| |
| |||||||
Log-Analyse und Auswertung: Vista Home Premium SP2: Fehlermeldung bei Aufruf von allen exe-Dateien: "xxx.exe - Ungültiges Bild"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.11.2013, 17:25
| #1 |
 |  Vista Home Premium SP2: Fehlermeldung bei Aufruf von allen exe-Dateien: "xxx.exe - Ungültiges Bild" Seit zwei Tagen erscheint beim Öffnen jeder exe-Datei die Fehlermeldung "[Name].exe - Ungültiges Bild". Nach Wegklicken der Meldung mit "OK" öffnet sich die gewählte Anwendung offensichtlich normal. Beim Booten des PC erscheinen nacheinander so ca. 20 bis 30 Meldungen der automatisch gestarteten Prgramme, was enstsprechend lange dauert, da alle Meldungen manuell bestätigt werden müssen. Die ganze (exemplarische) Meldung lautet: "SnippingTool.exe - Ungültiges Bild c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll ist entweder nicht für die Ausführung unter Windows vorgesehen oder enthält einen Fehler. Installieren Sie das Programm mit den Originalinstallationsmedien erneut, oder wenden Sie sich an den Systemadministrator oder Softwarelieferanten, um Unterstützung zu erhalten." Darüber hinaus bekomme ich seit einiger Zeit häufig eine Meldung vom Norton Protection Center, dass der Phishing Schutz nicht in Ordnung sei. Nach manueller Aktivierung ist das Problem in der Regel erstmal wieder weg, taucht aber nach einer gewissen Zeit wieder auf. Das Norton Protection Center hat ansonsten keine weiteren Probleme beim wöchentlichen kompletten Scan gemeldet. Als erste Reaktion habe ich versucht eine Systemwiederherstellung durchzuführen - erfolglos. Anschließend habe ich mal einen Check mit Malwarebyte gemacht, wo auch einige Funde protokolliert wurden (siehe Logfile), mit denen ich aber nichts anfangen kann. MBAM Logfile: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.11.07.11 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Ralf :: AKOYA [Administrator] Schutz: Aktiviert 08.11.2013 00:25:58 MBAM-log-2013-11-08 (07-50-03).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 661787 Laufzeit: 3 Stunde(n), 20 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 57 HKCR\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE} (PUP.Optional.Delta) -> Keine Aktion durchgeführt. HKCR\escort.escortIEPane.1 (PUP.Optional.Delta) -> Keine Aktion durchgeführt. HKCR\escort.escortIEPane (PUP.Optional.Delta) -> Keine Aktion durchgeführt. HKCR\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Keine Aktion durchgeführt. HKCR\delta.deltaHlpr.1 (PUP.Optional.Delta) -> Keine Aktion durchgeführt. HKCR\delta.deltaHlpr (PUP.Optional.Delta) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Keine Aktion durchgeführt. HKCR\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. HKCR\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8} (PUP.Optional.Delta) -> Keine Aktion durchgeführt. HKCR\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D} (PUP.Optional.Delta) -> Keine Aktion durchgeführt. HKCR\esrv.deltaESrvc.1 (PUP.Optional.Delta) -> Keine Aktion durchgeführt. HKCR\esrv.deltaESrvc (PUP.Optional.Delta) -> Keine Aktion durchgeführt. HKCR\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B} (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. HKCR\esrv.BabylonESrvc.1 (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. HKCR\esrv.BabylonESrvc (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\delta.deltadskBnd.1 (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\delta.deltadskBnd (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575} (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. HKCR\b (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. HKCR\Typelib\{4599D05A-D545-4069-BB42-5895B4EAE05B} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\Interface\{1231839B-064E-4788-B865-465A1B5266FD} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\Typelib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. HKCR\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370} (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26} (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. HKCR\delta.deltaappCore.1 (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. HKCR\delta.deltaappCore (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. HKCR\bbylnApp.appCore.1 (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. HKCR\bbylnApp.appCore (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B} (PUP.Optional.Delta) -> Keine Aktion durchgeführt. HKCR\d (PUP.Optional.Delta) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\DELTA\DELTA (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Keine Aktion durchgeführt. HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Keine Aktion durchgeführt. HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\BabylonToolbar (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Delta\delta\Instl (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\delta (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 6 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Daten: Delta Toolbar -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Daten: -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Delta\Delta|tlbrSrchUrl (PUP.Optional.Delta.A) -> Daten: -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Daten: hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=94BC00FF6A903013&affID=121565&tsp=5017 -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Daten: {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} -> Keine Aktion durchgeführt. HKCU\Software\Delta\delta|lastB (PUP.Optional.Delta.A) -> Daten: hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=94BC00FF6A903013&affID=121565&tsp=5017 -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 1 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage.A) -> Bösartig: (hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=94BC00FF6A903013&affID=121565&tsp=5017) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 12 C:\ProgramData\IBUpdaterService (Adware.InstallBrain) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Roaming\BabSolution\CR (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Roaming\BabSolution\Shared (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt. C:\Program Files\Delta\delta\1.8.24.6 (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. C:\Program Files\Delta\delta\1.8.24.6\bh (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Roaming\OpenCandy\A7AF1B7A6743404495A3ED0A1CEC2B60 (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Local\Temp\mt_ffx\Delta (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Local\Temp\mt_ffx\Delta\delta (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.24.6 (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. Infizierte Dateien: 53 C:\Program Files\Delta\delta\1.8.24.6\bh\delta.dll (PUP.Optional.Delta) -> Keine Aktion durchgeführt. C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. C:\Program Files\Delta\delta\1.8.24.6\deltasrv.exe (PUP.Optional.Delta) -> Keine Aktion durchgeführt. C:\Program Files\Delta\delta\1.8.24.6\deltaTlbr.dll (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. C:\Program Files\Delta\delta\1.8.24.6\deltaApp.dll (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. C:\Program Files\Delta\delta\1.8.24.6\deltaEng.dll (PUP.Optional.Delta) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Local\Temp\5259.tmp (PUP.Optional.PerformerSoft.A) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Local\Temp\9+AuE2RV.exe.part (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Local\Temp\CEA1.tmp (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Local\Temp\gBBcSi6q.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Local\Temp\8859515.Uninstall\uninstall.exe.vir (Adware.Agent) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Local\Temp\BA8D7863-BAB0-7891-A4D3-6D5A0210A95A\MyBabylonTB.exe (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Local\Temp\BA8D7863-BAB0-7891-A4D3-6D5A0210A95A\Setup.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Local\Temp\FD00A178-BAB0-7891-B72A-FBFCC0F93487\MyBabylonTB.exe (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Local\Temp\FD00A178-BAB0-7891-B72A-FBFCC0F93487\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Local\Temp\FD00A178-BAB0-7891-B72A-FBFCC0F93487\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Local\Temp\FD00A178-BAB0-7891-B72A-FBFCC0F93487\Latest\ccp.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Local\Temp\FD00A178-BAB0-7891-B72A-FBFCC0F93487\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Local\Temp\FD00A178-BAB0-7891-B72A-FBFCC0F93487\Latest\DSearchLink.exe (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Local\Temp\FD00A178-BAB0-7891-B72A-FBFCC0F93487\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Local\Temp\FD00A178-BAB0-7891-B72A-FBFCC0F93487\Latest\MyBabylonTB.exe (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Local\Temp\FD00A178-BAB0-7891-B72A-FBFCC0F93487\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Local\Temp\FD00A178-BAB0-7891-B72A-FBFCC0F93487\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Local\Temp\is-GT7U7.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Local\Temp\is-RU66G.tmp\funmoods.exe (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Local\Temp\is1590112554\IWantThis_IC_V3_ROW.exe (Adware.GamePlayLabs) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Local\Temp\is1590112554\MyBabylonTB.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Roaming\BabSolution\Shared\BabMaint.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Roaming\OpenCandy\A7AF1B7A6743404495A3ED0A1CEC2B60\DeltaTB.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\Ralf\Downloads\FreeYouTubeToMP3Converter.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\Ralf\Downloads\musicconvertersetup.exe.vir (Adware.Agent) -> Keine Aktion durchgeführt. C:\Users\Ralf\Downloads\winamp561_full_emusic-7plus_de-de.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\Ralf\Downloads\wirelessnetview.zip (PUP.WirelessNetworkTool) -> Keine Aktion durchgeführt. C:\Windows\System32\roboot.exe (PUP.Optional.PCPerformer.A) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Local\funmoods.crx (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\ProgramData\IBUpdaterService\repository.xml (Adware.InstallBrain) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Roaming\BabSolution\CR\Delta.crx (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Roaming\BabSolution\Shared\BUSolution.dll (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Roaming\BabSolution\Shared\chu.js (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Roaming\BabSolution\Shared\Delta.ico (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Roaming\BabSolution\Shared\GUninstaller.exe (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Roaming\BabSolution\Shared\SetupParams.ini (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt. C:\Users\Ralf\AppData\Roaming\BabSolution\Shared\sqlite3.dll (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt. C:\Program Files\Delta\delta\1.8.24.6\GUninstaller.exe (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. C:\Program Files\Delta\delta\1.8.24.6\uninstall.exe (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. (Ende) defogger Logfile: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:38 on 09/11/2013 (Ralf)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
Addition Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-10-2013 Ran by Ralf at 2013-11-09 12:43:37 Running from C:\Users\Ralf\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) "Nero SoundTrax Help (Version: 4.0.15.0) Adobe Flash Player 11 ActiveX (Version: 11.9.900.117) Adobe Flash Player 11 Plugin (Version: 11.9.900.117) Adobe Reader X (10.1.8) - Deutsch (Version: 10.1.8) Adobe Shockwave Player 12.0 (Version: 12.0.0.112) Advertising Center (Version: 0.0.0.1) Amazon MP3-Downloader 1.0.17 (Version: 1.0.17) AppCore (Version: 1.3) Apple Application Support (Version: 2.3.6) Apple Mobile Device Support (Version: 7.0.0.117) Apple Software Update (Version: 2.1.3.127) Audible Download Manager (Version: 6.6.0.15) Avery Wizard 3.1 (Version: 3.1.10) AviSynth 2.5 AVM FRITZ!fax für FRITZ!Box Babylon toolbar on IE Bewerbungsfoto-/Passbild-Generator v3.5a Bing Bar (Version: 7.2.241.0) Bonjour (Version: 3.0.0.10) Canon Camera Window DC_DV 6 for ZoomBrowser EX (Version: 6.4.0.9) Canon Camera Window MC 6 for ZoomBrowser EX (Version: 6.3.0.8) Canon driver for DR-C125 (Version: 1.0.4309) Canon G.726 WMP-Decoder (Version: 1.1.0.4) CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.3.1.5) Canon Internet Library for ZoomBrowser EX (Version: 1.5.1.4) Canon MovieEdit Task for ZoomBrowser EX (Version: 2.4.0.14) Canon RAW Image Task for ZoomBrowser EX (Version: 2.6.0.13) Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.7.0.8) Canon Utilities ZoomBrowser EX (Version: 5.8.0.74) CaptureOnTouch Evernote Plugin (Version: 1.2.11005) CaptureOnTouch Google Docs(TM) Plugin (Version: 1.1.4311) ccCommon (Version: 107.0.0.102) CCleaner (Version: 4.06) CDDRV_Installer (Version: 4.60) Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000) Component Framework (Version: 2006.1.3.35) Conduit Engine (Version: 6.3.3.3) ConvertHelper 2.2 cyberJack Base Components (Version: 6.8.0) CyberLink PowerDVD (Version: 7.3.5105.0) DDBAC (Version: 04.02.0000) DDBAC (Version: 5.3.1) Delta Chrome Toolbar Delta toolbar (Version: 1.8.24.6) Deutsche Post E-Porto (Version: 2.3.0) DirSync 2.95 DolbyFiles (Version: 2.0) DR-C125 CaptureOnTouch (Version: 2.3.111.1014) DR-C125 UserManual (Version: 1.04.0000) Dropbox (HKCU Version: 2.4.2) Duden Home (Version: 10.0.0) DVDVideoSoft Toolbar (Version: ) eCopy PDF Pro Office (Version: 7.10.3290) EPSON TWAIN 5 (Version: 5.71.0000) Evernote v. 4.6 (Version: 4.6.0.7670) Firebird SQL Server - MAGIX Edition (Version: 2.0.1.8) FormatFactory 2.90 (Version: 2.90) Free Download Manager 3.9.2 Free YouTube to MP3 Converter version 3.12.12.827 (Version: 3.12.12.827) FreeCommander 2009.02b (Version: 2009.02) Freemake Video Converter Version 3.0.2 (Version: 3.0.2) funScreenScraping Client Version (Version: 1.0.173) funScreenScraping Microsoft Systemdateien (Version: 1.0.6) Gigaset QuickSync (Version: 7.2.0844.6) Google Desktop (Version: -) Google Earth Plug-in (Version: 7.1.1.1888) Google Toolbar for Internet Explorer (Version: 1.0.0) Google Toolbar for Internet Explorer (Version: 7.5.4601.54) Google Update Helper (Version: 1.3.21.165) Hardcopy (C:\Program Files\Hardcopy) (Version: 2011.08.26) HD Tune 2.55 HDClone 4.2 Standard Edition (Version: 4.2) HP FWUpdateEDO2 (Version: 1.2.0.0) HP Officejet Pro 8100 - Grundlegende Software für das Gerät (Version: 28.0.1321.0) HP Officejet Pro 8100 Hilfe (Version: 28.0.0) HP Update (Version: 5.003.003.001) HPDiagnosticAlert (Version: 1.00.0000) HPV Solo 2010 (Version: 10.8.0) iCloud (Version: 2.1.2.8) ImagXpress (Version: 7.0.74.0) Inkscape 0.48.4 (Version: 0.48.4) inSSIDer 2.0 (Version: 2.0.7) INSTAR Camera Tool (Version: 2.0.1.0) InstarVision 1.3 (Version: 1.3) Intel(R) Matrix Storage Manager Intel(R) PRO Network Connections 12.2.41.0 (Version: 12.2.41.0) Intel(R) PRO Network Connections Drivers Intel® Viiv™ Software (Version: 1.7.512.0) IPCamClient (Version: 1.0.0.10) IrfanView (remove only) (Version: 4.32) iTunes (Version: 11.1.3.8) J2SE Runtime Environment 5.0 Update 12 (Version: 1.5.0.120) JAP (Version: 00.12.005) Java 7 Update 45 (Version: 7.0.450) Java Auto Updater (Version: 2.1.9.8) Java(TM) 6 Update 20 (Version: 6.0.200) Java(TM) 6 Update 21 (Version: 6.0.210) Java(TM) 6 Update 6 (Version: 1.6.0.60) Java(TM) 6 Update 7 (Version: 1.6.0.70) JavaFX 2.1.1 (Version: 2.1.1) KhalInstallWrapper (Version: 4.60.122) Letstrade (Version: 1.00.0000) Lexware Info Service (Version: 2.70.00.0081) Lexware online banking (Version: 12.00.00.0043) Lexware online banking 4.90 (Version: 4.90) LiveUpdate (Symantec Corporation) (Version: 3.4.0.162) LiveUpdate (Symantec Corporation) (Version: 3.4.0.164) Logitech SetPoint (Version: 4.60) Logitech Updater (Version: 1.70) MAGIX MP3 Maker 12 8.2.1.238 (D) (Version: 8.2.1.238) MAGIX Online Druck Service 2.3.2.0 (D) (Version: 2.3.2.0) MakeDisc (Version: 3.0.2203) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) maxdome Download Manager 4.1.300.78 (Version: 4.1.30078) MCE Software Encoder 1.1 (Version: 1.1.0.1918) MediaShow (Version: 3.0.4325) Mediencenter 3.7.0.2204 (HKCU Version: 3.7.0.2204) Mediencenter Assistent (Version: 2.7.0.1451) MEDIONbox (Version: 1.09.0000.00050) Memeo Instant Backup (Version: 4.60.0.7943) Menu Templates - Starter Kit (Version: 9.0.4.0) Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (Version: 12.0.4518.1014) Microsoft .NET Framework 1.1 (Version: 1.1.4322) Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2833941) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000) Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1) Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000) Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Silverlight (Version: 5.1.20913.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319) Movie Templates - Starter Kit (Version: 9.0.4.0) Mozilla Firefox 25.0 (x86 de) (Version: 25.0) Mozilla Maintenance Service (Version: 25.0) MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0) MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0) MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0) MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0) MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (Version: 4.30.2100.0) NAVIGON Fresh 1.4.9 (Version: 1.4.9) NAVIGON Fresh BETA 2.6.0 (Version: 2.6.0) Nero 9 Nero Burning ROM Help (Version: 9.2.2.100) Nero BurnRights (Version: 2.99.6.100) Nero ControlCenter (Version: 0.0.0.1) Nero ControlCenter (Version: 9.0.0.1) Nero CoverDesigner (Version: 4.2.4.100) Nero CoverDesigner Help (Version: 4.2.2.100) Nero Disc Copy Gadget (Version: 2.2.7.0) Nero Disc Copy Gadget Help (Version: 2.2.7.0) Nero DiscSpeed (Version: 4.99.5.105) Nero DriveSpeed (Version: 3.99.5.105) Nero Express Help (Version: 9.2.2.100) Nero InfoTool (Version: 5.99.5.105) Nero Installer (Version: 2.0.0.1) Nero Live (Version: 1.2.4.0) Nero Live Help (Version: 1.0.162.0) Nero PhotoSnap (Version: 1.53.2.0) Nero PhotoSnap Help (Version: 1.53.2.0) Nero Recode (Version: 3.53.0.0) Nero Recode Help (Version: 3.53.0.0) Nero Rescue Agent (Version: 1.99.0.1) Nero RescueAgent Help (Version: 1.99.0.1) Nero ShowTime (Version: 4.99.0.0) Nero StartSmart (Version: 9.2.7.100) Nero StartSmart Help (Version: 9.2.4.100) Nero Vision (Version: 0.0.0.2) Nero Vision (Version: 6.2.6.100) Nero WaveEditor (Version: 5.2.5.0) Nero WaveEditor Help (Version: 5.0.15.0) NeroBurningROM (Version: 9.2.6.100) NeroExpress (Version: 9.2.6.100) NeroLiveGadget (Version: 1.0.8.100) NeroLiveGadget Help (Version: 1.0.6.100) neroxml (Version: 1.0.0) Network Printer Wizard (Version: 1.0.0.6) Nitro PDF Reader 2 (Version: 2.1.1.3) Norton AntiVirus (Version: 15.0.0.58) Norton AntiVirus Help (Version: 15.0) Norton Confidential Core (Version: 2.0.0.84) Norton Internet Security (Version: 15.0.0.60) Norton Internet Security Online (Symantec Corporation) (Version: 15.0.0.60) Norton Protection Center (Version: 3.1.0.I can not have a major version greater than 255) Norton Security Scan (Symantec Corporation) (Version: 2.0.0) Norton Security Scan (Version: 2.0.0) NPS - Nolte Collection / Horizont Edition 4.0.30 (NP) (Version: 4.00.0030) NSU (Version: 1.00.1000) NVIDIA Display Control Panel (Version: 6.14.11.9745) NVIDIA Drivers (Version: 1.10.59.37) ocxinstall (Version: 1.0.0.32) OnlineFotoservice PaperPort Image Printer (Version: 1.00.0000) PaperPort SharePoint Link (Version: 12.000.0001) Paragon Partition Manager 8.5 Personal PDFCreator (Version: 0.9.6) PDFCreator Toolbar (Version: 3.3.0.1) PhotoNow! 1.0 (Version: 3.0.4310) Picasa 3 (Version: 3.9) PixiePack Codec Pack (Version: 1.1.1200.0) Play Movie (Version: BD+HD 1.5.3307.0) PlayMemories Home (Version: 6.3.00.04221) PowerDirector (Version: 6.5.2209a) PowerProducer PVSonyDll (Version: 1.00.0001) Quicken 2008 - ServicePack 2 (Version: 15.05.0711) Quicken 2008 (Version: 15.00.00.00) Quicken 2012 (Version: 19.36.00.0165) Quicken Deluxe 2008 (Version: 15.00.00.00) Quicken Import Export Server 2008 (Version: 15.0.1.1) Quicken Import Export Server 2012 (Version: 19.30.00.0134) QuickImmobilie 2013 - Hotfix 1 (Version: 13.01) QuickImmobilie 2013 (Version: 13.0.0) QuickTime (Version: 7.74.80.86) Radiotracker (Version: 6.2.13700.0) Readiris Pro 10 RealPlayer Realtek High Definition Audio Driver (Version: 6.0.1.5470) Recuva (Version: 1.44) Rossmann Fotoservice Samsung CLX-3170 Series ScanSoft OmniPage SE 4 (Version: 15.2.0020) ScanSoft PaperPort 11 (Version: 11.2.0000) Scansoft PDF Professional Sceneo AbsolutTV SD Formatter (Version: 2.9.5) Servicepack Datumsaktualisierung (Version: 1.00.00.0005) Skype™ 6.3 (Version: 6.3.105) SmarThru 4 SmarThru PC Fax SmartTools Publishing • Word Falz & Lochmarken-Assistent (Version: v7.00) SMPlayer 0.7.0 (Version: 0.7.0) SoundTrax (Version: 4.2.5.0) SPBBC 32bit (Version: 4.0.0.134) StreamTransport version: 1.0.2.2171 swMSM (Version: 12.0.0.1) Symantec Real Time Storage Protection Component (Version: 10.2.2.6) SymNet (Version: 8.0.3.4) TeamViewer 8 (Version: 8.0.20935) Text-To-Speech-Runtime (Version: 1.0.0.0) T-Home Dialerschutz-Software TreeSize Free V2.4 (Version: 2.4) TV Enhance (Version: 1.0.4619) TVsweeper (Version: 3.0.5) Ulead PhotoImpact 12 (Version: 12.0) Uninstall 1.0.0.1 Unity Web Player (HKCU Version: ) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3) Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update für Microsoft Office Excel 2007 Help (KB963678) Update für Microsoft Office Powerpoint 2007 Help (KB963669) Update für Microsoft Office Word 2007 Help (KB963665) VCRedistSetup (Version: 1.0.0) Videoload Manager 2.0.2220 (Version: 2.0.2220) VLC media player 2.0.8 (Version: 2.0.8) WEB.DE Online-Speicher 1.5.1807.0 (HKCU Version: 1.5.1807.0) Wertpapieranalyse 2008 (Version: 1.00.0000) Windows Media Player Firefox Plugin (Version: 1.0.0.8) Windows Mobile-Gerätecenter (Version: 6.0.6783.0) Windows Mobile-Gerätecenter: Treiberupdate (Version: 6.0.6783.0) Winload Toolbar (Version: 6.3.3.3) WinRAR 4.00 (32-Bit) (Version: 4.00.0) X10 Hardware(TM) ZDFmediathek Version 2.1.6 ==================== Restore Points ========================= 19-10-2013 02:30:33 Geplanter Prüfpunkt 20-10-2013 10:27:18 Geplanter Prüfpunkt 21-10-2013 18:31:29 INSTAR Camera Tool wurde entfernt. 21-10-2013 18:34:41 Removed Instar Camera Tool. 24-10-2013 05:20:41 Geplanter Prüfpunkt 26-10-2013 19:15:02 Installed Java 7 Update 45 29-10-2013 14:40:36 INSTAR Camera Tool wurde installiert. 30-10-2013 22:40:27 Geplanter Prüfpunkt 31-10-2013 19:14:43 Geplanter Prüfpunkt 01-11-2013 18:54:30 Geplanter Prüfpunkt 08-11-2013 07:37:47 Wiederherstellungsvorgang 08-11-2013 07:48:07 Wiederherstellungsvorgang 08-11-2013 20:30:53 Wiederherstellungsvorgang ==================== Hosts content: ========================== 2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {045913E0-0D88-4E88-B14C-7F44CDB30F98} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-20] (Google Inc.) Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-19] (Microsoft Corporation) Task: {454516B5-18D1-4BBC-A990-6A347DE07BD5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-20] (Google Inc.) Task: {64090134-083B-439F-A294-A6B3A47F4484} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated) Task: {7B7781F9-F443-4560-9CEF-BA60B0AAE1F3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd) Task: {7B9C349F-4811-43A0-9139-A64DC3B09DB6} - System32\Tasks\NeroLiveEpgUpdate-Akoya_Ralf => C:\Program Files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-10-27] (Nero AG) Task: {84DC2DB2-5AF9-4684-9099-8B5BBBB227CC} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {D1D5A558-7D73-48E9-A847-70A3FC382BAD} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Ralf => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation) Task: {D24D0FC2-7A8C-4C6F-AB80-0B22CE8108A0} - System32\Tasks\EPUpdater => C:\Users\Ralf\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-08-04] () Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-05] () Task: {E82B3598-363E-4C63-A8E4-98DD34EC4E71} - System32\Tasks\Searchya => C:\Users\Ralf\AppData\Roaming\Searchya\UPDATE~1\UPDATE~1.EXE Task: {F434BB12-E7AC-4313-A377-7BCF7E27C2E0} - System32\Tasks\Norton Internet Security Online - Systemprüfung ausführen - Ralf => C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-27] (Symantec Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\NeroLiveEpgUpdate-Akoya_Ralf.job => C:\Program Files\Nero\Nero 9\Nero Live\NeroLive.exe Task: C:\Windows\Tasks\Norton Internet Security Online - Systemprüfung ausführen - Ralf.job => C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe Task: C:\Windows\Tasks\Searchya.job => C:\Users\Ralf\AppData\Roaming\Searchya\UPDATE~1\UPDATE~1.EXE ==================== Loaded Modules (whitelisted) ============= 2011-04-23 21:55 - 2011-03-02 11:40 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll 2010-05-28 20:16 - 2008-06-26 03:45 - 00155648 _____ () C:\Windows\twain_32\Samsung\CLX3170\IMFilter.dll 2010-05-28 20:16 - 2008-06-26 03:46 - 01384520 _____ () C:\Windows\twain_32\Samsung\CLX3170\ssole.dll 2010-05-28 20:16 - 2008-06-26 03:45 - 00367104 _____ () C:\Windows\twain_32\Samsung\CLX3170\NetModule.dll 2007-10-22 13:03 - 2007-10-19 16:42 - 00114780 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLSchMgr.dll 2007-10-22 13:03 - 2007-10-19 16:42 - 00032768 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLCapSvcps.dll 2007-10-22 13:03 - 2007-10-19 16:42 - 00245858 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLCapEngine.dll 2007-10-22 13:03 - 2007-10-19 16:42 - 00339968 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLTinyDB.dll 2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2011-12-24 12:14 - 2011-07-01 11:46 - 00806912 _____ () C:\Program Files\Medion AG\NSU\LIBEAY32.dll 2009-05-01 16:58 - 2009-05-01 16:58 - 01057512 _____ () C:\Program Files\maxdome\DCBin\PocoFoundation.dll 2009-05-01 16:58 - 2009-05-01 16:58 - 00627944 _____ () C:\Program Files\maxdome\DCBin\PocoNet.dll 2009-05-01 16:58 - 2009-05-01 16:58 - 00514352 _____ () C:\Program Files\maxdome\DCBin\sqlite3.dll 2013-03-13 21:48 - 2013-03-13 21:48 - 24978944 _____ () C:\Users\Ralf\AppData\Roaming\Dropbox\bin\libcef.dll 2011-09-28 01:47 - 2011-09-28 01:47 - 02890976 _____ () C:\Program Files\Memeo\AutoBackup\Memeo.Client.UI.dll 2011-09-28 01:47 - 2011-09-28 01:47 - 00025824 _____ () C:\Program Files\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll 2011-09-28 01:48 - 2011-09-28 01:48 - 00028672 _____ () C:\Program Files\Memeo\AutoBackup\de-DE\InstantBackup.resources.dll 2010-04-05 19:52 - 2010-04-05 19:52 - 00504293 _____ () C:\Program Files\Memeo\AutoBackup\sqlite3.dll 2011-09-28 01:48 - 2011-09-28 01:48 - 00114688 _____ () C:\Program Files\Memeo\AutoBackup\de-DE\Memeo.Client.UI.resources.dll 2011-12-13 20:41 - 2011-12-13 20:41 - 00006144 _____ () C:\Users\Ralf\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\CoreTempReader.dll 2011-12-13 20:41 - 2011-12-13 20:41 - 00008704 _____ () C:\Users\Ralf\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\GetCoreTempInfoNET.dll 2011-12-13 20:41 - 2011-12-13 20:41 - 00007680 _____ () C:\Users\Ralf\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\SystemInfo.dll 2013-08-17 13:06 - 2013-10-30 10:36 - 03368048 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:0574215C AlternateDataStreams: C:\ProgramData\TEMP:7311BB85 AlternateDataStreams: C:\ProgramData\TEMP:7631EA83 AlternateDataStreams: C:\ProgramData\TEMP:D95ACC7D AlternateDataStreams: C:\Users\Ralf\Documents\Produce_0.mpg:TOC.WMV ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SolutoService => ""="Service" ==================== Faulty Device Manager Devices ============= Name: 802.11 n/g/b Wireless LAN USB Adapter Description: 802.11 n/g/b Wireless LAN USB Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: AzureWave Technologies, Inc. Service: netr28u Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (11/09/2013 00:25:45 PM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\RALF\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\README.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (11/09/2013 00:25:45 PM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\RALF\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\README.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (11/09/2013 00:25:44 PM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\RALF\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\POWERDVD.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (11/09/2013 00:25:44 PM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\RALF\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\POWERDVD.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (11/09/2013 00:25:44 PM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\RALF\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\POWERDVD-HILFE.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (11/09/2013 00:25:44 PM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\RALF\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\POWERDVD-HILFE.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (11/09/2013 00:25:43 PM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\RALF\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\POWERDVD DEINSTALLIEREN.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (11/09/2013 00:25:43 PM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\RALF\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\POWERDVD DEINSTALLIEREN.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (11/09/2013 00:25:42 PM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\RALF\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\ONLINE-REGISTRIERUNG.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (11/09/2013 00:25:42 PM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\RALF\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\ONLINE-REGISTRIERUNG.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) System errors: ============= Error: (11/09/2013 00:11:45 PM) (Source: Service Control Manager) (User: ) Description: DgiVecp%%20 Error: (11/09/2013 00:01:37 PM) (Source: Service Control Manager) (User: ) Description: Intel(R) Viiv(TM) Media Server%%2147549183 Error: (11/09/2013 00:01:36 PM) (Source: Service Control Manager) (User: ) Description: DgiVecp%%20 Error: (11/09/2013 00:00:49 PM) (Source: Print) (User: NT-AUTORITÄT) Description: Der Druckspooler konnte den Drucker Samsung CLX-3170 Series nicht unter dem Namen CLX3170 freigeben. Fehler: 2114. Der Drucker kann nicht von anderen Benutzern im Netzwerk verwendet werden. Error: (11/09/2013 00:00:32 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 09.11.2013 um 11:05:40 unerwartet heruntergefahren. Error: (11/09/2013 10:53:10 AM) (Source: Service Control Manager) (User: ) Description: DgiVecp%%20 Error: (11/09/2013 10:51:26 AM) (Source: Service Control Manager) (User: ) Description: Intel(R) Viiv(TM) Media Server%%2147549183 Error: (11/09/2013 10:51:21 AM) (Source: Service Control Manager) (User: ) Description: DgiVecp%%20 Error: (11/09/2013 10:49:40 AM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 09.11.2013 um 10:47:58 unerwartet heruntergefahren. Error: (11/09/2013 10:40:42 AM) (Source: Service Control Manager) (User: ) Description: DgiVecp%%20 Microsoft Office Sessions: ========================= Error: (05/26/2013 10:15:59 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 594 seconds with 420 seconds of active time. This session ended with a crash. Error: (01/26/2013 10:57:54 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 18, Application Name: Picture Manager, Application Version: 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 61 seconds with 60 seconds of active time. This session ended with a crash. Error: (01/26/2013 10:56:38 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 18, Application Name: Picture Manager, Application Version: 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash. Error: (01/26/2013 10:52:50 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 18, Application Name: Picture Manager, Application Version: 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 68 seconds with 60 seconds of active time. This session ended with a crash. Error: (10/15/2012 07:41:35 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1163 seconds with 780 seconds of active time. This session ended with a crash. Error: (10/11/2012 11:38:01 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 789 seconds with 600 seconds of active time. This session ended with a crash. Error: (10/03/2012 11:29:30 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5081 seconds with 840 seconds of active time. This session ended with a crash. Error: (09/06/2012 01:57:51 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1098 seconds with 240 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2013-11-08 03:33:11.869 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-11-08 03:33:11.632 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-11-08 03:33:11.404 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-11-08 03:33:11.170 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-11-08 03:33:10.946 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-11-08 03:33:10.707 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-11-08 03:33:10.477 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-11-08 03:33:10.249 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-11-08 03:33:10.001 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-11-08 03:33:09.702 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 67% Total physical RAM: 3325.45 MB Available physical RAM: 1067.38 MB Total Pagefile: 6859.93 MB Available Pagefile: 4439.11 MB Total Virtual: 2047.88 MB Available Virtual: 1898.01 MB ==================== Drives ================================ Drive c: (BOOT) (Fixed) (Total:445.76 GB) (Free:31.5 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (RECOVER) (Fixed) (Total:19.99 GB) (Free:6.31 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 2BAB359D) Partition 1: (Active) - (Size=446 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=20 GB) - (Type=OF Extended) ==================== End Of Log ============================ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by Ralf (administrator) on AKOYA on 09-11-2013 12:40:36
Running from C:\Users\Ralf\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Intel(R) Corporation) C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(REINER SCT) C:\Windows\system32\cjpcsc.exe
() C:\Program Files\CPUCooL\CooLSrv.exe
(T-Systems International GmbH) C:\Program Files\T-Online\Dialerschutz-Software\DFInject.exe
() C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
(Empolis GmbH) c:\program files\common files\gnab\service\servicecontroller.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
(Empolis GmbH) C:\Program Files\Medion\MEDIONbox\Program\GCS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Deutsche Telekom AG) C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe
(Memeo) C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Nitro PDF Software) C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
() C:\Program Files\Generic\Network Printer Wizard\NPWService.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\eCopy PDF Pro Office\PDFProFiltSrv.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Entriq, Inc.) C:\Program Files\maxdome\DCBin\DCService.exe
(Intel(R) Corporation) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Buhl Data Service GmbH) C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
(X10) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
(Apple Inc.) C:\AirPrint\airprint.exe
(Intel(R) Corporation) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
(Intel(R) Corporation) C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
() C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
(Intel(R) Corporation) C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(ODSoft multimedia) C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
(Intel(R) Corporation) C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(T-Systems International GmbH) C:\Program Files\T-Online\Dialerschutz-Software\Defender.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
() C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe
(Cyberlink Corp.) C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe
(CyberLink Corp.) C:\Program Files\HomeCinema\PlayMovie\PMVService.exe
(CyberLink Corp.) C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(cyberlink) C:\Program Files\CyberLink\Shared Files\brs.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Canon Electronics Inc.) C:\Program Files\Canon Electronics\DRC125\TouchDR.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\eCopy PDF Pro Office\PdfPro7Hook.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\Medion AG\NSU\NSU.exe
(1&1 Mail & Media GmbH) C:\Users\Ralf\AppData\Local\WEB.DE Application {sync-000021}\webde_onlinespeicher.exe
(Audible, Inc.) C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
() C:\Program Files\maxdome\DCBin\DCTrayApp.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Dropbox, Inc.) C:\Users\Ralf\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
(Intel(R) Corporation) C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TVBroadcast] - C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe [797696 2007-08-07] (ODSoft multimedia)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4702208 2007-08-17] (Realtek Semiconductor)
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [178712 2007-10-08] (Intel Corporation)
HKLM\...\Run: [NMSSupport] - C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [439512 2007-06-27] (Intel Corporation)
HKLM\...\Run: [CCUTRAYICON] - C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe [215256 2007-06-27] (Intel(R) Corporation)
HKLM\...\Run: [toolbar_eula_launcher] - C:\Program Files\GoogleEULA\EULALauncher.exe [16896 2007-02-09] ( )
HKLM\...\Run: [Logitech Hardware Abstraction Layer] - C:\Windows\KHALMNPR.Exe [76304 2008-02-29] (Logitech, Inc.)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdc.exe [563080 2007-01-24] (Microsoft Corporation)
HKLM\...\Run: [ccApp] - C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE [51048 2008-10-17] (Symantec Corporation)
HKLM\...\Run: [T-Home Dialerschutz-Software] - C:\Program Files\T-Online\Dialerschutz-Software\Defender.exe [1411720 2010-03-29] (T-Systems International GmbH)
HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [606208 2009-10-13] ()
HKLM\...\Run: [3170 Scan2PC] - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe [503808 2009-06-11] ()
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.Exe [76304 2008-02-29] (Logitech, Inc.)
HKLM\...\Run: [WinampAgent] - "C:\Program Files\Winamp\winampa.exe"
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [AllShareAgent] - C:\Program Files\Samsung\AllShare\AllShareAgent.exe
HKLM\...\Run: [RemoteControl] - C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe [87336 2008-07-21] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] - C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe [62760 2008-05-14] ()
HKLM\...\Run: [PlayMovie] - C:\Program Files\HomeCinema\PlayMovie\PMVService.exe [172032 2007-09-07] (CyberLink Corp.)
HKLM\...\Run: [TVEService] - C:\Program Files\HomeCinema\TV Enhance\TVEService.exe [155648 2007-10-19] (CyberLink Corp.)
HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [220160 2007-11-30] (Google)
HKLM\...\Run: [BDRegion] - C:\Program Files\CyberLink\Shared Files\brs.exe [75048 2009-03-18] (cyberlink)
HKLM\...\Run: [Memeo Instant Backup] - C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-09-28] (Memeo Inc.)
HKLM\...\Run: [LexwareInfoService] - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [339312 2010-09-15] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [PMBVolumeWatcher] - C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724536 2012-04-22] (Sony Corporation)
HKLM\...\Run: [CANON DR-C125 SVC] - rundll32.exe DRDCSVC.DLL,EntryPointUserMessage
HKLM\...\Run: [DR-C125 CaptureOnTouch] - C:\Program Files\Canon Electronics\DRC125\TouchDR.exe [942080 2011-10-17] (Canon Electronics Inc.)
HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [OpwareSE4] - C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe [79136 2007-11-13] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2009-03-02] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2009-03-02] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] - C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFHook] - C:\Program Files\Nuance\eCopy PDF Pro Office\PdfPro7Hook.exe [1766688 2011-03-17] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF7 Registry Controller] - C:\Program Files\Nuance\eCopy PDF Pro Office\RegistryController.exe [138528 2011-03-17] (Nuance Communications, Inc.)
HKLM\...\Run: [PdfProInboxMonitor] - C:\Program Files\Nuance\eCopy PDF Pro Office\InboxMonitor.exe [114176 2011-03-17] ()
HKLM\...\Run: [InboxMonitor] - C:\Program Files\Nuance\eCopy PDF Pro Office\InboxMonitor.exe [114176 2011-03-17] ()
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Runonce: [Del1282546] - cmd.exe /Q /D /c del "C:\Users\Ralf\AppData\Local\Temp\0.del"
HKLM\...\Runonce: [Del1369875] - cmd.exe /Q /D /c del "C:\Users\Ralf\AppData\Local\Temp\0.del"
HKCU\...\Run: [NSU] - C:\Program Files\Medion AG\NSU\NSU.exe [1789440 2011-10-20] ()
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-02-19] (Google Inc.)
HKCU\...\Run: [ISUSPM] - -scheduler
HKCU\...\Run: [WEB.DE Application {sync-000021}] - C:\Users\Ralf\AppData\Local\WEB.DE Application {sync-000021}\webde_onlinespeicher.exe [873472 2013-08-27] (1&1 Mail & Media GmbH)
HKCU\...\Runonce: [Del1282546] - cmd.exe /Q /D /c del "C:\Users\Ralf\AppData\Local\Temp\0.del"
HKCU\...\Runonce: [Del1369875] - cmd.exe /Q /D /c del "C:\Users\Ralf\AppData\Local\Temp\0.del"
MountPoints2: {cf9ab83c-9f22-11dc-8fd3-806e6f6e6963} - H:\wubi.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Gast\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\IUSR_NMPR(427)\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\IUSR_NMPR(427)\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-19] (Microsoft Corporation)
HKU\IUSR_NMPR(427)\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
HKU\IUSR_NMPR(427)\...\Run: [STAMPIT-Tray] - C:\Program Files\STAMPIT\Binary\Stray.exe
HKU\IUSR_NMPR(427)\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2009-02-19] (Google Inc.)
HKU\IUSR_NMPR(427)\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [ 2008-01-19] (Microsoft Corporation)
AppInit_DLLs: c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll l C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [ 2013-10-22] ()
Startup: C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ralf\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8100 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8100 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8100\bin\HPStatusBL.dll (Hewlett-Packard Co.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchya.com/?f=1&a=syd91&cd=2XzuyEtN2Y1L1QzutDtDtC0DzytBtBzyyDyE0Dzzzzzzzz0DtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFyCtFtCtDzyyBtN1L1Czu0D0S1L2Z1P1B&cr=2008227580&ir=
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://search.babylon.com/?affID=110000&tt=060612_8_&babsrc=HP_ss&mntrId=94bc888d0000000000000015af43f830
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=94BC00FF6A903013&affID=121565&tsp=5017
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchya.com/?f=1&a=syd91&cd=2XzuyEtN2Y1L1QzutDtDtC0DzytBtBzyyDyE0Dzzzzzzzz0DtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFyCtFtCtDzyyBtN1L1Czu0D0S1L2Z1P1B&cr=2008227580&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
URLSearchHook: HKLM - (No Name) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No File
URLSearchHook: HKLM - (No Name) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - No File
URLSearchHook: HKCU - (No Name) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No File
URLSearchHook: HKCU - (No Name) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - No File
SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.searchya.com/?q={searchTerms}&f=4&a=syd91&cd=2XzuyEtN2Y1L1QzutDtDtC0DzytBtBzyyDyE0Dzzzzzzzz0DtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFyCtFtCtDzyyBtN1L1Czu0D0S1L2Z1P1B&cr=2008227580&ir=
SearchScopes: HKLM - Backup.Old.DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
SearchScopes: HKLM - {58A627FC-1F8A-DA9C-07D8-7A105CFA2436} URL = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1QzutDtDtC0DzytBtBzyyDyE0Dzzzzzzzz0DtN0D0TzutBtDtCtBtDyCtCyB&cr=1115120715
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.searchya.com/?q={searchTerms}&f=4&a=syd91&cd=2XzuyEtN2Y1L1QzutDtDtC0DzytBtBzyyDyE0Dzzzzzzzz0DtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFyCtFtCtDzyyBtN1L1Czu0D0S1L2Z1P1B&cr=2008227580&ir=
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.searchya.com/?q={searchTerms}&f=4&a=syd91&cd=2XzuyEtN2Y1L1QzutDtDtC0DzytBtBzyyDyE0Dzzzzzzzz0DtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFyCtFtCtDzyyBtN1L1Czu0D0S1L2Z1P1B&cr=2008227580&ir=
SearchScopes: HKCU - Backup.Old.DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {07ED6460-6CD1-CBE8-7310-036F23E665C4} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=110000&tt=060612_8_&babsrc=SP_ss&mntrId=94bc888d0000000000000015af43f830
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.searchya.com/?q={searchTerms}&f=4&a=syd91&cd=2XzuyEtN2Y1L1QzutDtDtC0DzytBtBzyyDyE0Dzzzzzzzz0DtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFyCtFtCtDzyyBtN1L1Czu0D0S1L2Z1P1B&cr=2008227580&ir=
SearchScopes: HKCU - {58A627FC-1F8A-DA9C-07D8-7A105CFA2436} URL = hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=94BC00FF6A903013&affID=121565&tsp=5017
SearchScopes: HKCU - {95D50E48-C1BF-4774-9693-8AD26DA5B4EC} URL = hxxp://start.funmoods.com/results.php?f=4&a=make&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
SearchScopes: HKCU - {E7DD2489-B144-47AC-9244-14600FFEF907} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=9M&apn_dtid=OSJ000&apn_uid=E5CA3136-0D7A-439B-A331-DF8813EAA9C3&apn_sauid=F6EC950B-0A6F-4136-81AF-3DEBB8FE5FEE
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO: No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
BHO: No Name - {40c3cc16-7269-4b32-9531-17f2950fb06f} - No File
BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\eCopy PDF Pro Office\bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: No Name - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.24.6\bh\delta.dll (Delta-search.com)
BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No File
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - Norton-Symbolleiste anzeigen - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - No Name - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No File
Toolbar: HKLM - No Name - {40c3cc16-7269-4b32-9531-17f2950fb06f} - No File
Toolbar: HKLM - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.24.6\deltaTlbr.dll (Delta-search.com)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - Norton-Symbolleiste anzeigen - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No File
Toolbar: HKCU - No Name - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - No File
Toolbar: HKCU - No Name - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} hxxp://www.nero.com/doc/NeroVersionCheckerControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://192.168.2.62:92/codebase/DVM_IPCam2.ocx
DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://tonline.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {DF6504AC-3EFE-4287-B259-FB299B069C95} https://img.web.de/v/mail/activex/fa_os_mms/upload_1141.cab
Handler: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax (ACE GmbH)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Generic\Network Printer Wizard\NPWprint.dll [151552] (Elite Silicon Technology Inc.)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\b85l1wqd.default
FF user.js: detected! => C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\b85l1wqd.default\user.js
FF NewTab: hxxp://www.searchgol.com/?babsrc=NT_ss&mntrId=94BC00FF6A903013&affID=121565&tsp=5017
FF DefaultSearchEngine: SearchYa!
FF SearchEngineOrder.1: SearchYa!
FF SelectedSearchEngine: SearchYa!
FF Homepage: hxxp://www.searchya.com/?f=1&a=syd91&cd=2XzuyEtN2Y1L1QzutDtDtC0DzytBtBzyyDyE0Dzzzzzzzz0DtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFyCtFtCtDzyyBtN1L1Czu0D0S1L2Z1P1B&cr=2008227580&ir=
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @fluxdvd.com/NPWMDRMWrapper - C:\Program Files\Videoload Manager\NPWMDRMWrapper.dll ( )
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF - C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF Plugin: @protectdisc.com/NPMPDRM - C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )
FF Plugin: @real.com/nppl3260;version=6.0.11.2768 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.2826 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1578 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: ZEON/PDF,version=2.0 - C:\Program Files\Nuance\eCopy PDF Pro Office\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Ralf\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\b85l1wqd.default\searchplugins\BitGuard.xml
FF SearchPlugin: C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\b85l1wqd.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\b85l1wqd.default\searchplugins\funmoods.xml
FF SearchPlugin: C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\b85l1wqd.default\searchplugins\Search.xml
FF SearchPlugin: C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\b85l1wqd.default\searchplugins\SearchYa!.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Delta Toolbar - C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\b85l1wqd.default\Extensions\ffxtlbr@delta.com
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\b85l1wqd.default\Extensions\ich@maltegoetz.de
FF Extension: No Name - C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\b85l1wqd.default\Extensions\staged
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\b85l1wqd.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Nuova scheda - C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\b85l1wqd.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}
FF Extension: DownloadHelper - C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\b85l1wqd.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: CSHelper - C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\b85l1wqd.default\Extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473}
FF Extension: fdm_ffext - C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\b85l1wqd.default\Extensions\fdm_ffext@freedownloadmanager.org
FF Extension: nuance - C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\b85l1wqd.default\Extensions\nuance@pdf7
FF Extension: No Name - C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\b85l1wqd.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: Adblock Plus - C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\b85l1wqd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF HKCU\...\Thunderbird\Extensions: [{0E810812-F4BB-4309-942A-755587587A5E}] - C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter
========================== Services (Whitelisted) =================
R2 AlertService; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [223448 2007-06-27] (Intel(R) Corporation)
R2 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [243064 2007-08-31] (Symantec Corporation)
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [149352 2008-10-17] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [149352 2008-10-17] (Symantec Corporation)
R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [654640 2009-04-15] (REINER SCT)
R2 CLTNetCnService; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [149352 2008-10-17] (Symantec Corporation)
S3 comHost; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [55640 2007-08-22] (Symantec Corporation)
R2 CPUCooLServer; C:\Program Files\CPUCooL\CooLSrv.exe [743936 2011-12-01] ()
R2 DFSVC; C:\Program Files\T-Online\Dialerschutz-Software\DFInject.exe [288768 2009-10-21] (T-Systems International GmbH)
S3 DHTRACE; C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [39640 2007-06-27] (Intel(R) Corporation)
R2 DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896 2007-02-12] ()
S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
R2 GnabService; c:\program files\common files\gnab\service\servicecontroller.exe [36864 2007-04-13] (Empolis GmbH)
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe [69120 2007-11-30] (Google)
R2 ISSM; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [59096 2007-06-27] (Intel(R) Corporation)
S3 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [121360 2008-05-02] (Logitech, Inc.)
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [3192184 2007-08-23] (Symantec Corporation)
R2 LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [149352 2008-10-17] (Symantec Corporation)
S2 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [268504 2007-06-27] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MCLServiceATL; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [157912 2007-06-27] (Intel(R) Corporation)
R2 MCSWASVR; C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [12800 2011-11-23] (Deutsche Telekom AG)
R2 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2011-09-28] (Memeo)
R2 NitroReaderDriverReadSpool2; C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [196904 2011-12-20] (Nitro PDF Software)
R2 NMSCore; C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [317656 2007-06-27] (Intel(R) Corporation)
R2 NPWService; C:\Program Files\Generic\Network Printer Wizard\NPWService.exe [462848 2008-09-17] ()
R2 PDFProFiltSrv; C:\Program Files\Nuance\eCopy PDF Pro Office\PDFProFiltSrv.exe [134432 2011-03-17] (Nuance Communications, Inc.)
R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474168 2012-04-22] (Sony Corporation)
R2 Prosieben; C:\Program Files\maxdome\DCBin\DCService.exe [77032 2009-05-01] (Entriq, Inc.)
R2 QualityManager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [272600 2007-06-27] (Intel(R) Corporation)
R2 Remote UI Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [446680 2007-06-27] (Intel(R) Corporation)
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
R2 srvcPVR; C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [1681408 2007-08-16] (Buhl Data Service GmbH)
S3 Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [1251720 2008-05-20] ()
R2 TVECapSvc; C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe [290909 2007-10-19] ()
R2 TVESched; C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe [114779 2007-10-19] ()
S3 UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG)
R2 x10nets; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [20480 2001-11-12] (X10)
R2 AirPrint; C:\AirPrint\airprint.exe -R _ipp._tcp,_universal -s [x]
==================== Drivers (Whitelisted) ====================
R3 3xHybrid; C:\Windows\System32\DRIVERS\3xHybrid.sys [1006816 2009-09-24] (NXP Semiconductors Germany GmbH)
R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz)
R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [23040 2008-02-17] (REINER SCT)
S3 COH_Mon; C:\Windows\system32\Drivers\COH_Mon.sys [23888 2008-07-30] (Symantec Corporation)
R2 CO_Mon; C:\Windows\system32\drivers\CO_Mon.sys [36056 2007-08-09] (Symantec Corporation)
S3 cpuz135; C:\Windows\TEMP\cpuz135\cpuz135_x32.sys [21992 2012-03-21] (CPUID)
S3 DectEnum; C:\Windows\System32\Drivers\DectEnum.sys [8448 2005-03-01] (Siemens AG)
R3 DFSYS; C:\Program Files\T-Online\Dialerschutz-Software\DFSYS.SYS [14624 2009-10-15] (T-Systems International GmbH)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2009-03-25] (Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-08-27] (Symantec Corporation)
U3 EraserUtilDrv11311; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys [108120 2013-09-04] (Symantec Corporation)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc. )
S3 GigasetGenericUSB; C:\Windows\System32\DRIVERS\GigasetGenericUSB.sys [44032 2009-02-20] (Siemens Home and Office Communication Devices GmbH & Co. KG)
S3 Gigusb; C:\Windows\System32\Drivers\Gigusb.sys [53632 2005-03-01] (Siemens AG)
R0 hotcore3; C:\Windows\System32\drivers\hotcore3.sys [38448 2007-04-24] (Paragon Software Group)
S3 HRCMPA; C:\Windows\System32\DRIVERS\hrcmpa.sys [263751 2004-09-08] (SIEMENS AG)
R1 IDSvix86; C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20131106.001\IDSvix86.sys [286328 2011-10-17] (Symantec Corporation)
R3 IntelDH; C:\Windows\System32\Drivers\IntelDH.sys [5632 2007-10-15] (Intel Corporation)
S3 IUAPIWDM; C:\Windows\System32\DRIVERS\IUAPIWDM.sys [50759 2004-09-08] (SIEMENS AG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-11-09] (Malwarebytes Corporation)
R3 MirayVirtualDisk; C:\Windows\System32\DRIVERS\mvd.sys [168016 2013-05-12] (Miray)
R3 NAVENG; C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20131108.018\NAVENG.SYS [93272 2013-09-04] (Symantec Corporation)
R3 NAVEX15; C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20131108.018\NAVEX15.SYS [1612376 2013-09-04] (Symantec Corporation)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [554496 2007-09-21] (Ralink Technology Corp.)
R2 nmsunidr; C:\Windows\System32\DRIVERS\nmsunidr.sys [5376 2007-02-18] (Gteko Ltd.)
S3 siellif; C:\Windows\System32\Drivers\siellif.sys [113408 2005-03-01] (Siemens AG)
R3 SipIMNDI; C:\Windows\System32\DRIVERS\SipIMNDI.sys [24352 2009-10-15] (T-Systems International GmbH)
R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [447024 2008-09-05] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [279088 2007-11-30] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [317616 2007-11-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2007-11-30] (Symantec Corporation)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2007-08-13] (Samsung Electronics)
R3 SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [13616 2009-02-19] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [124464 2009-01-09] (Symantec Corporation)
R3 SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [96560 2009-02-19] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [24112 2009-02-19] (Symantec Corporation)
R3 SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [41008 2009-02-19] (Symantec Corporation)
R3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [22320 2009-02-19] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [184496 2009-02-19] (Symantec Corporation)
S3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2011-11-11] (TeamViewer GmbH)
S3 TSHWMDTCP; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [14552 2007-06-27] ()
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\HomeCinema\PlayMovie\000.fcl [41456 2007-10-11] (Cyberlink Corp.)
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B}; C:\Program Files\HomeCinema\PowerDVD\000.fcl [87536 2009-03-18] (CyberLink Corp.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 dsltestSp5; System32\Drivers\dsltestSp5.sys [x]
S3 EST_BusEnum; system32\DRIVERS\GenBus.sys [x]
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [43904 2009-02-18] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [x]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-09 12:40 - 2013-11-09 12:40 - 00000000 ____D C:\FRST
2013-11-09 12:38 - 2013-11-09 12:38 - 00000444 _____ C:\Users\Ralf\Desktop\defogger_disable.log
2013-11-09 12:36 - 2013-11-09 12:36 - 00000000 _____ C:\Users\Ralf\defogger_reenable
2013-11-09 12:35 - 2013-11-09 12:35 - 01089445 _____ (Farbar) C:\Users\Ralf\Desktop\FRST.exe
2013-11-09 12:35 - 2013-11-09 12:35 - 00377856 _____ C:\Users\Ralf\Desktop\gmer_2.1.19163.exe
2013-11-09 12:35 - 2013-11-09 12:35 - 00050477 _____ C:\Users\Ralf\Desktop\Defogger.exe
2013-11-09 12:31 - 2013-11-09 12:31 - 00000000 ____D C:\Program Files\iMesh Applications
2013-11-09 12:21 - 2013-11-09 12:21 - 00000288 _____ C:\Windows\Tasks\Searchya.job
2013-11-09 12:21 - 2013-11-09 12:20 - 00358440 _____ C:\Users\Ralf\AppData\Local\searchya-speeddial.crx
2013-11-09 12:20 - 2013-11-09 12:26 - 00000000 ____D C:\Users\Ralf\AppData\Roaming\searchya
2013-11-09 12:19 - 2013-11-09 12:19 - 00000000 ____D C:\Users\Ralf\AppData\Roaming\DigitalSite
2013-11-09 12:16 - 2013-11-09 12:38 - 00000000 ____D C:\Users\Ralf\Downloads\AAAAAAAAAAAAAAAA
2013-11-09 12:11 - 2013-11-09 12:11 - 00000000 ____D C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2013-11-09 12:01 - 2013-11-09 12:01 - 00000020 ___SH C:\Users\TEMP\ntuser.ini
2013-11-09 12:01 - 2013-11-09 12:01 - 00000000 _SHDL C:\Users\TEMP\Startmenü
2013-11-09 12:01 - 2013-11-09 12:01 - 00000000 _SHDL C:\Users\TEMP\Netzwerkumgebung
2013-11-09 12:01 - 2013-11-09 12:01 - 00000000 _SHDL C:\Users\TEMP\Druckumgebung
2013-11-09 12:01 - 2013-11-09 12:01 - 00000000 _SHDL C:\Users\TEMP\Documents\Eigene Musik
2013-11-09 12:01 - 2013-11-09 12:01 - 00000000 _SHDL C:\Users\TEMP\Documents\Eigene Bilder
2013-11-09 12:01 - 2013-11-09 12:01 - 00000000 _SHDL C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-11-09 12:01 - 2013-11-09 12:01 - 00000000 _SHDL C:\Users\TEMP\AppData\Local\Verlauf
2013-11-09 12:01 - 2013-11-08 21:47 - 00000000 ___RD C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-11-09 12:01 - 2013-11-08 21:47 - 00000000 ___RD C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-09 12:01 - 2008-09-10 18:21 - 00000000 ____D C:\Users\TEMP\AppData\Local\Microsoft Help
2013-11-09 10:49 - 2013-11-09 10:49 - 00159352 _____ C:\Windows\Minidump\Mini110913-02.dmp
2013-11-09 09:11 - 2013-11-09 09:11 - 00159352 _____ C:\Windows\Minidump\Mini110913-01.dmp
2013-11-08 22:28 - 2013-11-09 10:59 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-11-08 00:24 - 2013-11-08 00:24 - 00000000 ____D C:\Users\Ralf\AppData\Roaming\Malwarebytes
2013-11-08 00:23 - 2013-11-08 00:24 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-08 00:23 - 2013-11-08 00:23 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-08 00:23 - 2013-11-08 00:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-08 00:23 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-08 00:22 - 2013-11-08 00:22 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Ralf\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-07 15:44 - 2013-11-07 15:44 - 00001668 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-07 15:43 - 2013-11-07 15:44 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-07 15:43 - 2013-11-07 15:44 - 00000000 ____D C:\Program Files\iTunes
2013-11-07 15:43 - 2013-11-07 15:43 - 00000000 ____D C:\Program Files\iPod
2013-10-30 21:11 - 2013-10-30 21:11 - 00000716 _____ C:\Users\Ralf\Desktop\InstarVision 1.3.lnk
2013-10-30 21:11 - 2013-10-30 21:11 - 00000000 ____D C:\INSTAR
2013-10-30 21:11 - 2006-01-13 08:23 - 00364032 _____ (CoreCodec) C:\Windows\system32\CoreAVCDecoder.ax
2013-10-30 21:11 - 2004-07-09 09:47 - 00167936 _____ C:\Windows\system32\CoreAACDecoder.ax
2013-10-29 15:41 - 2013-11-07 20:09 - 00002469 _____ C:\Users\Public\Desktop\INSTAR Camera Tool.lnk
2013-10-29 15:41 - 2013-10-29 15:41 - 00000000 ____D C:\Program Files\INSTAR
2013-10-28 08:26 - 2013-10-28 08:26 - 00000000 ____D C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-10-27 14:35 - 2013-10-27 14:34 - 01180287 _____ C:\Users\Ralf\Desktop\04 The black Pearl (Dave Darell Radi 1.m4r
2013-10-27 11:33 - 2013-10-27 11:35 - 00000000 ____D C:\Users\Ralf\WEB.DE Online-Speicher
2013-10-27 11:33 - 2013-10-27 11:35 - 00000000 ____D C:\Users\Ralf\AppData\Local\WEB.DE Application {sync-000021}
2013-10-27 11:33 - 2013-10-27 11:33 - 02975728 _____ (1&1 Mail & Media GmbH) C:\Users\Ralf\Downloads\webde_onlinespeicher_setup.exe
2013-10-27 11:33 - 2013-10-27 11:33 - 00001171 _____ C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WEB.DE Online-Speicher.lnk
2013-10-27 11:33 - 2013-10-27 11:33 - 00001163 _____ C:\Users\Ralf\Desktop\WEB.DE Online-Speicher.lnk
2013-10-26 20:18 - 2013-10-26 20:18 - 00000000 ____D C:\ProgramData\Oracle
2013-10-26 20:17 - 2013-10-26 20:17 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-26 20:17 - 2013-10-26 20:17 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-26 20:17 - 2013-10-26 20:17 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-26 20:17 - 2013-10-26 20:17 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-26 19:23 - 2013-10-26 19:22 - 07154120 _____ (Rene.E Laboratory ) C:\Users\Ralf\Downloads\ReneeUndeleter_2013.exe
2013-10-25 20:32 - 2013-10-29 14:43 - 00000000 ____D C:\Users\Ralf\Documents\Korrespondenz Beermann
2013-10-21 19:39 - 2013-08-21 17:35 - 01842045 _____ C:\Users\Ralf\Desktop\INSTAR_Camera_Tool_2.0.1de.exe
2013-10-21 19:28 - 2013-08-21 17:35 - 01842045 _____ C:\Users\Ralf\INSTAR_Camera_Tool_2.0.1de.exe
2013-10-13 13:42 - 2013-10-13 13:42 - 00052656 _____ C:\Users\Ralf\Downloads\unassoc_1_4.zip
2013-10-12 21:03 - 2013-10-12 21:03 - 00000000 ____D C:\Users\Ralf\AppData\Roaming\WindSolutions
2013-10-12 21:02 - 2013-10-12 21:02 - 00000000 ____D C:\ProgramData\WindSolutions
2013-10-11 15:52 - 2013-10-11 16:05 - 653056624 _____ C:\Users\Ralf\Downloads\Duden_Home.exe
2013-10-11 07:51 - 2013-10-11 20:17 - 00000000 ____D C:\Program Files\CPUCooL
2013-10-11 07:51 - 2013-10-11 07:51 - 04200348 _____ C:\Users\Ralf\Downloads\CPUCOOL9.EXE
2013-10-10 21:22 - 2013-10-09 22:06 - 00212806 _____ C:\Users\Ralf\AppData\Local\T.wav
==================== One Month Modified Files and Folders =======
2013-11-09 12:40 - 2013-11-09 12:40 - 00000000 ____D C:\FRST
2013-11-09 12:38 - 2013-11-09 12:38 - 00000444 _____ C:\Users\Ralf\Desktop\defogger_disable.log
2013-11-09 12:38 - 2013-11-09 12:16 - 00000000 ____D C:\Users\Ralf\Downloads\AAAAAAAAAAAAAAAA
2013-11-09 12:38 - 2012-04-05 23:01 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-09 12:36 - 2013-11-09 12:36 - 00000000 _____ C:\Users\Ralf\defogger_reenable
2013-11-09 12:36 - 2007-11-30 10:17 - 00000000 ____D C:\Users\Ralf
2013-11-09 12:35 - 2013-11-09 12:35 - 01089445 _____ (Farbar) C:\Users\Ralf\Desktop\FRST.exe
2013-11-09 12:35 - 2013-11-09 12:35 - 00377856 _____ C:\Users\Ralf\Desktop\gmer_2.1.19163.exe
2013-11-09 12:35 - 2013-11-09 12:35 - 00050477 _____ C:\Users\Ralf\Desktop\Defogger.exe
2013-11-09 12:31 - 2013-11-09 12:31 - 00000000 ____D C:\Program Files\iMesh Applications
2013-11-09 12:26 - 2013-11-09 12:20 - 00000000 ____D C:\Users\Ralf\AppData\Roaming\searchya
2013-11-09 12:21 - 2013-11-09 12:21 - 00000288 _____ C:\Windows\Tasks\Searchya.job
2013-11-09 12:20 - 2013-11-09 12:21 - 00358440 _____ C:\Users\Ralf\AppData\Local\searchya-speeddial.crx
2013-11-09 12:19 - 2013-11-09 12:19 - 00000000 ____D C:\Users\Ralf\AppData\Roaming\DigitalSite
2013-11-09 12:16 - 2011-09-17 19:36 - 00000000 ____D C:\Users\Ralf\AppData\Roaming\Dropbox
2013-11-09 12:15 - 2010-02-20 14:13 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-09 12:12 - 2011-09-17 19:44 - 00000000 ___RD C:\Users\Ralf\Dropbox
2013-11-09 12:11 - 2013-11-09 12:11 - 00000000 ____D C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2013-11-09 12:11 - 2010-05-08 10:45 - 00107333 _____ C:\ProgramData\nvModes.dat
2013-11-09 12:11 - 2010-05-08 10:45 - 00107333 _____ C:\ProgramData\nvModes.001
2013-11-09 12:08 - 2010-02-20 14:13 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-09 12:07 - 2006-11-02 11:33 - 01587196 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-09 12:04 - 2007-11-30 10:07 - 01879039 _____ C:\Windows\WindowsUpdate.log
2013-11-09 12:01 - 2013-11-09 12:01 - 00000020 ___SH C:\Users\TEMP\ntuser.ini
2013-11-09 12:01 - 2013-11-09 12:01 - 00000000 _SHDL C:\Users\TEMP\Startmenü
2013-11-09 12:01 - 2013-11-09 12:01 - 00000000 _SHDL C:\Users\TEMP\Netzwerkumgebung
2013-11-09 12:01 - 2013-11-09 12:01 - 00000000 _SHDL C:\Users\TEMP\Druckumgebung
2013-11-09 12:01 - 2013-11-09 12:01 - 00000000 _SHDL C:\Users\TEMP\Documents\Eigene Musik
2013-11-09 12:01 - 2013-11-09 12:01 - 00000000 _SHDL C:\Users\TEMP\Documents\Eigene Bilder
2013-11-09 12:01 - 2013-11-09 12:01 - 00000000 _SHDL C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-11-09 12:01 - 2013-11-09 12:01 - 00000000 _SHDL C:\Users\TEMP\AppData\Local\Verlauf
2013-11-09 12:01 - 2012-01-08 02:18 - 00000431 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-11-09 12:00 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-09 12:00 - 2006-11-02 13:47 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-09 12:00 - 2006-11-02 13:47 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-09 10:59 - 2013-11-08 22:28 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-11-09 10:49 - 2013-11-09 10:49 - 00159352 _____ C:\Windows\Minidump\Mini110913-02.dmp
2013-11-09 10:49 - 2012-07-20 15:59 - 380885748 _____ C:\Windows\MEMORY.DMP
2013-11-09 10:49 - 2012-07-20 15:59 - 00000000 ____D C:\Windows\Minidump
2013-11-09 10:43 - 2012-03-24 11:36 - 00000000 ____D C:\Users\Ralf\AppData\Local\CrashDumps
2013-11-09 09:11 - 2013-11-09 09:11 - 00159352 _____ C:\Windows\Minidump\Mini110913-01.dmp
2013-11-08 21:49 - 2013-05-10 21:04 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-11-08 21:49 - 2011-12-19 23:27 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-11-08 21:49 - 2007-12-27 16:56 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-08 21:49 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\system32\restore
2013-11-08 21:49 - 2006-11-02 12:18 - 00000000 __RSD C:\Windows\Media
2013-11-08 21:49 - 2006-11-02 12:18 - 00000000 ___RD C:\Windows\Offline Web Pages
2013-11-08 21:49 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\spool
2013-11-08 21:48 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Help
2013-11-08 21:47 - 2013-11-09 12:01 - 00000000 ___RD C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-11-08 21:47 - 2013-11-09 12:01 - 00000000 ___RD C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-08 21:47 - 2013-08-17 13:06 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-08 21:47 - 2013-05-10 21:04 - 00000000 ___RD C:\Program Files\Skype
2013-11-08 21:47 - 2013-02-16 21:38 - 00000000 ___RD C:\Users\Ralf\Mediencenter
2013-11-08 21:47 - 2012-06-16 22:37 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-11-08 21:47 - 2012-06-16 22:37 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-08 21:47 - 2012-06-16 22:37 - 00000000 ____D C:\Users\Gast
2013-11-08 21:47 - 2012-06-16 21:52 - 00000000 ____D C:\Users\Ralf\Documents\StreamTransport
2013-11-08 21:47 - 2012-04-25 21:48 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-08 21:47 - 2012-02-19 23:46 - 00000000 ____D C:\Users\Ralf\AppData\Roaming\vlc
2013-11-08 21:47 - 2011-12-19 23:39 - 00000000 ____D C:\Users\Ralf\Documents\Audible
2013-11-08 21:47 - 2010-11-26 15:10 - 00000000 ____D C:\Program Files\Gigaset QuickSync
2013-11-08 21:47 - 2010-08-13 19:11 - 00000000 ____D C:\Users\Ralf\Downloads\Musik
2013-11-08 21:47 - 2010-06-18 06:50 - 00000000 ____D C:\Users\Ralf\Desktop\USB-Stick Ralfs Daten 20120110
2013-11-08 21:47 - 2010-05-28 22:14 - 00000000 ____D C:\Users\Ralf\Documents\Scans
2013-11-08 21:47 - 2009-05-17 13:13 - 00000000 ____D C:\Users\Ralf\Documents\Silberhochzeit Uli und Susanne
2013-11-08 21:47 - 2009-02-13 19:22 - 00000000 ____D C:\Users\Public\Documents\Symantec
2013-11-08 21:47 - 2008-09-24 19:12 - 00000000 ____D C:\Users\Ralf\Documents\Kopie 1 GB Acer Stick 080924
2013-11-08 21:47 - 2008-06-17 11:54 - 00000000 ____D C:\Users\Ralf\AppData\Roaming\FreeCommander
2013-11-08 21:47 - 2008-06-01 09:55 - 00000000 ____D C:\Users\Ralf\Desktop\Klassentreffen 2008 Grundschule
2013-11-08 21:47 - 2007-12-10 21:41 - 00000000 ____D C:\Users\Ralf\AppData\Local\Microsoft Help
2013-11-08 21:47 - 2007-11-30 10:17 - 00000000 ____D C:\Users\Ralf\AppData\Local\TVEnhance
2013-11-08 21:47 - 2007-10-15 17:26 - 00000000 ___RD C:\Program Files\STAMPIT
2013-11-08 21:47 - 2007-10-15 17:15 - 00000000 ___HD C:\Users\IUSR_NMPR(1042)
2013-11-08 21:47 - 2007-10-10 11:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-08 21:47 - 2007-10-09 16:42 - 00000000 ____D C:\Program Files\Microsoft Works
2013-11-08 21:47 - 2006-11-02 13:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-11-08 21:47 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Public
2013-11-08 21:47 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-11-08 21:47 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-08 21:47 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-11-08 21:47 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-08 21:47 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\registration
2013-11-08 21:33 - 2008-07-07 18:08 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-11-08 21:33 - 2006-11-02 14:01 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-08 07:56 - 2007-10-10 12:56 - 00239176 _____ C:\Windows\PFRO.log
2013-11-08 00:24 - 2013-11-08 00:24 - 00000000 ____D C:\Users\Ralf\AppData\Roaming\Malwarebytes
2013-11-08 00:24 - 2013-11-08 00:23 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-08 00:23 - 2013-11-08 00:23 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-08 00:23 - 2013-11-08 00:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-08 00:22 - 2013-11-08 00:22 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Ralf\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-07 20:09 - 2013-10-29 15:41 - 00002469 _____ C:\Users\Public\Desktop\INSTAR Camera Tool.lnk
2013-11-07 15:44 - 2013-11-07 15:44 - 00001668 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-07 15:44 - 2013-11-07 15:43 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-07 15:44 - 2013-11-07 15:43 - 00000000 ____D C:\Program Files\iTunes
2013-11-07 15:43 - 2013-11-07 15:43 - 00000000 ____D C:\Program Files\iPod
2013-11-07 15:20 - 2009-01-22 19:47 - 00048128 _____ C:\Users\Ralf\Documents\Einkaufsliste.xls
2013-11-07 00:00 - 2009-02-15 16:38 - 00000368 _____ C:\Windows\Tasks\NeroLiveEpgUpdate-Akoya_Ralf.job
2013-11-06 23:22 - 2013-08-22 16:02 - 00000000 ____D C:\INSTAR_Rec
2013-11-04 23:12 - 2008-05-20 20:48 - 00000594 _____ C:\Windows\Tasks\Norton Internet Security Online - Systemprüfung ausführen - Ralf.job
2013-11-03 20:20 - 2012-03-11 21:00 - 00002547 _____ C:\Users\Ralf\Desktop\Quicken 2012.lnk
2013-11-03 09:47 - 2012-01-22 10:33 - 00000000 ____D C:\Users\Ralf\AppData\Roaming\Nitro PDF
2013-11-02 21:32 - 2010-10-18 19:10 - 00007916 _____ C:\Users\Ralf\AppData\Local\d3d9caps.dat
2013-11-01 08:43 - 2012-12-29 18:04 - 00000180 _____ C:\Windows\setscan.ini
2013-10-30 21:11 - 2013-10-30 21:11 - 00000716 _____ C:\Users\Ralf\Desktop\InstarVision 1.3.lnk
2013-10-30 21:11 - 2013-10-30 21:11 - 00000000 ____D C:\INSTAR
2013-10-29 15:41 - 2013-10-29 15:41 - 00000000 ____D C:\Program Files\INSTAR
2013-10-29 14:43 - 2013-10-25 20:32 - 00000000 ____D C:\Users\Ralf\Documents\Korrespondenz Beermann
2013-10-29 00:08 - 2013-09-26 13:36 - 00000000 ____D C:\ProgramData\BitGuard
2013-10-28 08:26 - 2013-10-28 08:26 - 00000000 ____D C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-10-27 14:34 - 2013-10-27 14:35 - 01180287 _____ C:\Users\Ralf\Desktop\04 The black Pearl (Dave Darell Radi 1.m4r
2013-10-27 11:35 - 2013-10-27 11:33 - 00000000 ____D C:\Users\Ralf\WEB.DE Online-Speicher
2013-10-27 11:35 - 2013-10-27 11:33 - 00000000 ____D C:\Users\Ralf\AppData\Local\WEB.DE Application {sync-000021}
2013-10-27 11:33 - 2013-10-27 11:33 - 02975728 _____ (1&1 Mail & Media GmbH) C:\Users\Ralf\Downloads\webde_onlinespeicher_setup.exe
2013-10-27 11:33 - 2013-10-27 11:33 - 00001171 _____ C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WEB.DE Online-Speicher.lnk
2013-10-27 11:33 - 2013-10-27 11:33 - 00001163 _____ C:\Users\Ralf\Desktop\WEB.DE Online-Speicher.lnk
2013-10-26 20:18 - 2013-10-26 20:18 - 00000000 ____D C:\ProgramData\Oracle
2013-10-26 20:17 - 2013-10-26 20:17 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-26 20:17 - 2013-10-26 20:17 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-26 20:17 - 2013-10-26 20:17 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-26 20:17 - 2013-10-26 20:17 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-26 19:30 - 2012-04-05 20:31 - 00000000 ____D C:\Users\Ralf\Desktop\Samsung Galaxy S II
2013-10-26 19:27 - 2012-04-05 13:17 - 00000000 ____D C:\Program Files\Recuva
2013-10-26 19:22 - 2013-10-26 19:23 - 07154120 _____ (Rene.E Laboratory ) C:\Users\Ralf\Downloads\ReneeUndeleter_2013.exe
2013-10-26 19:14 - 2006-11-02 13:52 - 00188014 _____ C:\Windows\setupact.log
2013-10-23 22:00 - 2009-09-24 18:58 - 00000000 ____D C:\Users\Ralf\AppData\Roaming\Mozilla
2013-10-21 19:34 - 2013-08-21 20:27 - 00000000 ____D C:\Users\Ralf\Downloads\Instar
2013-10-16 17:52 - 2013-08-27 18:56 - 00000000 ____D C:\NPM
2013-10-14 18:29 - 2011-12-24 12:36 - 00000000 ____D C:\Users\Ralf\NSU
2013-10-13 13:45 - 2011-06-15 10:38 - 00001896 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-10-13 13:45 - 2007-10-10 12:06 - 00000000 ____D C:\ProgramData\Adobe
2013-10-13 13:42 - 2013-10-13 13:42 - 00052656 _____ C:\Users\Ralf\Downloads\unassoc_1_4.zip
2013-10-13 11:59 - 2007-12-02 16:52 - 00139776 _____ C:\Users\Ralf\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-13 11:44 - 2013-01-09 13:52 - 00000000 ____D C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-10-12 21:03 - 2013-10-12 21:03 - 00000000 ____D C:\Users\Ralf\AppData\Roaming\WindSolutions
2013-10-12 21:02 - 2013-10-12 21:02 - 00000000 ____D C:\ProgramData\WindSolutions
2013-10-12 19:02 - 2009-05-25 21:09 - 00229264 ____H C:\Windows\system32\mlfcache.dat
2013-10-11 20:17 - 2013-10-11 07:51 - 00000000 ____D C:\Program Files\CPUCooL
2013-10-11 20:08 - 2006-11-02 13:47 - 00493608 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 16:17 - 2013-06-20 06:40 - 00163592 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2013-10-11 16:05 - 2013-10-11 15:52 - 653056624 _____ C:\Users\Ralf\Downloads\Duden_Home.exe
2013-10-11 07:51 - 2013-10-11 07:51 - 04200348 _____ C:\Users\Ralf\Downloads\CPUCOOL9.EXE
Files to move or delete:
====================
C:\Users\Ralf\AppData\Roaming\CamLayout.ini
C:\Users\Ralf\AppData\Roaming\CamShapes.ini
C:\ProgramData\NortonProtectionMemo.exe
C:\Users\Ralf\INSTAR_Camera_Tool_2.0.1de.exe
Some content of TEMP:
====================
C:\Users\Ralf\AppData\Local\Temp\5beqfqxh.dll
C:\Users\Ralf\AppData\Local\Temp\84303uninstall.exe
C:\Users\Ralf\AppData\Local\Temp\APNStub.exe
C:\Users\Ralf\AppData\Local\Temp\APWMInstall.exe
C:\Users\Ralf\AppData\Local\Temp\AuConv.dll
C:\Users\Ralf\AppData\Local\Temp\AuConvEx.dll
C:\Users\Ralf\AppData\Local\Temp\Boot.dll
C:\Users\Ralf\AppData\Local\Temp\BootDriver.dll
C:\Users\Ralf\AppData\Local\Temp\Burn.dll
C:\Users\Ralf\AppData\Local\Temp\CmdAgent.dll
C:\Users\Ralf\AppData\Local\Temp\DataMana.dll
C:\Users\Ralf\AppData\Local\Temp\DevCtrl.dll
C:\Users\Ralf\AppData\Local\Temp\DE_de_Avery_AW31.exe
C:\Users\Ralf\AppData\Local\Temp\FatLib.dll
C:\Users\Ralf\AppData\Local\Temp\FileSystemView.dll
C:\Users\Ralf\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\Ralf\AppData\Local\Temp\firefoxjre_exe-2.exe
C:\Users\Ralf\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Ralf\AppData\Local\Temp\GetDriverInfo.dll
C:\Users\Ralf\AppData\Local\Temp\grubinst.exe
C:\Users\Ralf\AppData\Local\Temp\installChecker.exe
C:\Users\Ralf\AppData\Local\Temp\ISOExport.exe
C:\Users\Ralf\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Ralf\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Ralf\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Ralf\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Ralf\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Ralf\AppData\Local\Temp\Mediencenter_3.6.0.1202.exe
C:\Users\Ralf\AppData\Local\Temp\Mediencenter_3.7.0.1704.exe
C:\Users\Ralf\AppData\Local\Temp\Mediencenter_3.7.0.2204.exe
C:\Users\Ralf\AppData\Local\Temp\MSVCP60.DLL
C:\Users\Ralf\AppData\Local\Temp\nsj4158.tmp.ConduitEngineEmbbed.exe
C:\Users\Ralf\AppData\Local\Temp\RecLib.dll
C:\Users\Ralf\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Ralf\AppData\Local\Temp\setup.exe
C:\Users\Ralf\AppData\Local\Temp\sp_1000051.exe
C:\Users\Ralf\AppData\Local\Temp\Sqlite3.dll
C:\Users\Ralf\AppData\Local\Temp\syslinux.exe
C:\Users\Ralf\AppData\Local\Temp\UninstallRC-8876480.dll
C:\Users\Ralf\AppData\Local\Temp\UserRes.dll
C:\Users\Ralf\AppData\Local\Temp\UserResEx.dll
C:\Users\Ralf\AppData\Local\Temp\vlc-2.0.8-win32.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-09 12:14
==================== End Of Log ============================
Da ich selbst nicht weiß, was jetzt sinnvollerweise zu tun ist, würde ich mich über Hilfe aus dem Forum sehr freuen. |
| Themen zu Vista Home Premium SP2: Fehlermeldung bei Aufruf von allen exe-Dateien: "xxx.exe - Ungültiges Bild" |
| 4d36e972-e325-11ce-bfc1-08002be10318, adblock, adware.agent, adware.gameplaylabs, adware.installbrain, bingbar, dvdvideosoft ltd., farbar, farbar recovery scan tool, galaxy, install.exe, minidump, newtab, officejet, plug-in, pup.bprotector, pup.funmoods, pup.offerbundler.st, pup.optional.babsolution.a, pup.optional.babylon, pup.optional.babylon.a, pup.optional.babylontoolbar.a, pup.optional.bprotector.a, pup.optional.browserdefender.a, pup.optional.bundleinstaller.a, pup.optional.conduit.a, pup.optional.datamngr.a, pup.optional.delta, pup.optional.delta.a, pup.optional.digitalsite.a, pup.optional.iminent.a, pup.optional.opencandy, pup.optional.pcperformer.a, pup.optional.performersoft.a, pup.optional.startpage.a, pup.wirelessnetworktool, systemadministrator, ungültiges |
Baum-Darstellung