEC-47B6-B45D-7A1AE742A87A}" = SlimDrivers "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{96A9A1C8-FBAD-4703-ABF1-E93AA8FE85A0}_is1" = Artweaver Free 3.0 "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR "{A7595B3A-6EB9-46BA-AB80-E020963D30C3}" = AquaSoft SnapTip "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{AA2E6BFE-4351-481C-A720-47CB3506570B}" = ACDSee 8 "{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.10.29 "{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player "{AD80049E-8CB4-4794-BF58-4A2834CFD37C}" = PureSync "{AEB61F7A-4BBA-4292-A096-7893E09034A4}" = Steuer-Spar-Erklärung 2013 "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager "{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2012 Free "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9 "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CCB71FF8-DE82-469C-8641-44378F4443EB}" = Garmin WebUpdater "{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012 "{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel "{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU "{D3FD74FE-BF2C-46E3-B708-8FBF535364A1}" = tango solo "{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution "{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7 "{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English "{E948B551-08DB-4163-8995-8C43B03D1B19}" = maxdome Download Manager 4.1.300.78 "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FF2A5498-4EFE-430F-A138-7EB365DBEBAD}" = Adobe Shockwave Player 11.6 "{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 12.0 "Adress Little 2.0_is1" = Adress Little 2.0 "Any Video Converter_is1" = Any Video Converter 3.0.7 "Ashampoo Burning Studio 2013_is1" = Ashampoo Burning Studio 2013 v.11.0.5 "aTube Catcher" = aTube Catcher "Audacity_is1" = Audacity 2.0.3 "avast" = avast! Free Antivirus "Biet-O-Matic v2.14.6" = Biet-O-Matic v2.14.6 "Clipdiary" = Clipdiary 1.4 "Clover" = Clover 3.0 "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "DivX Setup.divx.com" = DivX-Setup "ERUNT_is1" = ERUNT 1.1j "EVEREST Corporate Edition_is1" = EVEREST Corporate Edition v5.02 "Exifer_is1" = Exifer "FormatFactory" = FormatFactory 2.60 "Fotosizer" = Fotosizer 1.37 "Foxit Reader_is1" = Foxit Reader "Free CD Ripper_is1" = Free CD Ripper V2.0 "Free FLV Converter_is1" = Free FLV Converter V 6.92.0 "Free Video to JPG Converter_is1" = Free Video to JPG Converter version 5.0.21.1212 "Free Word/Doc Txt to Image Jpg/Jpeg Bmp Tiff Png~F15BC2F8_is1" = Free Word/Doc Txt to Image Jpg/Jpeg Bmp Tiff Png Converter 5.6 "Free YouTube Download_is1" = Free YouTube Download version 3.0.18.1123 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8 "FreePDF_XP" = FreePDF (Remove only) "Glary Registry Repair_is1" = Glary Registry Repair 3.3.0.852 "GPL Ghostscript 8.71" = GPL Ghostscript 8.71 "ImgBurn" = ImgBurn "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare "IrfanView" = IrfanView (remove only) "KaloMa_is1" = KaloMa 4.72 "KeePassPasswordSafe2_is1" = KeePass Password Safe 2.22 "LAME_is1" = LAME v3.99.3 (for Windows) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "MediaCoder x64" = MediaCoder x64 0.7.3.4685 "Mozilla Firefox 24.0 (x86 de)" = Mozilla Firefox 24.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3tag" = Mp3tag v2.55a "MWSnap 3" = MWSnap 3 "No23 Recorder" = No23 Recorder "Notepad++" = Notepad++ "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Personal Backup 5_is1" = Personal Backup 5.4 "Prism" = Prism Videodatei-Konverter "ProInst" = Intel PROSet Wireless "PureSync" = PureSync 3.7.6 "Revo Uninstaller" = Revo Uninstaller 1.92 "Scribus 1.4.1" = Scribus 1.4.1 "Secunia PSI" = Secunia PSI (2.0.0.3001) "SopCast" = SopCast 3.5.0 "SuperMailer_is1" = SuperMailer 5.71 "System Explorer_is1" = System Explorer 3.9.0 "UltraSearch_is1" = UltraSearch V1.7.1 "Uninstall_is1" = Uninstall 1.0.0.1 "VideoPad" = VideoPad Video Editor "VLC media player" = VLC media player 2.1.0 "WinLiveSuite_Wave3" = Windows Live Essentials "Winmail Opener" = Winmail Opener 1.4 "WinMend Folder Hidden_is1" = WinMend Folder Hidden 1.4.1 "Wise Registry Cleaner_is1" = Wise Registry Cleaner Free 5.72 "WOW Slider_is1" = WOW Slider "xampp" = XAMPP 1.7.7 "Xenu's Link Sleuth" = Xenu's Link Sleuth "Yahoo! Messenger" = Yahoo! Messenger ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "AquaSoft SnapTip" = AquaSoft SnapTip "Dropbox" = Dropbox "FileZilla Client" = FileZilla Client 3.7.3 "Google Chrome" = Google Chrome "PhotoFiltre 7" = PhotoFiltre 7 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 03.10.2013 04:19:46 | Computer Name = Ingos-Laptop | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Ingo\Desktop\Trojanerboard Hilfen\esetsmartinstaller_enu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 03.10.2013 04:24:53 | Computer Name = Ingos-Laptop | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Ingo\Desktop\Trojanerboard Hilfen\esetsmartinstaller_enu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 03.10.2013 06:52:25 | Computer Name = Ingos-Laptop | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 03.10.2013 07:02:11 | Computer Name = Ingos-Laptop | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Ingo\Desktop\Trojanerboard Hilfen\esetsmartinstaller_enu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 03.10.2013 07:23:43 | Computer Name = Ingos-Laptop | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Ingo\Desktop\Wartung\Trojanerboard Hilfen\esetsmartinstaller_enu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 04.10.2013 16:14:57 | Computer Name = Ingos-Laptop | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Ingo\Desktop\Wartung\Trojanerboard Hilfen\esetsmartinstaller_enu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 05.10.2013 05:06:51 | Computer Name = Ingos-Laptop | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Ingo\Desktop\Wartung\Trojanerboard Hilfen\esetsmartinstaller_enu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 05.10.2013 11:29:53 | Computer Name = Ingos-Laptop | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Ingo\Desktop\Wartung\Trojanerboard Hilfen\esetsmartinstaller_enu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 06.10.2013 09:37:38 | Computer Name = Ingos-Laptop | Source = Microsoft-Windows-RestartManager | ID = 10006 Description = Die Anwendung oder der Dienst "Windows-Explorer" konnte nicht heruntergefahren werden. Error - 06.10.2013 13:30:21 | Computer Name = Ingos-Laptop | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Ingo\Desktop\Wartung\Trojanerboard Hilfen\esetsmartinstaller_enu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. [ Backup Service Home Events ] Error - 06.12.2012 12:47:04 | Computer Name = Ingos-Laptop | Source = BackupServiceHome | ID = 7 Description = "G:\Personal-Backup-Ingo\LwC\Users\Ingo\Desktop\WEB\Websitebaker (WFP)\WBPortable_2.8.3_(Rev.1638)_DE - Version 3.6.12\htdocs\wbdemo\modules\fckeditor\fckeditor\editor\filemanager\browser\default\images\icons\cs.gif" wurde aufgrund Problem (Der angegebene Pfad und/oder Dateiname ist zu lang. Der vollständig qualifizierte Dateiname muss kürzer als 260 Zeichen und der Pfadname kürzer als 248 Zeichen sein.) nicht gesichert. Error - 06.12.2012 12:47:04 | Computer Name = Ingos-Laptop | Source = BackupServiceHome | ID = 7 Description = "G:\Personal-Backup-Ingo\LwC\Users\Ingo\Desktop\WEB\Websitebaker (WFP)\WBPortable_2.8.3_(Rev.1638)_DE - Version 3.6.12\htdocs\wbdemo\modules\fckeditor\fckeditor\editor\filemanager\browser\default\images\icons\js.gif" wurde aufgrund Problem (Der angegebene Pfad und/oder Dateiname ist zu lang. Der vollständig qualifizierte Dateiname muss kürzer als 260 Zeichen und der Pfadname kürzer als 248 Zeichen sein.) nicht gesichert. Error - 06.12.2012 12:47:05 | Computer Name = Ingos-Laptop | Source = BackupServiceHome | ID = 39 Description = "G:\Personal-Backup-Ingo\LwC\Users\Ingo\Desktop\WEB\Websitebaker (WFP)\WBPortable_2.8.3_(Rev.1638)_DE - Version 3.6.12\htdocs\wbdemo\temp\compiled\J-\WBPortable_2.8.3_(Rev.1638)_DE - Version 13.5.12\htdocs\wbdemo\modules\flex_table\htt\backend.body.htt.d17.php.gz" konnte nicht in die Sicherung aufgenommen werden. Die Dateiattribute konnten nicht ausgelesen werden (Der angegebene Pfad und/oder Dateiname ist zu lang. Der vollständig qualifizierte Dateiname muss kürzer als 260 Zeichen und der Pfadname kürzer als 248 Zeichen sein.). Error - 06.12.2012 12:47:05 | Computer Name = Ingos-Laptop | Source = BackupServiceHome | ID = 39 Description = "G:\Personal-Backup-Ingo\LwC\Users\Ingo\Desktop\WEB\Websitebaker (WFP)\WBPortable_2.8.3_(Rev.1638)_DE - Version 3.6.12\htdocs\wbdemo\temp\compiled\J-\WBPortable_2.8.3_(Rev.1638)_DE - Version 13.5.12\htdocs\wbdemo\modules\flex_table\htt\backend.table.edit.htt.d17.php.gz" konnte nicht in die Sicherung aufgenommen werden. Die Dateiattribute konnten nicht ausgelesen werden (Der angegebene Pfad und/oder Dateiname ist zu lang. Der vollständig qualifizierte Dateiname muss kürzer als 260 Zeichen und der Pfadname kürzer als 248 Zeichen sein.). Error - 06.12.2012 12:47:05 | Computer Name = Ingos-Laptop | Source = BackupServiceHome | ID = 39 Description = "G:\Personal-Backup-Ingo\LwC\Users\Ingo\Desktop\WEB\Websitebaker (WFP)\WBPortable_2.8.3_(Rev.1638)_DE - Version 3.6.12\htdocs\wbdemo\temp\compiled\J-\WBPortable_2.8.3_(Rev.1638)_DE - Version 13.5.12\htdocs\wbdemo\modules\flex_table\htt\backend.table.list.htt.d17.php.gz" konnte nicht in die Sicherung aufgenommen werden. Die Dateiattribute konnten nicht ausgelesen werden (Der angegebene Pfad und/oder Dateiname ist zu lang. Der vollständig qualifizierte Dateiname muss kürzer als 260 Zeichen und der Pfadname kürzer als 248 Zeichen sein.). Error - 06.12.2012 12:47:05 | Computer Name = Ingos-Laptop | Source = BackupServiceHome | ID = 39 Description = "G:\Personal-Backup-Ingo\LwC\Users\Ingo\Desktop\WEB\Websitebaker (WFP)\WBPortable_2.8.3_(Rev.1638)_DE - Version 3.6.12\htdocs\wbdemo\temp\compiled\J-\WBPortable_2.8.3_(Rev.1638)_DE - Version 15.5.12\htdocs\wbdemo\modules\flex_table\htt\1\DE\error.htt.d17.php.gz" konnte nicht in die Sicherung aufgenommen werden. Die Dateiattribute konnten nicht ausgelesen werden (Der angegebene Pfad und/oder Dateiname ist zu lang. Der vollständig qualifizierte Dateiname muss kürzer als 260 Zeichen und der Pfadname kürzer als 248 Zeichen sein.). Error - 06.12.2012 12:47:08 | Computer Name = Ingos-Laptop | Source = BackupServiceHome | ID = 39 Description = "G:\Personal-Backup-Ingo\LwC\Users\Ingo\Desktop\WEB\Websitebaker (WFP)\WBPortable_2.8.3_(Rev.1638)_DE - Version 31.5.12\htdocs\wbdemo\temp\compiled\J-\WBPortable_2.8.3_(Rev.1638)_DE - Version 13.5.12\htdocs\wbdemo\modules\flex_table\htt\backend.body.htt.d17.php.gz" konnte nicht in die Sicherung aufgenommen werden. Die Dateiattribute konnten nicht ausgelesen werden (Der angegebene Pfad und/oder Dateiname ist zu lang. Der vollständig qualifizierte Dateiname muss kürzer als 260 Zeichen und der Pfadname kürzer als 248 Zeichen sein.). Error - 06.12.2012 12:47:08 | Computer Name = Ingos-Laptop | Source = BackupServiceHome | ID = 39 Description = "G:\Personal-Backup-Ingo\LwC\Users\Ingo\Desktop\WEB\Websitebaker (WFP)\WBPortable_2.8.3_(Rev.1638)_DE - Version 31.5.12\htdocs\wbdemo\temp\compiled\J-\WBPortable_2.8.3_(Rev.1638)_DE - Version 13.5.12\htdocs\wbdemo\modules\flex_table\htt\backend.table.edit.htt.d17.php.gz" konnte nicht in die Sicherung aufgenommen werden. Die Dateiattribute konnten nicht ausgelesen werden (Der angegebene Pfad und/oder Dateiname ist zu lang. Der vollständig qualifizierte Dateiname muss kürzer als 260 Zeichen und der Pfadname kürzer als 248 Zeichen sein.). Error - 06.12.2012 12:47:08 | Computer Name = Ingos-Laptop | Source = BackupServiceHome | ID = 39 Description = "G:\Personal-Backup-Ingo\LwC\Users\Ingo\Desktop\WEB\Websitebaker (WFP)\WBPortable_2.8.3_(Rev.1638)_DE - Version 31.5.12\htdocs\wbdemo\temp\compiled\J-\WBPortable_2.8.3_(Rev.1638)_DE - Version 13.5.12\htdocs\wbdemo\modules\flex_table\htt\backend.table.list.htt.d17.php.gz" konnte nicht in die Sicherung aufgenommen werden. Die Dateiattribute konnten nicht ausgelesen werden (Der angegebene Pfad und/oder Dateiname ist zu lang. Der vollständig qualifizierte Dateiname muss kürzer als 260 Zeichen und der Pfadname kürzer als 248 Zeichen sein.). Error - 06.12.2012 12:47:08 | Computer Name = Ingos-Laptop | Source = BackupServiceHome | ID = 39 Description = "G:\Personal-Backup-Ingo\LwC\Users\Ingo\Desktop\WEB\Websitebaker (WFP)\WBPortable_2.8.3_(Rev.1638)_DE - Version 31.5.12\htdocs\wbdemo\temp\compiled\J-\WBPortable_2.8.3_(Rev.1638)_DE - Version 15.5.12\htdocs\wbdemo\modules\flex_table\htt\1\DE\error.htt.d17.php.gz" konnte nicht in die Sicherung aufgenommen werden. Die Dateiattribute konnten nicht ausgelesen werden (Der angegebene Pfad und/oder Dateiname ist zu lang. Der vollständig qualifizierte Dateiname muss kürzer als 260 Zeichen und der Pfadname kürzer als 248 Zeichen sein.). [ Hewlett-Packard Events ] Error - 04.10.2010 14:07:05 | Computer Name = Ingos-Laptop | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101004080701.xml File not created by asset agent Error - 02.01.2011 08:35:30 | Computer Name = Ingos-Laptop | Source = Hewlett-Packard | ID = 0 Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. HP.ActiveSupportLibrary bei HP.ActiveSupportLibrary.Issues.HPSFSession.?() Error - 24.01.2011 12:23:37 | Computer Name = Ingos-Laptop | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011124052334.xml File not created by asset agent Error - 21.03.2011 13:41:20 | Computer Name = Ingos-Laptop | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031121064116.xml File not created by asset agent Error - 21.03.2011 13:41:23 | Computer Name = Ingos-Laptop | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031121064120.xml File not created by asset agent Error - 21.03.2011 13:45:28 | Computer Name = Ingos-Laptop | Source = Hewlett-Packard | ID = 0 Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. HP.ActiveSupportLibrary bei HP.ActiveSupportLibrary.Issues.HPSFSession.?() Error - 11.04.2011 11:53:02 | Computer Name = Ingos-Laptop | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041111055259.xml File not created by asset agent [ System Events ] Error - 04.10.2013 13:39:16 | Computer Name = Ingos-Laptop | Source = Service Control Manager | ID = 7022 Description = Der Dienst "Windows Search" wurde nicht richtig gestartet. Error - 04.10.2013 13:43:59 | Computer Name = Ingos-Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597 (Definition 1.159.1395.0) Error - 05.10.2013 04:08:17 | Computer Name = Ingos-Laptop | Source = Service Control Manager | ID = 7022 Description = Der Dienst "Windows Update" wurde nicht richtig gestartet. Error - 05.10.2013 05:07:50 | Computer Name = Ingos-Laptop | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 05.10.2013 06:49:05 | Computer Name = Ingos-Laptop | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 06.10.2013 03:16:12 | Computer Name = Ingos-Laptop | Source = Service Control Manager | ID = 7022 Description = Der Dienst "Windows Update" wurde nicht richtig gestartet. < End of report > Danke und schöne Grüsse, imebro |
07.10.2013, 09:33 | #15 |
/// the machine /// TB-Ausbilder | Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen TabFixen mit OTL
Code:
ATTFilter :OTL O4 - Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled [2013.10.04 22:15:38 | 000,000,000 | ---D | M]
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab |
4d36e972-e325-11ce-bfc1-08002be10318, adw-cleaner, antivirus, appdatalow, avast, bingbar, browser, converter, cpu-z, defender, desktop, flash player, installation, internet explorer, monitor, mp3, plug-in, plugin, preferences, programm, pup.optional.hdvidcodec.a, pup.optional.iminent, pup.optional.iminent.a, pup.optional.sweetim.a, registrierungsdatenbank, registry, revo uninstaller, secunia psi, security, svchost.exe, vista, windows 7 64-bit |