| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.12.2013, 08:00
| #16 |
| /// the machine /// TB-Ausbilder    |  Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden? Mit der Scheibe geht das nit. Haste ne vollwertige DVD?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.12.2013, 08:21
| #17 |
 | Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden? Moin, moin,
__________________nee, diese war beim Rechner dabei. Aber ich könnte eine andere besorgen. Meinst Du, daß es mit einer "fremden" DVD legal geht? Danke und viele Grüße Jörg P. S. Was ich besorgen kann, ist eine DVD mit SP2. Kann ich die auf meinem System verwenden? Geändert von Joetra (23.12.2013 um 08:26 Uhr) |
|
23.12.2013, 19:51
| #18 |
| /// the machine /// TB-Ausbilder | Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden? Versuch es, geht aber nicht glaube ich. Wenn Du SP2 manuell zuvor installierst?
__________________
__________________ |
|
24.12.2013, 06:37
| #19 |
| | Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden? Hallo Schrauber, das mit der manuellen Installation habe ich versucht. Leider ist mein Rechner der Meinung, daß dies nicht ohne SP1 geht. Aber SP1 ist installiert. Der Versuch der manuellen Installation von SP1 wird mit der Meldung abgebrochen, daß SP1 bereits installiert ist. Bist Du der Meinung, daß mein Computer frei von Befall ist? Hast Du noch einen anderen Vorschlag? Wenn dies so sein sollte, würde ich ihn noch ein wenig nutzen und ihn dann kpl. neu aufsetzen :-( ... auf jeden Fall kommt eine Spende. Vielen Dank für Deine Hilfe und ein paar stressfreie Tage. Jörg |
|
24.12.2013, 11:25
| #20 |
| /// the machine /// TB-Ausbilder | Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden? Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ZeroAccess:
C:\Users\Joerg\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Bitte nochmal ein frisches FRST log.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.12.2013, 15:05
| #21 |
| | Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden? Guten Tag Schrauber, hier nochmal ein FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-12-2013
Ran by Joerg (administrator) on DESKTOP on 24-12-2013 14:59:39
Running from C:\Users\Joerg\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(B.H.A Corporation) C:\Windows\System32\bgsvcgen.exe
(REINER SCT) C:\Windows\System32\cjpcsc.exe
(devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(IObit) C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
(BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11430504 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [NUSB3MON] - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM\...\Run: [RUSB3MON] - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - KHALMNPR.EXE
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Policies\Explorer: [ShowDriveLettersFirst] 4
HKCU\...\Run: [SyncService] - C:\Program Files\SYNCING.NET\bin\SyncService.exe [1730144 2013-08-20] (ASBYTE)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\Explorer: [TaskbarNoNotification] 1
HKCU\...\Policies\Explorer: [CDRAutoRun] 0
HKU\Carmen\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\Carmen\...\Run: [SyncService] - I:\Program Files\SYNCING.NET\SYNCING.NET\bin\SyncService.exe [ 2009-07-20] (SYNCING.NET Technologies GmbH)
HKU\Carmen\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe
HKU\Carmen\...\Policies\system: [LogonHoursAction] 2
HKU\Carmen\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Catherine-Sophie\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Catherine-Sophie\...\Run: [SyncService] - "C:\Program Files\SYNCING.NET Technologies\SYNCING.NET\bin\SyncService.exe" /silent
HKU\Catherine-Sophie\...\Run: [AusweisApp] - I:\Program Files\AusweisApp\siqBootLoader.exe
HKU\Catherine-Sophie\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)
HKU\Catherine-Sophie\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe
HKU\Catherine-Sophie\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\Catherine-Sophie\...\Policies\system: [LogonHoursAction] 2
HKU\Catherine-Sophie\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\DEG\...\Run: [SyncService] - "C:\Program Files\SYNCING.NET Technologies\SYNCING.NET\bin\SyncService.exe" /silent
HKU\DEG\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe
HKU\DEG\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\DEG\...\Policies\system: [LogonHoursAction] 2
HKU\DEG\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Dominik\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\Dominik\...\Run: [SyncService] - I:\Program Files\SYNCING.NET\SYNCING.NET\bin\SyncService.exe [ 2009-07-20] (SYNCING.NET Technologies GmbH)
HKU\Dominik\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKU\Dominik\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)
HKU\Dominik\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe
HKU\Dominik\...\RunOnce: [Shockwave Updater] - C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_de;_rv:1.9.1.2)_Gecko/20090729_Firefox/3.5.2_(.NET_CLR_3.5.30729)" -"hxxp://www.nordsee-club24.de/blog/urlaub/kinder-und-jugendreisen/campus-nordsee-gaestehaus.html"
HKU\Dominik\...\Policies\system: [LogonHoursAction] 2
HKU\Dominik\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Gast\...\Run: [BullGuard] - "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
HKU\Gast\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\Gast\...\Run: [SyncService] - I:\Program Files\SYNCING.NET\SYNCING.NET\bin\SyncService.exe [ 2009-07-20] (SYNCING.NET Technologies GmbH)
HKU\Gast\...\Run: [AusweisApp] - I:\Program Files\AusweisApp\siqBootLoader.exe
HKU\Gast\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)
HKU\Gast\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe
HKU\Gast\...\RunOnce: [Shockwave Updater] - C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_de;_rv:1.9.1.2)_Gecko/20090729_Firefox/3.5.2_(.NET_CLR_3.5.30729)" -"hxxp://www.nordsee-club24.de/blog/urlaub/kinder-und-jugendreisen/campus-nordsee-gaestehaus.html"
HKU\Gast\...\Policies\system: [LogonHoursAction] 2
HKU\Gast\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\UpdatusUser\...\Run: [SyncService] - "C:\Program Files\SYNCING.NET Technologies\SYNCING.NET\bin\SyncService.exe" /silent
HKU\UpdatusUser\...\Run: [AusweisApp] - I:\Program Files\AusweisApp\siqBootLoader.exe
HKU\UpdatusUser\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)
HKU\UpdatusUser\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe
HKU\UpdatusUser\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\UpdatusUser\...\Policies\system: [LogonHoursAction] 2
HKU\UpdatusUser\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
SearchScopes: HKLM - DefaultScope value is missing.
BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - No File
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: AusweisApp 1.8.0.0 - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Program Files\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - No File
Toolbar: HKCU - No Name - {968631B6-4729-440D-9BF4-251F5593EC9A} - No File
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
ShellExecuteHooks: CExecuteHook Object - {7B0E5486-E11D-437f-AC8B-7901C7D3FCCB} - C:\Program Files\SYNCING.NET\bin\ShellUI.dll [1198176 2013-08-20] (ASBYTE)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\..\Interfaces\{5D24B219-8B75-42F7-B0E3-E3BA710ACB43}: [NameServer]192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887
FF Homepage: hxxp://www.ighome.com/?t=336956
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - I:\Program Files\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @photodex.com/PhotodexPresenter - C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
FF Plugin: @reiner-sct.com/OWOK,version=2.0.0.4 - C:\Program Files\REINER SCT\OWOK\NPAPI-20\nprsct_owok_npapi-2004.dll (REINER Kartengeräte GmbH und Co. KG.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\Multimedia\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Joerg\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Joerg\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
FF Extension: Разпознаване на устройство Logitech - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\DeviceDetection@logitech.com
FF Extension: FRITZ!Box AddOn - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\fb_add_on@avm.de
FF Extension: Foxdie - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\Foxdie@tanjihay.com
FF Extension: Foxdie (Graphite) - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\FoxdieGraphite@tanjihay.com
FF Extension: Geolocater - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\geolocater@3liz.com
FF Extension: KeeFox - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\keefox@chris.tomlinson
FF Extension: Youtube MP3 Podcaster - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\youtubemp3podcaster@jeremy.d.gregorio.com
FF Extension: Forecastfox - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF Extension: Garmin Communicator - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF Extension: EPUBReader - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF Extension: Universal Print - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{BE2100B3-1D80-48eb-ACCF-D26750644378}
FF Extension: Bitdefender QuickScan - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: NASA Night Launch - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\nasanightlaunch@example.com.xpi
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\YoutubeDownloader@PeterOlayev.com.xpi
FF Extension: TweakTube - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{15e67a59-bd3d-49ae-90dd-b3d3fd14c2ed}.xpi
FF Extension: Integrated Inbox for Gmail & Google Apps - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi
FF Extension: X-notifier - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
FF Extension: AddonFox - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4}.xpi
FF Extension: Adblock Plus - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: DownThemAll! - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{4F3D26C8-9907-48ff-BC74-B8C572D317BF}] - C:\Program Files\AusweisApp\mozilla\eCardClientExt_FFxx_Win
FF Extension: AusweisApp - C:\Program Files\AusweisApp\mozilla\eCardClientExt_FFxx_Win
FF HKLM\...\Firefox\Extensions: [{4F0963A3-1658-4fde-9585-23A25CC288BF}] - C:\Program Files\AusweisApp\mozilla\eCardClientPIn_FFxx_Win
FF Extension: AusweisApp - C:\Program Files\AusweisApp\mozilla\eCardClientPIn_FFxx_Win
FF HKCU\...\Firefox\Extensions: [{a3490cb9-8f1a-4bc5-b1a7-6c2bc4b83424}] - C:\Program Files\Show-Password\136.xpi
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Online\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR DefaultSearchURL: hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t
CHR DefaultNewTabURL:
CHR Plugin: (Photodex Presenter Plugin) - C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
CHR Extension: (Amazon-Icon) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg\1.0_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_1
CHR Extension: (Google Wallet) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR HKLM\...\Chrome\Extension: [logekkkdbdidmmcgkonmmonclldogceg] - C:\Program Files\Show-Password\136.crx
CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Joerg\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Joerg\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
S4 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [427288 2007-08-31] (Acronis)
R2 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)
S4 BotkindSyncService; I:\Program Files\Allway Sync\Bin\SyncService.exe [182784 2013-12-12] ()
R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
S4 CVPND; N:\Program Files\DEG\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3526136 2013-08-27] (devolo AG)
S4 gupdate1c98625899d211c; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-03] (Google Inc.)
S3 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [121360 2009-07-20] (Logitech, Inc.)
R2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151744 2013-11-26] (IObit)
R2 NasPmService; C:\Program Files\BUFFALO\NASNAVI\nassvc.exe [251184 2008-07-11] (BUFFALO INC.)
S4 Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
S4 PMBDeviceInfoProvider; N:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [479840 2012-11-27] (Sony Corporation)
S4 RemoteAccess; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S4 Rohos Disk; C:\Program Files\Rohos\agent.exe [813400 2012-08-24] (Tesline-Service SRL)
S4 SN_Service; C:\Program Files\SYNCING.NET\bin\SN_Service.exe [32768 2013-05-03] (ASBYTE)
S4 StarMoney 8.0 OnlineUpdate; C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S4 TryAndDecideService; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498872 2007-08-31] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1729336 2013-10-11] (TuneUp Software)
S3 TwonkyProxy; C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe [545608 2012-05-03] ()
S3 TwonkyServer; C:\Program Files\Twonky\TwonkyServer\twonkystarter.exe [541512 2012-05-03] (PacketVideo)
S3 TwonkyWebDav; C:\Program Files\Twonky\TwonkyServer\twonkywebdav.exe [271176 2012-05-03] ()
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10)
==================== Drivers (Whitelisted) ====================
R3 3xHybrid; C:\Windows\System32\DRIVERS\3xHybrid.sys [1006816 2009-09-24] (NXP Semiconductors Germany GmbH)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-02-26] ()
R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz)
S3 camvid20; C:\Windows\System32\DRIVERS\camdrv21.sys [253909 2004-05-19] (Philips Components BU Imaging Solutions)
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28144 2011-03-29] (REINER SCT)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc. )
S3 FNETTHJM; C:\Windows\System32\drivers\fnetthjm.sys [23936 2010-09-07] (FNet Co., Ltd.)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
S3 IntelDH; C:\Windows\System32\Drivers\IntelDH.sys [5632 2007-10-15] (Intel Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2009-11-24] ()
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10.sys [50560 2008-05-27] (Generic USB smartcard reader)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [554496 2007-09-21] (Ralink Technology Corp.)
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2013-08-27] (CACE Technologies)
R1 prodrv06; C:\Windows\System32\drivers\prodrv06.sys [77184 2004-03-09] (Protection Technology)
R0 prohlp02; C:\Windows\System32\drivers\prohlp02.sys [65504 2004-03-09] (Protection Technology)
R0 prosync1; C:\Windows\System32\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2013-07-01] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2013-07-01] ()
R2 RHDISK; C:\Program Files\Rohos\RHDISK.SYS [40960 2012-08-23] (Tesline-Service SRL)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [80896 2012-05-10] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [172032 2012-05-10] (Renesas Electronics Corporation)
R0 sfhlp01; C:\Windows\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology)
R0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [83320 2007-02-08] (Protection Technology (StarForce))
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2011-01-27] (Silicon Laboratories)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [58496 2011-01-27] (Silicon Laboratories)
S3 SIUSBXP; C:\Windows\System32\drivers\SiUSBXp.sys [14848 2009-03-09] (Silicon Laboratories)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [7168 2009-09-28] ()
S3 StMp3Rec; C:\Windows\System32\Drivers\StMp3Rec.sys [19840 2007-06-15] (Generic)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [27936 2008-07-15] (RapidSolution Software AG)
R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [368736 2008-03-29] (Acronis)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44416 2008-03-29] (Acronis)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-08-28] (TuneUp Software)
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [122752 2010-07-07] (Texas Instruments)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
S2 adfs; No ImagePath
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 GigasetGenericUSB; system32\DRIVERS\GigasetGenericUSB.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PalmUSBD; system32\drivers\PalmUSBD.sys [x]
S0 PxHelp20; System32\Drivers\PxHelp20.sys [x]
S3 TSHWMDTCP; \??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-24 14:59 - 2013-12-24 15:00 - 00030880 _____ C:\Users\Joerg\Desktop\FRST.txt
2013-12-24 14:50 - 2013-12-24 14:50 - 00000366 _____ C:\Windows\PFRO.log
2013-12-23 08:59 - 2013-12-23 08:59 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\CalculatedFieldsPlugin
2013-12-22 17:24 - 2013-12-22 17:24 - 00000031 _____ C:\fcStart.ini
2013-12-21 20:13 - 2013-12-21 20:13 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Macromedia
2013-12-21 15:03 - 2013-12-21 15:03 - 00000000 ____D C:\Program Files\Windows Resource Kits
2013-12-21 09:31 - 2013-12-21 09:36 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-12-21 09:31 - 2013-12-21 09:31 - 00142936 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2013-12-21 09:31 - 2013-12-21 09:31 - 00008194 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT
2013-12-21 09:30 - 2013-12-21 12:32 - 00000000 ____D C:\Windows\system32\Drivers\NIS
2013-12-21 09:30 - 2013-12-21 09:30 - 00000000 ____D C:\Program Files\Norton Internet Security CBE
2013-12-20 18:16 - 2009-08-19 22:50 - 00022872 _____ (Adobe Systems Inc.) C:\Windows\system32\AdobePDFUI.dll
2013-12-19 20:27 - 2013-12-19 20:27 - 00000000 ____D C:\ProgramData\WindowsSearch
2013-12-19 13:53 - 2013-12-19 13:49 - 00891200 _____ C:\Users\Joerg\Desktop\SecurityCheck.exe
2013-12-19 13:53 - 2013-12-19 13:48 - 02347384 _____ (ESET) C:\Users\Joerg\Desktop\esetsmartinstaller_enu.exe
2013-12-18 17:51 - 2013-12-24 14:58 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-12-18 17:34 - 2013-12-23 09:44 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-12-18 17:34 - 2013-12-18 17:34 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DESKTOP-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2013-12-18 17:32 - 2013-12-18 17:32 - 00000000 ____D C:\RegBackup
2013-12-18 16:00 - 2013-12-18 16:00 - 00000000 ____D C:\Windows\ERUNT
2013-12-18 15:45 - 2013-12-18 18:11 - 00000000 ____D C:\AdwCleaner
2013-12-18 15:26 - 2013-12-18 15:26 - 00000618 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-18 15:25 - 2013-12-18 15:24 - 01226750 _____ C:\Users\Joerg\Desktop\adwcleaner.exe
2013-12-18 15:25 - 2013-12-18 15:24 - 01034531 _____ (Thisisu) C:\Users\Joerg\Desktop\JRT.exe
2013-12-17 18:14 - 2013-12-17 18:14 - 00027224 _____ C:\ComboFix.txt
2013-12-17 17:49 - 2013-12-22 15:25 - 00000000 ____D C:\ComboFix
2013-12-17 17:34 - 2013-12-17 18:13 - 00000000 ____D C:\Qoobox
2013-12-17 17:30 - 2013-12-17 16:04 - 05155004 ____R (Swearware) C:\Users\Joerg\Desktop\ComboFix.exe
2013-12-17 16:17 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-17 16:17 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-17 16:17 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-17 16:17 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-17 16:17 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-17 16:17 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-17 16:17 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-17 16:17 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-17 16:14 - 2013-12-17 18:11 - 00000000 ____D C:\Windows\erdnt
2013-12-16 16:10 - 2013-12-24 14:52 - 00000000 ____D C:\FRST
2013-12-16 16:10 - 2013-12-24 14:49 - 01061581 _____ (Farbar) C:\Users\Joerg\Desktop\FRST.exe
2013-12-15 19:28 - 2013-12-21 14:57 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\QuickScan
2013-12-15 19:14 - 2013-12-15 19:43 - 3133878462 _____ C:\avenger.txt
2013-12-15 09:58 - 2013-12-15 10:57 - 00001912 _____ C:\Windows\epplauncher.mif
2013-12-15 09:45 - 2013-12-21 21:01 - 00000392 ____H C:\Windows\Tasks\User_Feed_Synchronization-{792C0784-4E0D-417A-B5F3-2D5B5D6A4312}.job
2013-12-12 19:16 - 2013-12-12 19:15 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-12 19:16 - 2013-12-12 19:15 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-12 19:16 - 2013-12-12 19:15 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-12 19:16 - 2013-12-12 19:15 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-12-06 14:54 - 2013-12-22 15:26 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-06 14:54 - 2013-12-06 14:55 - 00000000 ____D C:\Program Files\iTunes
2013-12-06 14:54 - 2013-12-06 14:54 - 00000000 ____D C:\Program Files\iPod
2013-11-26 17:32 - 2013-11-26 17:32 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Malwarebytes
2013-11-26 17:31 - 2013-11-26 17:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-26 17:31 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-26 17:25 - 2013-10-31 09:35 - 00001136 _____ C:\Users\Joerg\Documents\indexfile.txt
2013-11-26 16:58 - 2013-12-22 15:27 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\IObit
2013-11-26 16:58 - 2013-12-21 17:19 - 00000000 ____D C:\ProgramData\ProductData
2013-11-26 16:58 - 2013-12-17 16:05 - 00000000 ____D C:\ProgramData\IObit
2013-11-26 16:58 - 2013-12-06 17:24 - 00001166 _____ C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-11-26 16:58 - 2013-11-26 16:59 - 00000000 ____D C:\Program Files\IObit
2013-11-26 16:48 - 2013-11-26 16:48 - 00000953 _____ C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-26 16:28 - 2013-11-26 16:28 - 32823600 _____ (DVDVideoSoft Ltd. ) C:\Users\Joerg\Downloads\FreeAVIVideoConverter (1).exe
2013-11-24 17:11 - 2013-12-22 15:27 - 00000000 ____D C:\Users\Joerg\Documents\StreamTransport
2013-11-24 15:02 - 2013-11-26 18:24 - 00000000 ____D C:\ProgramData\Updater
2013-11-24 15:01 - 2013-11-24 15:02 - 00000000 ____D C:\Users\Joerg\AppData\Local\Mobogenie
2013-11-24 15:01 - 2013-11-24 15:01 - 00000000 ____D C:\Users\Joerg\Documents\Mobogenie
2013-11-24 15:01 - 2013-11-24 15:01 - 00000000 ____D C:\Users\Joerg\AppData\Local\cache
2013-11-24 15:01 - 2013-11-24 15:01 - 00000000 _____ C:\Users\Joerg\daemonprocess.txt
2013-11-24 15:00 - 2013-11-24 15:02 - 00000000 ____D C:\Program Files\Mobogenie
2013-11-24 10:23 - 2013-11-24 10:23 - 28289104 _____ (Any-Video-Converter.com ) C:\Users\Joerg\Downloads\avc-free.exe
2013-11-24 10:21 - 2013-11-24 10:21 - 00000000 ____D C:\Users\Joerg\Documents\Any Video Converter
==================== One Month Modified Files and Folders =======
2013-12-24 15:00 - 2013-12-24 14:59 - 00030880 _____ C:\Users\Joerg\Desktop\FRST.txt
2013-12-24 14:58 - 2013-12-18 17:51 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-12-24 14:58 - 2006-11-02 13:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-24 14:58 - 2006-11-02 13:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-24 14:57 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-24 14:56 - 2012-06-11 11:42 - 01207562 _____ C:\Windows\WindowsUpdate.log
2013-12-24 14:56 - 2006-11-02 14:01 - 00032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-24 14:52 - 2013-12-16 16:10 - 00000000 ____D C:\FRST
2013-12-24 14:50 - 2013-12-24 14:50 - 00000366 _____ C:\Windows\PFRO.log
2013-12-24 14:49 - 2013-12-16 16:10 - 01061581 _____ (Farbar) C:\Users\Joerg\Desktop\FRST.exe
2013-12-23 19:35 - 2012-12-29 20:47 - 00000000 ____D C:\Users\Joerg\AppData\Local\CrashDumps
2013-12-23 11:25 - 2008-03-11 18:55 - 00000000 ____D C:\Users\Joerg
2013-12-23 10:21 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-12-23 10:18 - 2006-11-02 11:33 - 01592432 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-23 09:54 - 2012-06-11 11:39 - 02438576 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-23 09:44 - 2013-12-18 17:34 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-12-23 09:42 - 2012-06-10 09:36 - 00142992 _____ C:\Users\Joerg\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-23 09:23 - 2009-05-31 16:17 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\KeePass
2013-12-23 09:23 - 2008-03-14 17:51 - 00000000 ____D C:\Users\Joerg\Documents\Sonstiges
2013-12-23 08:59 - 2013-12-23 08:59 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\CalculatedFieldsPlugin
2013-12-22 17:24 - 2013-12-22 17:24 - 00000031 _____ C:\fcStart.ini
2013-12-22 17:18 - 2013-02-07 19:30 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-12-22 17:01 - 2009-09-05 19:15 - 00000000 ____D C:\Windows\pss
2013-12-22 15:27 - 2013-11-26 16:58 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\IObit
2013-12-22 15:27 - 2013-11-24 17:11 - 00000000 ____D C:\Users\Joerg\Documents\StreamTransport
2013-12-22 15:27 - 2013-09-25 13:20 - 00000000 ____D C:\Users\Joerg\Documents\FotoMorph Data
2013-12-22 15:27 - 2013-07-27 13:32 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\ContactConversionWizard
2013-12-22 15:27 - 2013-07-06 14:31 - 00000000 ____D C:\Users\Joerg\AppData\Local\Temp8409436aa8c8fe2607f46d888894a0a2
2013-12-22 15:27 - 2013-07-06 14:31 - 00000000 ____D C:\Users\Joerg\AppData\Local\Temp57e798956ff6945e831cb73b3f5ebe6d
2013-12-22 15:27 - 2013-04-28 16:02 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\MyPhoneExplorer
2013-12-22 15:27 - 2013-04-01 08:49 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\mp3DirectCut
2013-12-22 15:27 - 2013-03-10 10:28 - 00000000 ___RD C:\Users\Joerg\Desktop\Fotografie
2013-12-22 15:27 - 2012-08-21 18:41 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\PhotoFiltre 7
2013-12-22 15:27 - 2012-06-08 17:55 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\TwonkyServer
2013-12-22 15:27 - 2012-05-21 16:49 - 00000000 ___SD C:\Users\Joerg\Google Drive
2013-12-22 15:27 - 2012-04-17 14:30 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\DVDVideoSoft
2013-12-22 15:27 - 2012-02-27 20:10 - 00000000 ____D C:\Users\Joerg\XnViewPortable
2013-12-22 15:27 - 2012-01-02 20:00 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Chipcardmaster
2013-12-22 15:27 - 2011-12-25 11:53 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\SmartLine
2013-12-22 15:27 - 2011-12-05 19:51 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\MediaMonkey
2013-12-22 15:27 - 2011-12-03 11:34 - 00000000 ___RD C:\Users\Joerg\Documents\Dropbox
2013-12-22 15:27 - 2011-05-03 18:56 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\gtk-2.0
2013-12-22 15:27 - 2011-05-03 15:20 - 00000000 ____D C:\Users\Joerg\Gpredict
2013-12-22 15:27 - 2011-02-05 21:11 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\PhotoScape
2013-12-22 15:27 - 2010-10-28 09:42 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\DynaGeo
2013-12-22 15:27 - 2010-10-28 09:32 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Notepad++
2013-12-22 15:27 - 2010-09-19 11:16 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Ahnenblatt
2013-12-22 15:27 - 2010-06-21 17:23 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\GeoSetter
2013-12-22 15:27 - 2010-05-29 20:55 - 00000000 ___RD C:\Users\Joerg\Desktop\Sport
2013-12-22 15:27 - 2009-09-23 19:02 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\EQMOD
2013-12-22 15:27 - 2009-09-04 18:01 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Nvu
2013-12-22 15:27 - 2009-08-12 19:33 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\dvdcss
2013-12-22 15:27 - 2009-08-03 08:56 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\vlc
2013-12-22 15:27 - 2009-02-19 14:20 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\skychart
2013-12-22 15:27 - 2008-06-13 18:42 - 00000000 ___RD C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-12-22 15:27 - 2008-05-01 10:21 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Skype
2013-12-22 15:27 - 2008-04-20 09:29 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Thunderbird
2013-12-22 15:27 - 2008-04-17 18:39 - 00000000 ____D C:\Users\Joerg\Documents\TrackMania
2013-12-22 15:27 - 2008-03-22 14:22 - 00000000 ___RD C:\Users\Joerg\Desktop\Games
2013-12-22 15:27 - 2008-03-14 18:54 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Synchronizer
2013-12-22 15:27 - 2008-03-14 18:38 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Stellarium
2013-12-22 15:27 - 2008-03-14 17:45 - 00000000 ___SD C:\Users\Joerg\Documents\Meine Shapes
2013-12-22 15:27 - 2008-03-14 17:45 - 00000000 ____D C:\Users\Joerg\Documents\Navigation
2013-12-22 15:27 - 2008-03-14 17:41 - 00000000 ____D C:\Users\Joerg\Documents\MediaShows
2013-12-22 15:27 - 2008-03-14 17:40 - 00000000 ____D C:\Users\Joerg\Documents\Cartes du Ciel
2013-12-22 15:27 - 2008-03-14 17:40 - 00000000 ____D C:\Users\Joerg\Documents\Astronomie
2013-12-22 15:27 - 2008-03-11 19:23 - 00000000 ___RD C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Online
2013-12-22 15:27 - 2008-03-11 19:22 - 00000000 ___RD C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Util
2013-12-22 15:27 - 2008-03-11 19:21 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anwendung
2013-12-22 15:27 - 2008-03-11 19:17 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Adobe
2013-12-22 15:27 - 2008-03-11 18:56 - 00000000 ____D C:\Users\Joerg\AppData\Local\TVEnhance
2013-12-22 15:27 - 2008-03-11 18:55 - 00000000 ___RD C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-12-22 15:27 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Defender
2013-12-22 15:27 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\spool
2013-12-22 15:27 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\Msdtc
2013-12-22 15:27 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system
2013-12-22 15:26 - 2013-12-06 14:54 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-22 15:26 - 2013-07-06 14:31 - 00000000 ____D C:\Users\Joerg\AppData\Local\Temp4195a7306b30f4fd47dce8db05cd6580
2013-12-22 15:26 - 2012-04-17 14:31 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-12-22 15:26 - 2010-10-29 21:53 - 00000000 ____D C:\ProgramData\FLEXnet
2013-12-22 15:26 - 2010-10-29 20:10 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-12-22 15:26 - 2010-02-13 10:44 - 00000000 ____D C:\Users\Joerg\.jskat
2013-12-22 15:26 - 2009-08-30 09:41 - 00000000 ____D C:\Program Files\Common Files\PX Storage Engine
2013-12-22 15:26 - 2009-02-19 14:25 - 00000000 ____D C:\Users\Joerg\AppData\Local\Skychart
2013-12-22 15:26 - 2008-04-26 09:14 - 00000000 ____D C:\Users\Joerg\AppData\Local\MediaMonkey
2013-12-22 15:26 - 2007-10-10 12:05 - 00000000 ____D C:\Program Files\Adobe
2013-12-22 15:25 - 2013-12-17 17:49 - 00000000 ____D C:\ComboFix
2013-12-22 15:24 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\registration
2013-12-22 10:43 - 2006-11-02 11:22 - 83099648 _____ C:\Windows\system32\config\software_previous
2013-12-22 10:43 - 2006-11-02 11:22 - 53739520 _____ C:\Windows\system32\config\system_previous
2013-12-22 10:43 - 2006-11-02 11:22 - 36438016 _____ C:\Windows\system32\config\components_previous
2013-12-22 10:43 - 2006-11-02 11:22 - 00319488 _____ C:\Windows\system32\config\default_previous
2013-12-22 10:43 - 2006-11-02 11:22 - 00204800 _____ C:\Windows\system32\config\sam_previous
2013-12-22 10:43 - 2006-11-02 11:22 - 00028672 _____ C:\Windows\system32\config\security_previous
2013-12-22 10:24 - 2012-09-03 15:56 - 00000000 ____D C:\Users\DEG
2013-12-22 10:24 - 2010-11-10 16:29 - 00000000 ____D C:\Users\Catherine-Sophie
2013-12-22 10:24 - 2008-04-20 10:13 - 00000000 ____D C:\Users\Dominik
2013-12-22 10:24 - 2008-03-13 19:00 - 00000000 ____D C:\Users\Gast
2013-12-21 21:01 - 2013-12-15 09:45 - 00000392 ____H C:\Windows\Tasks\User_Feed_Synchronization-{792C0784-4E0D-417A-B5F3-2D5B5D6A4312}.job
2013-12-21 20:16 - 2006-11-02 11:22 - 83361792 _____ C:\Windows\system32\config\software.old
2013-12-21 20:16 - 2006-11-02 11:22 - 53739520 _____ C:\Windows\system32\config\system.old
2013-12-21 20:16 - 2006-11-02 11:22 - 36438016 _____ C:\Windows\system32\config\components.old
2013-12-21 20:16 - 2006-11-02 11:22 - 00524288 _____ C:\Windows\system32\config\default.old
2013-12-21 20:16 - 2006-11-02 11:22 - 00204800 _____ C:\Windows\system32\config\sam.old
2013-12-21 20:16 - 2006-11-02 11:22 - 00028672 _____ C:\Windows\system32\config\security.old
2013-12-21 20:13 - 2013-12-21 20:13 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Macromedia
2013-12-21 17:20 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-12-21 17:19 - 2013-11-26 16:58 - 00000000 ____D C:\ProgramData\ProductData
2013-12-21 16:45 - 2013-10-09 09:49 - 00000000 ____D C:\Users\Carmen\AppData\Roaming\JFritz
2013-12-21 16:40 - 2008-03-21 20:28 - 00142992 _____ C:\Users\Carmen\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-21 15:17 - 2010-05-22 16:49 - 00000000 ____D C:\Users\Joerg\AppData\Local\FixItCenter
2013-12-21 15:03 - 2013-12-21 15:03 - 00000000 ____D C:\Program Files\Windows Resource Kits
2013-12-21 14:57 - 2013-12-15 19:28 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\QuickScan
2013-12-21 12:32 - 2013-12-21 09:30 - 00000000 ____D C:\Windows\system32\Drivers\NIS
2013-12-21 10:08 - 2012-01-02 20:00 - 00000000 ____D C:\Program Files\Chipcardmaster
2013-12-21 09:45 - 2013-03-27 17:03 - 00000000 ____D C:\Program Files\AusweisApp
2013-12-21 09:41 - 2012-02-21 16:36 - 00000000 ____D C:\Users\Joerg\.ausweisapp
2013-12-21 09:36 - 2013-12-21 09:31 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-12-21 09:31 - 2013-12-21 09:31 - 00142936 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2013-12-21 09:31 - 2013-12-21 09:31 - 00008194 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT
2013-12-21 09:30 - 2013-12-21 09:30 - 00000000 ____D C:\Program Files\Norton Internet Security CBE
2013-12-21 09:30 - 2012-11-25 09:38 - 00000000 ____D C:\ProgramData\Norton
2013-12-20 18:43 - 2007-10-10 12:06 - 00000000 ____D C:\ProgramData\Adobe
2013-12-19 20:27 - 2013-12-19 20:27 - 00000000 ____D C:\ProgramData\WindowsSearch
2013-12-19 13:49 - 2013-12-19 13:53 - 00891200 _____ C:\Users\Joerg\Desktop\SecurityCheck.exe
2013-12-19 13:48 - 2013-12-19 13:53 - 02347384 _____ (ESET) C:\Users\Joerg\Desktop\esetsmartinstaller_enu.exe
2013-12-18 18:11 - 2013-12-18 15:45 - 00000000 ____D C:\AdwCleaner
2013-12-18 17:51 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Public
2013-12-18 17:45 - 2006-11-02 11:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_676
2013-12-18 17:34 - 2013-12-18 17:34 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DESKTOP-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2013-12-18 17:32 - 2013-12-18 17:32 - 00000000 ____D C:\RegBackup
2013-12-18 16:00 - 2013-12-18 16:00 - 00000000 ____D C:\Windows\ERUNT
2013-12-18 15:26 - 2013-12-18 15:26 - 00000618 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-18 15:24 - 2013-12-18 15:25 - 01226750 _____ C:\Users\Joerg\Desktop\adwcleaner.exe
2013-12-18 15:24 - 2013-12-18 15:25 - 01034531 _____ (Thisisu) C:\Users\Joerg\Desktop\JRT.exe
2013-12-17 18:14 - 2013-12-17 18:14 - 00027224 _____ C:\ComboFix.txt
2013-12-17 18:13 - 2013-12-17 17:34 - 00000000 ____D C:\Qoobox
2013-12-17 18:11 - 2013-12-17 16:14 - 00000000 ____D C:\Windows\erdnt
2013-12-17 18:07 - 2006-11-02 11:23 - 00000215 _____ C:\Windows\system.ini
2013-12-17 18:07 - 2006-11-02 11:23 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts_bak_663
2013-12-17 16:05 - 2013-11-26 16:58 - 00000000 ____D C:\ProgramData\IObit
2013-12-17 16:04 - 2013-12-17 17:30 - 05155004 ____R (Swearware) C:\Users\Joerg\Desktop\ComboFix.exe
2013-12-15 19:43 - 2013-12-15 19:14 - 3133878462 _____ C:\avenger.txt
2013-12-15 19:14 - 2011-01-26 19:37 - 00000000 ____D C:\Windows\Sun
2013-12-15 18:05 - 2012-09-20 13:27 - 00000000 ____D C:\Program Files\TuneUp Utilities 2013
2013-12-15 17:22 - 2012-06-17 18:09 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-15 17:22 - 2011-06-23 09:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-15 17:22 - 2008-04-05 17:05 - 00000000 ____D C:\Program Files\Google
2013-12-15 16:32 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\LogFiles
2013-12-15 10:57 - 2013-12-15 09:58 - 00001912 _____ C:\Windows\epplauncher.mif
2013-12-15 09:32 - 2010-05-28 19:30 - 01056768 _____ C:\Windows\system32\defltbase.sdb
2013-12-13 20:20 - 2009-09-06 21:26 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Media Player Classic
2013-12-13 19:22 - 2008-04-23 18:40 - 00050688 _____ C:\Users\Joerg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-12 19:32 - 2008-03-12 20:38 - 00000000 ____D C:\Users\Joerg\AppData\Local\Adobe
2013-12-12 19:17 - 2013-10-04 19:25 - 00000000 ____D C:\ProgramData\Oracle
2013-12-12 19:15 - 2013-12-12 19:16 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-12 19:15 - 2013-12-12 19:16 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-12 19:15 - 2013-12-12 19:16 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-12 19:15 - 2013-12-12 19:16 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-12-12 18:01 - 2012-07-10 08:41 - 00000000 ____D C:\Program Files\StarMoney 8.0 S-Edition
2013-12-12 17:49 - 2012-10-10 17:57 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-11 17:47 - 2007-10-10 11:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 17:44 - 2013-07-23 19:59 - 00000000 ____D C:\Windows\system32\MRT
2013-12-11 17:40 - 2006-11-02 11:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-12-08 15:24 - 2012-11-18 18:24 - 00000000 ____D C:\Users\Joerg\AppData\Local\Rohos
2013-12-08 10:07 - 2008-03-12 18:52 - 00000000 ____D C:\Program Files\Astronomie
2013-12-08 09:56 - 2008-05-01 10:20 - 00000000 ____D C:\ProgramData\Skype
2013-12-07 09:40 - 2006-11-02 11:22 - 83361792 _____ C:\Windows\system32\config\SOFTWARE_tureg_old
2013-12-07 09:40 - 2006-11-02 11:22 - 53215232 _____ C:\Windows\system32\config\SYSTEM_tureg_old
2013-12-07 09:40 - 2006-11-02 11:22 - 36069376 _____ C:\Windows\system32\config\COMPONENTS_tureg_old
2013-12-07 09:40 - 2006-11-02 11:22 - 00524288 _____ C:\Windows\system32\config\DEFAULT_tureg_old
2013-12-07 09:40 - 2006-11-02 11:22 - 00028672 _____ C:\Windows\system32\config\SECURITY_tureg_old
2013-12-06 18:13 - 2006-11-02 11:22 - 00204800 _____ C:\Windows\system32\config\SAM_tureg_old
2013-12-06 17:24 - 2013-11-26 16:58 - 00001166 _____ C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-12-06 14:55 - 2013-12-06 14:54 - 00000000 ____D C:\Program Files\iTunes
2013-12-06 14:54 - 2013-12-06 14:54 - 00000000 ____D C:\Program Files\iPod
2013-12-06 14:54 - 2011-03-15 19:14 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-06 14:54 - 2011-03-15 19:09 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-05 19:23 - 2011-08-23 17:37 - 00002629 _____ C:\Users\Joerg\BT747SettingsJ2SE.pdb
2013-12-05 17:31 - 2011-08-22 12:27 - 00000000 ____D C:\Users\Joerg\Documents\ezTour_Workspace
2013-12-05 17:00 - 2007-10-09 15:23 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-12-04 18:23 - 2011-10-03 14:52 - 00000000 ____D C:\Users\Joerg\AppData\Local\Eye-Fi
2013-12-04 18:10 - 2011-10-03 14:52 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Eye-Fi
2013-11-27 15:54 - 2008-04-20 15:17 - 00000000 ____D C:\Users\Carmen\Documents\Eigene Dokumente
2013-11-26 18:24 - 2013-11-24 15:02 - 00000000 ____D C:\ProgramData\Updater
2013-11-26 17:32 - 2013-11-26 17:32 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Malwarebytes
2013-11-26 17:31 - 2013-11-26 17:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-26 17:16 - 2011-04-25 08:44 - 00002078 _____ C:\Windows\system32\OSSService.log
2013-11-26 17:08 - 2008-03-11 19:33 - 00000000 ____D C:\Program Files\Online
2013-11-26 16:59 - 2013-11-26 16:58 - 00000000 ____D C:\Program Files\IObit
2013-11-26 16:48 - 2013-11-26 16:48 - 00000953 _____ C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-26 16:48 - 2013-11-12 16:57 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Opera Software
2013-11-26 16:48 - 2013-11-12 16:57 - 00000000 ____D C:\Users\Joerg\AppData\Local\Opera Software
2013-11-26 16:41 - 2010-05-19 17:19 - 00000000 ____D C:\Program Files\Garmin
2013-11-26 16:28 - 2013-11-26 16:28 - 32823600 _____ (DVDVideoSoft Ltd. ) C:\Users\Joerg\Downloads\FreeAVIVideoConverter (1).exe
2013-11-24 15:02 - 2013-11-24 15:01 - 00000000 ____D C:\Users\Joerg\AppData\Local\Mobogenie
2013-11-24 15:02 - 2013-11-24 15:00 - 00000000 ____D C:\Program Files\Mobogenie
2013-11-24 15:01 - 2013-11-24 15:01 - 00000000 ____D C:\Users\Joerg\Documents\Mobogenie
2013-11-24 15:01 - 2013-11-24 15:01 - 00000000 ____D C:\Users\Joerg\AppData\Local\cache
2013-11-24 15:01 - 2013-11-24 15:01 - 00000000 _____ C:\Users\Joerg\daemonprocess.txt
2013-11-24 10:23 - 2013-11-24 10:23 - 28289104 _____ (Any-Video-Converter.com ) C:\Users\Joerg\Downloads\avc-free.exe
2013-11-24 10:21 - 2013-11-24 10:21 - 00000000 ____D C:\Users\Joerg\Documents\Any Video Converter
ZeroAccess:
C:\Program Files\Google\Desktop\Install
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-24 14:56
==================== End Of Log ============================
Fixlog sieht wie folgt aus: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-12-2013
Ran by Joerg at 2013-12-24 14:49:23 Run:1
Running from C:\Users\Joerg\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
ZeroAccess:
C:\Users\Joerg\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install
*****************
"C:\Users\Joerg\AppData\Local\Google\Desktop\Install" directory move:
Could not move "C:\Users\Joerg\AppData\Local\Google\Desktop\Install" directory. => Scheduled to move on reboot.
"C:\Program Files\Google\Desktop\Install" directory move:
Could not move "C:\Program Files\Google\Desktop\Install" directory. => Scheduled to move on reboot.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2013-12-24 14:52:01)<=
C:\Users\Joerg\AppData\Local\Google\Desktop\Install => Is moved successfully.
"C:\Program Files\Google\Desktop\Install" => Directory could not move.
==== End of Fixlog ====
Kannst Du Dir hierauf einen Reim machen? Vielen Dank und ein paar erholsame Tage wünscht Dir Jörg |
|
25.12.2013, 14:33
| #22 |
| /// the machine /// TB-Ausbilder | Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden? Zeig mal bitte einen Screenshot davon. Das FRST Log wurde nach dem Fix erstellt?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.12.2013, 09:51
| #23 |
| | Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden? Hallo Schrauber, was die Erstellung der Textdateien angeht, habe ich mich exakt an die von Dir vorgegebene Reihenfolge gehalten, d. h. als erstes die Fixlog und neun Minuten später war die FRST fertig. Die Screenshots vom Desktop füge ich als PDF an: Danke. Jörg Geändert von Joetra (26.12.2013 um 09:57 Uhr) |
|
27.12.2013, 10:22
| #24 |
| /// the machine /// TB-Ausbilder | Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden? Lösche bitte Adwcleaner und lade ihn neu. Suchen und Löschen lassen, dann bitte ein frisches FRST log. Ordner einfach löschen geht nit?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.12.2013, 11:11
| #25 |
| | Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden? Hallo Schrauber, nein, den Ordner kann man unter Windows nicht löschen. Ich habe es mit einer Linux-Live CD (Knoppix) versucht. Hier lies sich der Ordner problemlos löschen. Und hier wieder eine FRST.txt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-12-2013
Ran by Joerg (administrator) on DESKTOP on 27-12-2013 11:04:15
Running from C:\Users\Joerg\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(B.H.A Corporation) C:\Windows\System32\bgsvcgen.exe
(REINER SCT) C:\Windows\System32\cjpcsc.exe
(devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(IObit) C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
(BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11430504 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [NUSB3MON] - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM\...\Run: [RUSB3MON] - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - KHALMNPR.EXE
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [ShowDriveLettersFirst] 4
HKCU\...\Run: [SyncService] - C:\Program Files\SYNCING.NET\bin\SyncService.exe [1730144 2013-08-20] (ASBYTE)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\Explorer: [TaskbarNoNotification] 1
HKCU\...\Policies\Explorer: [CDRAutoRun] 0
HKU\Carmen\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\Carmen\...\Run: [SyncService] - I:\Program Files\SYNCING.NET\SYNCING.NET\bin\SyncService.exe [ 2009-07-20] (SYNCING.NET Technologies GmbH)
HKU\Carmen\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe
HKU\Carmen\...\Policies\system: [LogonHoursAction] 2
HKU\Carmen\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Catherine-Sophie\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Catherine-Sophie\...\Run: [SyncService] - "C:\Program Files\SYNCING.NET Technologies\SYNCING.NET\bin\SyncService.exe" /silent
HKU\Catherine-Sophie\...\Run: [AusweisApp] - I:\Program Files\AusweisApp\siqBootLoader.exe
HKU\Catherine-Sophie\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)
HKU\Catherine-Sophie\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe
HKU\Catherine-Sophie\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\Catherine-Sophie\...\Policies\system: [LogonHoursAction] 2
HKU\Catherine-Sophie\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\DEG\...\Run: [SyncService] - "C:\Program Files\SYNCING.NET Technologies\SYNCING.NET\bin\SyncService.exe" /silent
HKU\DEG\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe
HKU\DEG\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\DEG\...\Policies\system: [LogonHoursAction] 2
HKU\DEG\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Dominik\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\Dominik\...\Run: [SyncService] - I:\Program Files\SYNCING.NET\SYNCING.NET\bin\SyncService.exe [ 2009-07-20] (SYNCING.NET Technologies GmbH)
HKU\Dominik\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKU\Dominik\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)
HKU\Dominik\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe
HKU\Dominik\...\RunOnce: [Shockwave Updater] - C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_de;_rv:1.9.1.2)_Gecko/20090729_Firefox/3.5.2_(.NET_CLR_3.5.30729)" -"hxxp://www.nordsee-club24.de/blog/urlaub/kinder-und-jugendreisen/campus-nordsee-gaestehaus.html"
HKU\Dominik\...\Policies\system: [LogonHoursAction] 2
HKU\Dominik\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Gast\...\Run: [BullGuard] - "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
HKU\Gast\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\Gast\...\Run: [SyncService] - I:\Program Files\SYNCING.NET\SYNCING.NET\bin\SyncService.exe [ 2009-07-20] (SYNCING.NET Technologies GmbH)
HKU\Gast\...\Run: [AusweisApp] - I:\Program Files\AusweisApp\siqBootLoader.exe
HKU\Gast\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)
HKU\Gast\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe
HKU\Gast\...\RunOnce: [Shockwave Updater] - C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_de;_rv:1.9.1.2)_Gecko/20090729_Firefox/3.5.2_(.NET_CLR_3.5.30729)" -"hxxp://www.nordsee-club24.de/blog/urlaub/kinder-und-jugendreisen/campus-nordsee-gaestehaus.html"
HKU\Gast\...\Policies\system: [LogonHoursAction] 2
HKU\Gast\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\UpdatusUser\...\Run: [SyncService] - "C:\Program Files\SYNCING.NET Technologies\SYNCING.NET\bin\SyncService.exe" /silent
HKU\UpdatusUser\...\Run: [AusweisApp] - I:\Program Files\AusweisApp\siqBootLoader.exe
HKU\UpdatusUser\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)
HKU\UpdatusUser\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe
HKU\UpdatusUser\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\UpdatusUser\...\Policies\system: [LogonHoursAction] 2
HKU\UpdatusUser\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
SearchScopes: HKLM - DefaultScope value is missing.
BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - No File
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: AusweisApp 1.8.0.0 - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Program Files\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAAD8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - No File
Toolbar: HKCU - No Name - {968631B6-4729-440D-9BF4-251F5593EC9A} - No File
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC--ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
ShellExecuteHooks: CExecuteHook Object - {7B0E5486-E11D-437f-AC8B-7901C7D3FCCB} - C:\Program Files\SYNCING.NET\bin\ShellUI.dll [1198176 2013-08-20] (ASBYTE)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\..\Interfaces\{5D24B219-8B75-42F7-B0E3-E3BA710ACB43}: [NameServer]192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887
FF Homepage: hxxp://www.ighome.com/?t=336956
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - I:\Program Files\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @photodex.com/PhotodexPresenter - C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
FF Plugin: @reiner-sct.com/OWOK,version=2.0.0.4 - C:\Program Files\REINER SCT\OWOK\NPAPI-20\nprsct_owok_npapi-2004.dll (REINER Kartengeräte GmbH und Co. KG.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\Multimedia\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Joerg\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Joerg\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
FF Extension: Разпознаване на устройство Logitech - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\DeviceDetection@logitech.com
FF Extension: FRITZ!Box AddOn - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\fb_add_on@avm.de
FF Extension: Foxdie - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\Foxdie@tanjihay.com
FF Extension: Foxdie (Graphite) - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\FoxdieGraphite@tanjihay.com
FF Extension: Geolocater - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\geolocater@3liz.com
FF Extension: KeeFox - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\keefox@chris.tomlinson
FF Extension: Youtube MP3 Podcaster - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\youtubemp3podcaster@jeremy.d.gregorio.com
FF Extension: Forecastfox - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF Extension: Garmin Communicator - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF Extension: Universal Print - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{BE2100B3-1D80-48eb-ACCF-D26750644378}
FF Extension: Bitdefender QuickScan - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: NASA Night Launch - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\nasanightlaunch@example.com.xpi
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\YoutubeDownloader@PeterOlayev.com.xpi
FF Extension: TweakTube - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{15e67a59-bd3d-49ae-90dd-b3d3fd14c2ed}.xpi
FF Extension: Integrated Inbox for Gmail & Google Apps - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi
FF Extension: X-notifier - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
FF Extension: AddonFox - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4}.xpi
FF Extension: Adblock Plus - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: DownThemAll! - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{4F3D26C8-9907-48ff-BC74-B8C572D317BF}] - C:\Program Files\AusweisApp\mozilla\eCardClientExt_FFxx_Win
FF Extension: AusweisApp - C:\Program Files\AusweisApp\mozilla\eCardClientExt_FFxx_Win
FF HKLM\...\Firefox\Extensions: [{4F0963A3-1658-4fde-9585-23A25CC288BF}] - C:\Program Files\AusweisApp\mozilla\eCardClientPIn_FFxx_Win
FF Extension: AusweisApp - C:\Program Files\AusweisApp\mozilla\eCardClientPIn_FFxx_Win
FF HKCU\...\Firefox\Extensions: [{a3490cb9-8f1a-4bc5-b1a7-6c2bc4b83424}] - C:\Program Files\Show-Password\136.xpi
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Online\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR DefaultSearchURL: hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t
CHR DefaultNewTabURL:
CHR Plugin: (Photodex Presenter Plugin) - C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
CHR Extension: (Amazon-Icon) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg\1.0_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_1
CHR Extension: (Google Wallet) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR HKLM\...\Chrome\Extension: [logekkkdbdidmmcgkonmmonclldogceg] - C:\Program Files\Show-Password\136.crx
CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Joerg\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Joerg\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
S4 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [427288 2007-08-31] (Acronis)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)
S4 BotkindSyncService; I:\Program Files\Allway Sync\Bin\SyncService.exe [182784 2013-12-12] ()
R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
S4 CVPND; N:\Program Files\DEG\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3526136 2013-08-27] (devolo AG)
S4 gupdate1c98625899d211c; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-03] (Google Inc.)
S3 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [121360 2009-07-20] (Logitech, Inc.)
R2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151744 2013-11-26] (IObit)
R2 NasPmService; C:\Program Files\BUFFALO\NASNAVI\nassvc.exe [251184 2008-07-11] (BUFFALO INC.)
S4 Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
S4 PMBDeviceInfoProvider; N:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [479840 2012-11-27] (Sony Corporation)
S4 RemoteAccess; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S4 Rohos Disk; C:\Program Files\Rohos\agent.exe [813400 2012-08-24] (Tesline-Service SRL)
S4 SN_Service; C:\Program Files\SYNCING.NET\bin\SN_Service.exe [32768 2013-05-03] (ASBYTE)
S4 StarMoney 8.0 OnlineUpdate; C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S4 TryAndDecideService; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498872 2007-08-31] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1729336 2013-10-11] (TuneUp Software)
S3 TwonkyProxy; C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe [545608 2012-05-03] ()
S3 TwonkyServer; C:\Program Files\Twonky\TwonkyServer\twonkystarter.exe [541512 2012-05-03] (PacketVideo)
S3 TwonkyWebDav; C:\Program Files\Twonky\TwonkyServer\twonkywebdav.exe [271176 2012-05-03] ()
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10)
==================== Drivers (Whitelisted) ====================
R3 3xHybrid; C:\Windows\System32\DRIVERS\3xHybrid.sys [1006816 2009-09-24] (NXP Semiconductors Germany GmbH)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-02-26] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz)
S3 camvid20; C:\Windows\System32\DRIVERS\camdrv21.sys [253909 2004-05-19] (Philips Components BU Imaging Solutions)
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28144 2011-03-29] (REINER SCT)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc. )
S3 FNETTHJM; C:\Windows\System32\drivers\fnetthjm.sys [23936 2010-09-07] (FNet Co., Ltd.)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
S3 IntelDH; C:\Windows\System32\Drivers\IntelDH.sys [5632 2007-10-15] (Intel Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2009-11-24] ()
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10.sys [50560 2008-05-27] (Generic USB smartcard reader)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [554496 2007-09-21] (Ralink Technology Corp.)
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2013-08-27] (CACE Technologies)
R1 prodrv06; C:\Windows\System32\drivers\prodrv06.sys [77184 2004-03-09] (Protection Technology)
R0 prohlp02; C:\Windows\System32\drivers\prohlp02.sys [65504 2004-03-09] (Protection Technology)
R0 prosync1; C:\Windows\System32\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2013-07-01] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2013-07-01] ()
R2 RHDISK; C:\Program Files\Rohos\RHDISK.SYS [40960 2012-08-23] (Tesline-Service SRL)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [80896 2012-05-10] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [172032 2012-05-10] (Renesas Electronics Corporation)
R0 sfhlp01; C:\Windows\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology)
R0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [83320 2007-02-08] (Protection Technology (StarForce))
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2011-01-27] (Silicon Laboratories)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [58496 2011-01-27] (Silicon Laboratories)
S3 SIUSBXP; C:\Windows\System32\drivers\SiUSBXp.sys [14848 2009-03-09] (Silicon Laboratories)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-09] (Avira GmbH)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [7168 2009-09-28] ()
S3 StMp3Rec; C:\Windows\System32\Drivers\StMp3Rec.sys [19840 2007-06-15] (Generic)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [27936 2008-07-15] (RapidSolution Software AG)
R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [368736 2008-03-29] (Acronis)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44416 2008-03-29] (Acronis)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-08-28] (TuneUp Software)
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [122752 2010-07-07] (Texas Instruments)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
S2 adfs; No ImagePath
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 GigasetGenericUSB; system32\DRIVERS\GigasetGenericUSB.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PalmUSBD; system32\drivers\PalmUSBD.sys [x]
S0 PxHelp20; System32\Drivers\PxHelp20.sys [x]
S3 TSHWMDTCP; \??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-27 11:: _____ C:\Users\Joerg\Desktop\FRST.txt
2013-12-27 10:58 - 2013-12-27 10:58 - 00003706 _____ C:\Users\Joerg\Desktop\AdwCleaner[S1].txt
2013-12-27 10:52 - 2013-12-27 10:44 - 01233962 _____ C:\Users\Joerg\Desktop\adwcleaner.exe
2013-12-26 09:19 - 2013-12-26 09:19 - 00000000 ____D C:\Users\Joerg\Desktop\Teleskopsteuerung
2013-12-26 09:19 - 2013-12-26 09:19 - 00000000 ____D C:\Users\Joerg\Desktop\Astronomie
2013-12-24 16:41 - 2013-12-24 18:16 - 00002480 _____ C:\Windows\logboot_24.12.2013.tureg.log
2013-12-24 16:15 - 2013-12-24 16:15 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Avira
2013-12-24 16:13 - 2013-12-24 16:13 - 00000000 ____D C:\ProgramData\Avira
2013-12-24 16:13 - 2013-12-24 16:13 - 00000000 ____D C:\Program Files\Avira
2013-12-24 16:13 - 2013-12-09 11:37 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-24 16:13 - 2013-12-09 11:37 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-24 16:13 - 2013-12-09 11:37 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-12-24 16:13 - 2013-12-09 11:37 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-12-23 08:59 - 2013-12-23 08:59 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\CalculatedFieldsPlugin
2013-12-22 17:24 - 2013-12-22 17:24 - 00000031 _____ C:\fcStart.ini
2013-12-21 20:13 - 2013-12-21 20:13 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Macromedia
2013-12-21 15:: ____D C:\Program Files\Windows Resource Kits
2013-12-21 09:30 - 2013-12-24 16: ____D C:\Program Files\Norton Internet Security CBE
2013-12-20 18:16 - 2009-08-19 22:50 - 00022872 _____ (Adobe Systems Inc.) C:\Windows\system32\AdobePDFUI.dll
2013-12-19 20:27 - 2013-12-19 20:27 - 00000000 ____D C:\ProgramData\WindowsSearch
2013-12-19 13:53 - 2013-12-19 13:49 - 00891200 _____ C:\Users\Joerg\Desktop\SecurityCheck.exe
2013-12-19 13:53 - 2013-12-19 13:48 - 02347384 _____ (ESET) C:\Users\Joerg\Desktop\esetsmartinstaller_enu.exe
2013-12-18 17:51 - 2013-12-27 11: ___RD C:\Users\Public\Recorded TV
2013-12-18 17:34 - 2013-12-23 09:44 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-12-18 17:34 - 2013-12-18 17:34 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DESKTOP-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2013-12-18 17:32 - 2013-12-18 17:32 - 00000000 ____D C:\RegBackup
2013-12-18 16:: ____D C:\Windows\ERUNT
2013-12-18 15:45 - 2013-12-27 11: ____D C:\AdwCleaner
2013-12-18 15:26 - 2013-12-18 15:26 - 00000618 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-18 15:25 - 2013-12-18 15:24 - 01034531 _____ (Thisisu) C:\Users\Joerg\Desktop\JRT.exe
2013-12-17 18:14 - 2013-12-17 18:14 - 00027224 _____ C:\ComboFix.txt
2013-12-17 17:49 - 2013-12-22 15:25 - 00000000 ____D C:\ComboFix
2013-12-17 17:34 - 2013-12-17 18:13 - 00000000 ____D C:\Qoobox
2013-12-17 17:30 - 2013-12-17 16: ____R (Swearware) C:\Users\Joerg\Desktop\ComboFix.exe
2013-12-17 16:17 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-17 16:17 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-17 16:17 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-17 16:17 - 2000-08-31 01: _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-17 16:17 - 2000-08-31 01: _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-17 16:17 - 2000-08-31 01: _____ C:\Windows\sed.exe
2013-12-17 16:17 - 2000-08-31 01: _____ C:\Windows\grep.exe
2013-12-17 16:17 - 2000-08-31 01: _____ C:\Windows\zip.exe
2013-12-17 16:14 - 2013-12-17 18:11 - 00000000 ____D C:\Windows\erdnt
2013-12-16 16:10 - 2013-12-27 11: _____ (Farbar) C:\Users\Joerg\Desktop\FRST.exe
2013-12-16 16:10 - 2013-12-27 11: ____D C:\FRST
2013-12-15 19:28 - 2013-12-24 15:20 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\QuickScan
2013-12-15 19:14 - 2013-12-15 19:43 - 3133878462 _____ C:\avenger.txt
2013-12-15 09:58 - 2013-12-15 10:57 - 00001912 _____ C:\Windows\epplauncher.mif
2013-12-15 09:45 - 2013-12-21 21: ____H C:\Windows\Tasks\User_Feed_Synchronization-{792C0784-4E0D-417A-B5F3-2D5B5D6A4312}.job
2013-12-12 19:16 - 2013-12-12 19:15 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-12 19:16 - 2013-12-12 19:15 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-12 19:16 - 2013-12-12 19:15 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-12 19:16 - 2013-12-12 19:15 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-12-06 14:54 - 2013-12-22 15:26 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-06 14:54 - 2013-12-06 14:55 - 00000000 ____D C:\Program Files\iTunes
2013-12-06 14:54 - 2013-12-06 14:54 - 00000000 ____D C:\Program Files\iPod
==================== One Month Modified Files and Folders =======
2013-12-27 11:: _____ C:\Users\Joerg\Desktop\FRST.txt
2013-12-27 11::10 - 01061649 _____ (Farbar) C:\Users\Joerg\Desktop\FRST.exe
2013-12-27 11::10 - 00000000 ____D C:\FRST
2013-12-27 11::51 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-12-27 11:: ____H C:\Windows\Tasks\SA.DAT
2013-12-27 11::47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-27 11::47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-27 11::45 - 00000000 ____D C:\AdwCleaner
2013-12-27 11::42 - 01268642 _____ C:\Windows\WindowsUpdate.log
2013-12-27 11:: _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-27 10:58 - 2013-12-27 10:58 - 00003706 _____ C:\Users\Joerg\Desktop\AdwCleaner[S1].txt
2013-12-27 10:44 - 2013-12-27 10:52 - 01233962 _____ C:\Users\Joerg\Desktop\adwcleaner.exe
2013-12-26 09:31 - 2008-03-11 19:17 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Adobe
2013-12-26 09:19 - 2013-12-26 09:19 - 00000000 ____D C:\Users\Joerg\Desktop\Teleskopsteuerung
2013-12-26 09:19 - 2013-12-26 09:19 - 00000000 ____D C:\Users\Joerg\Desktop\Astronomie
2013-12-26 09:18 - 2013-11-26 16:58 - 00000000 ____D C:\ProgramData\ProductData
2013-12-24 18:18 - 2008-03-11 18:55 - 00000000 ____D C:\Users\Joerg
2013-12-24 18:16 - 2013-12-24 16:41 - 00002480 _____ C:\Windows\logboot_24.12.2013.tureg.log
2013-12-24 18:16 - 2006-11-02 11:22 - 83886080 _____ C:\Windows\system32\config\SOFTWARE_tureg_old
2013-12-24 18:16 - 2006-11-02 11:22 - 53739520 _____ C:\Windows\system32\config\SYSTEM_tureg_old
2013-12-24 18:16 - 2006-11-02 11:22 - 36438016 _____ C:\Windows\system32\config\COMPONENTS_tureg_old
2013-12-24 18:16 - 2006-11-02 11:22 - 00524288 _____ C:\Windows\system32\config\DEFAULT_tureg_old
2013-12-24 18:16 - 2006-11-02 11:22 - 00028672 _____ C:\Windows\system32\config\SECURITY_tureg_old
2013-12-24 16:39 - 2006-11-02 11:22 - 00204800 _____ C:\Windows\system32\config\SAM_tureg_old
2013-12-24 16:27 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\LogFiles
2013-12-24 16:17 - 2008-03-11 19:22 - 00000000 ___RD C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Util
2013-12-24 16:15 - 2013-12-24 16:15 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Avira
2013-12-24 16:13 - 2013-12-24 16:13 - 00000000 ____D C:\ProgramData\Avira
2013-12-24 16:13 - 2013-12-24 16:13 - 00000000 ____D C:\Program Files\Avira
2013-12-24 16::30 - 00000000 ____D C:\Program Files\Norton Internet Security CBE
2013-12-24 16::38 - 00000000 ____D C:\ProgramData\Norton
2013-12-24 15:20 - 2013-12-15 19:28 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\QuickScan
2013-12-23 19:35 - 2012-12-29 20:47 - 00000000 ____D C:\Users\Joerg\AppData\Local\CrashDumps
2013-12-23 10:21 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-12-23 10:18 - 2006-11-02 11:33 - 01592432 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-23 09:54 - 2012-06-11 11:39 - 02438576 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-23 09:44 - 2013-12-18 17:34 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-12-23 09:42 - 2012-06-10 09:36 - 00142992 _____ C:\Users\Joerg\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-23 09:23 - 2009-05-31 16:17 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\KeePass
2013-12-23 09:23 - 2008-03-14 17:51 - 00000000 ____D C:\Users\Joerg\Documents\Sonstiges
2013-12-23 08:59 - 2013-12-23 08:59 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\CalculatedFieldsPlugin
2013-12-22 17:24 - 2013-12-22 17:24 - 00000031 _____ C:\fcStart.ini
2013-12-22 17:18 - 2013-02-07 19:30 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-12-22 17::15 - 00000000 ____D C:\Windows\pss
2013-12-22 15:27 - 2013-11-26 16:58 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\IObit
2013-12-22 15:27 - 2013-11-24 17:11 - 00000000 ____D C:\Users\Joerg\Documents\StreamTransport
2013-12-22 15:27 - 2013-09-25 13:20 - 00000000 ____D C:\Users\Joerg\Documents\FotoMorph Data
2013-12-22 15:27 - 2013-07-27 13:32 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\ContactConversionWizard
2013-12-22 15:27 - 2013-07-06 14:31 - 00000000 ____D C:\Users\Joerg\AppData\Local\Temp8409436aa8c8fe2607f46d888894a0a2
2013-12-22 15:27 - 2013-07-06 14:31 - 00000000 ____D C:\Users\Joerg\AppData\Local\Temp57e798956ff6945e831cb73b3f5ebe6d
2013-12-22 15:27 - 2013-04-28 16: ____D C:\Users\Joerg\AppData\Roaming\MyPhoneExplorer
2013-12-22 15:27 - 2013-04-01 08:49 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\mp3DirectCut
2013-12-22 15:27 - 2013-03-10 10:28 - 00000000 ___RD C:\Users\Joerg\Desktop\Fotografie
2013-12-22 15:27 - 2012-08-21 18:41 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\PhotoFiltre 7
2013-12-22 15:27 - 2012-06-08 17:55 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\TwonkyServer
2013-12-22 15:27 - 2012-05-21 16:49 - 00000000 ___SD C:\Users\Joerg\Google Drive
2013-12-22 15:27 - 2012-04-17 14:30 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\DVDVideoSoft
2013-12-22 15:27 - 2012-02-27 20:10 - 00000000 ____D C:\Users\Joerg\XnViewPortable
2013-12-22 15:27 - 2012-01-02 20: ____D C:\Users\Joerg\AppData\Roaming\Chipcardmaster
2013-12-22 15:27 - 2011-12-25 11:53 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\SmartLine
2013-12-22 15:27 - 2011-12-05 19:51 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\MediaMonkey
2013-12-22 15:27 - 2011-12-03 11:34 - 00000000 ___RD C:\Users\Joerg\Documents\Dropbox
2013-12-22 15:27 - 2011-05-03 18:56 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\gtk-2.0
2013-12-22 15:27 - 2011-05-03 15:20 - 00000000 ____D C:\Users\Joerg\Gpredict
2013-12-22 15:27 - 2011-02-05 21:11 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\PhotoScape
2013-12-22 15:27 - 2010-10-28 09:42 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\DynaGeo
2013-12-22 15:27 - 2010-10-28 09:32 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Notepad++
2013-12-22 15:27 - 2010-09-19 11:16 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Ahnenblatt
2013-12-22 15:27 - 2010-06-21 17:23 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\GeoSetter
2013-12-22 15:27 - 2010-05-29 20:55 - 00000000 ___RD C:\Users\Joerg\Desktop\Sport
2013-12-22 15:27 - 2009-09-23 19: ____D C:\Users\Joerg\AppData\Roaming\EQMOD
2013-12-22 15:27 - 2009-09-04 18: ____D C:\Users\Joerg\AppData\Roaming\Nvu
2013-12-22 15:27 - 2009-08-12 19:33 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\dvdcss
2013-12-22 15:27 - 2009-08-03 08:56 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\vlc
2013-12-22 15:27 - 2009-02-19 14:20 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\skychart
2013-12-22 15:27 - 2008-06-13 18:42 - 00000000 ___RD C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-12-22 15:27 - 2008-05-01 10:21 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Skype
2013-12-22 15:27 - 2008-04-20 09:29 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Thunderbird
2013-12-22 15:27 - 2008-04-17 18:39 - 00000000 ____D C:\Users\Joerg\Documents\TrackMania
2013-12-22 15:27 - 2008-03-22 14:22 - 00000000 ___RD C:\Users\Joerg\Desktop\Games
2013-12-22 15:27 - 2008-03-14 18:54 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Synchronizer
2013-12-22 15:27 - 2008-03-14 18:38 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Stellarium
2013-12-22 15:27 - 2008-03-14 17:45 - 00000000 ___SD C:\Users\Joerg\Documents\Meine Shapes
2013-12-22 15:27 - 2008-03-14 17:45 - 00000000 ____D C:\Users\Joerg\Documents\Navigation
2013-12-22 15:27 - 2008-03-14 17:41 - 00000000 ____D C:\Users\Joerg\Documents\MediaShows
2013-12-22 15:27 - 2008-03-14 17:40 - 00000000 ____D C:\Users\Joerg\Documents\Cartes du Ciel
2013-12-22 15:27 - 2008-03-14 17:40 - 00000000 ____D C:\Users\Joerg\Documents\Astronomie
2013-12-22 15:27 - 2008-03-11 19:23 - 00000000 ___RD C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Online
2013-12-22 15:27 - 2008-03-11 19:21 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anwendung
2013-12-22 15:27 - 2008-03-11 18:56 - 00000000 ____D C:\Users\Joerg\AppData\Local\TVEnhance
2013-12-22 15:27 - 2008-03-11 18:55 - 00000000 ___RD C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-12-22 15:27 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Defender
2013-12-22 15:27 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\spool
2013-12-22 15:27 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\Msdtc
2013-12-22 15:27 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system
2013-12-22 15:26 - 2013-12-06 14:54 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-22 15:26 - 2013-07-06 14:31 - 00000000 ____D C:\Users\Joerg\AppData\Local\Temp4195a7306b30f4fd47dce8db05cd6580
2013-12-22 15:26 - 2012-04-17 14:31 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-12-22 15:26 - 2010-10-29 21:53 - 00000000 ____D C:\ProgramData\FLEXnet
2013-12-22 15:26 - 2010-10-29 20:10 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-12-22 15:26 - 2010-02-13 10:44 - 00000000 ____D C:\Users\Joerg\.jskat
2013-12-22 15:26 - 2009-08-30 09:41 - 00000000 ____D C:\Program Files\Common Files\PX Storage Engine
2013-12-22 15:26 - 2009-02-19 14:25 - 00000000 ____D C:\Users\Joerg\AppData\Local\Skychart
2013-12-22 15:26 - 2008-04-26 09:14 - 00000000 ____D C:\Users\Joerg\AppData\Local\MediaMonkey
2013-12-22 15:26 - 2007-10-10 12: ____D C:\Program Files\Adobe
2013-12-22 15:25 - 2013-12-17 17:49 - 00000000 ____D C:\ComboFix
2013-12-22 15:24 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\registration
2013-12-22 10:43 - 2006-11-02 11:22 - 83099648 _____ C:\Windows\system32\config\software_previous
2013-12-22 10:43 - 2006-11-02 11:22 - 53739520 _____ C:\Windows\system32\config\system_previous
2013-12-22 10:43 - 2006-11-02 11:22 - 36438016 _____ C:\Windows\system32\config\components_previous
2013-12-22 10:43 - 2006-11-02 11:22 - 00319488 _____ C:\Windows\system32\config\default_previous
2013-12-22 10:43 - 2006-11-02 11:22 - 00204800 _____ C:\Windows\system32\config\sam_previous
2013-12-22 10:43 - 2006-11-02 11:22 - 00028672 _____ C:\Windows\system32\config\security_previous
2013-12-22 10:24 - 2012-09-03 15:56 - 00000000 ____D C:\Users\DEG
2013-12-22 10:24 - 2010-11-10 16:29 - 00000000 ____D C:\Users\Catherine-Sophie
2013-12-22 10:24 - 2008-04-20 10:13 - 00000000 ____D C:\Users\Dominik
2013-12-22 10:24 - 2008-03-13 19: ____D C:\Users\Gast
2013-12-21 21::45 - 00000392 ____H C:\Windows\Tasks\User_Feed_Synchronization-{792C0784-4E0D-417A-B5F3-2D5B5D6A4312}.job
2013-12-21 20:16 - 2006-11-02 11:22 - 83361792 _____ C:\Windows\system32\config\software.old
2013-12-21 20:16 - 2006-11-02 11:22 - 53739520 _____ C:\Windows\system32\config\system.old
2013-12-21 20:16 - 2006-11-02 11:22 - 36438016 _____ C:\Windows\system32\config\components.old
2013-12-21 20:16 - 2006-11-02 11:22 - 00524288 _____ C:\Windows\system32\config\default.old
2013-12-21 20:16 - 2006-11-02 11:22 - 00204800 _____ C:\Windows\system32\config\sam.old
2013-12-21 20:16 - 2006-11-02 11:22 - 00028672 _____ C:\Windows\system32\config\security.old
2013-12-21 20:13 - 2013-12-21 20:13 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Macromedia
2013-12-21 17:20 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-12-21 16:45 - 2013-10-09 09:49 - 00000000 ____D C:\Users\Carmen\AppData\Roaming\JFritz
2013-12-21 16:40 - 2008-03-21 20:28 - 00142992 _____ C:\Users\Carmen\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-21 15:17 - 2010-05-22 16:49 - 00000000 ____D C:\Users\Joerg\AppData\Local\FixItCenter
2013-12-21 15:: ____D C:\Program Files\Windows Resource Kits
2013-12-21 10:: ____D C:\Program Files\Chipcardmaster
2013-12-21 09:45 - 2013-03-27 17: ____D C:\Program Files\AusweisApp
2013-12-21 09:41 - 2012-02-21 16:36 - 00000000 ____D C:\Users\Joerg\.ausweisapp
2013-12-20 18:43 - 2007-10-10 12: ____D C:\ProgramData\Adobe
2013-12-19 20:27 - 2013-12-19 20:27 - 00000000 ____D C:\ProgramData\WindowsSearch
2013-12-19 13:49 - 2013-12-19 13:53 - 00891200 _____ C:\Users\Joerg\Desktop\SecurityCheck.exe
2013-12-19 13:48 - 2013-12-19 13:53 - 02347384 _____ (ESET) C:\Users\Joerg\Desktop\esetsmartinstaller_enu.exe
2013-12-18 17:51 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Public
2013-12-18 17:45 - 2006-11-02 11:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_676
2013-12-18 17:34 - 2013-12-18 17:34 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DESKTOP-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2013-12-18 17:32 - 2013-12-18 17:32 - 00000000 ____D C:\RegBackup
2013-12-18 16:: ____D C:\Windows\ERUNT
2013-12-18 15:26 - 2013-12-18 15:26 - 00000618 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-18 15:24 - 2013-12-18 15:25 - 01034531 _____ (Thisisu) C:\Users\Joerg\Desktop\JRT.exe
2013-12-17 18:14 - 2013-12-17 18:14 - 00027224 _____ C:\ComboFix.txt
2013-12-17 18:13 - 2013-12-17 17:34 - 00000000 ____D C:\Qoobox
2013-12-17 18:11 - 2013-12-17 16:14 - 00000000 ____D C:\Windows\erdnt
2013-12-17 18::23 - 00000215 _____ C:\Windows\system.ini
2013-12-17 18::23 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts_bak_663
2013-12-17 16::58 - 00000000 ____D C:\ProgramData\IObit
2013-12-17 16::30 - 05155004 ____R (Swearware) C:\Users\Joerg\Desktop\ComboFix.exe
2013-12-15 19:43 - 2013-12-15 19:14 - 3133878462 _____ C:\avenger.txt
2013-12-15 19:14 - 2011-01-26 19:37 - 00000000 ____D C:\Windows\Sun
2013-12-15 18::27 - 00000000 ____D C:\Program Files\TuneUp Utilities 2013
2013-12-15 17:22 - 2012-06-17 18: _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-15 17:22 - 2011-06-23 09:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-15 17:22 - 2008-04-05 17: ____D C:\Program Files\Google
2013-12-15 10:57 - 2013-12-15 09:58 - 00001912 _____ C:\Windows\epplauncher.mif
2013-12-15 09:32 - 2010-05-28 19:30 - 01056768 _____ C:\Windows\system32\defltbase.sdb
2013-12-13 20:20 - 2009-09-06 21:26 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Media Player Classic
2013-12-13 19:22 - 2008-04-23 18:40 - 00050688 _____ C:\Users\Joerg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-12 19:32 - 2008-03-12 20:38 - 00000000 ____D C:\Users\Joerg\AppData\Local\Adobe
2013-12-12 19:17 - 2013-10-04 19:25 - 00000000 ____D C:\ProgramData\Oracle
2013-12-12 19:15 - 2013-12-12 19:16 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-12 19:15 - 2013-12-12 19:16 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-12 19:15 - 2013-12-12 19:16 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-12 19:15 - 2013-12-12 19:16 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-12-12 18::41 - 00000000 ____D C:\Program Files\StarMoney 8.0 S-Edition
2013-12-12 17:49 - 2012-10-10 17:57 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-11 17:47 - 2007-10-10 11:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 17:44 - 2013-07-23 19:59 - 00000000 ____D C:\Windows\system32\MRT
2013-12-11 17:40 - 2006-11-02 11:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-12-09 11:37 - 2013-12-24 16:13 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-09 11:37 - 2013-12-24 16:13 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-09 11:37 - 2013-12-24 16:13 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-12-09 11:37 - 2013-12-24 16:13 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-12-08 15:24 - 2012-11-18 18:24 - 00000000 ____D C:\Users\Joerg\AppData\Local\Rohos
2013-12-08 10::52 - 00000000 ____D C:\Program Files\Astronomie
2013-12-08 09:56 - 2008-05-01 10:20 - 00000000 ____D C:\ProgramData\Skype
2013-12-06 17:24 - 2013-11-26 16:58 - 00001166 _____ C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-12-06 14:55 - 2013-12-06 14:54 - 00000000 ____D C:\Program Files\iTunes
2013-12-06 14:54 - 2013-12-06 14:54 - 00000000 ____D C:\Program Files\iPod
2013-12-06 14:54 - 2011-03-15 19:14 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-06 14:54 - 2011-03-15 19: ____D C:\Program Files\Common Files\Apple
2013-12-05 19:23 - 2011-08-23 17:37 - 00002629 _____ C:\Users\Joerg\BT747SettingsJ2SE.pdb
2013-12-05 17:31 - 2011-08-22 12:27 - 00000000 ____D C:\Users\Joerg\Documents\ezTour_Workspace
2013-12-05 17::23 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-12-04 18:23 - 2011-10-03 14:52 - 00000000 ____D C:\Users\Joerg\AppData\Local\Eye-Fi
2013-12-04 18:10 - 2011-10-03 14:52 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Eye-Fi
2013-11-27 15:54 - 2008-04-20 15:17 - 00000000 ____D C:\Users\Carmen\Documents\Eigene Dokumente
ZeroAccess:
C:\Program Files\Google\Desktop\Install
Some content of TEMP:
====================
C:\Users\Joerg\AppData\Local\temp\avgnt.exe
C:\Users\Joerg\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-27 10:55
==================== End Of Log ============================
--- --- --- Danke und Tschüß Jörg |
|
28.12.2013, 08:27
| #26 |
| /// the machine /// TB-Ausbilder | Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden? Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ZeroAccess:
C:\Program Files\Google\Desktop\Install
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.12.2013, 09:29
| #27 |
| | Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden? Guten Tag Schrauber, hier die Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-12-2013 01
Ran by Joerg at 2013-12-28 09:21:40 Run:2
Running from C:\Users\Joerg\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
ZeroAccess:
C:\Program Files\Google\Desktop\Install
*****************
"C:\Program Files\Google\Desktop\Install" directory move:
Could not move "C:\Program Files\Google\Desktop\Install" directory. => Scheduled to move on reboot.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2013-12-28 09:25:23)<=
C:\Program Files\Google\Desktop\Install => Is moved successfully.
==== End of Fixlog ====
Ich wünsche Dir noch ein schönes "Restwochenende". Jörg |
|
28.12.2013, 18:16
| #28 |
| /// the machine /// TB-Ausbilder | Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden? Zippe den Ordner bitte mal und hänge ihn an. Bitte noch ein frisches FRST log.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.12.2013, 20:51
| #29 |
| | Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden? Guten Abend, beim "zippen" des Ordners kam es zu einer Meldung (Details siehe PDF). Ich musste den Ordner umbenennen ("Ominöser Ordner) damit ich ihn zippen konnte. Das Hochladen des gezippten Ordner geht leider nicht (weil er 0 Bytes groß ist oder weil ich einen Fehler mache).  Und nochmal eine neue FRST.txt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-12-2013 01
Ran by Joerg (administrator) on DESKTOP on 28-12-2013 20:44:11
Running from C:\Users\Joerg\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(B.H.A Corporation) C:\Windows\System32\bgsvcgen.exe
(REINER SCT) C:\Windows\System32\cjpcsc.exe
(devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(IObit) C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
(BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Mozilla Corporation) C:\Program Files\Online\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(Marek Jasinski - www.FreeCommander.com) C:\Program Files\Util\FreeCommander\FreeCommander.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11430504 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [NUSB3MON] - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM\...\Run: [RUSB3MON] - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - KHALMNPR.EXE
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [ShowDriveLettersFirst] 4
HKCU\...\Run: [SyncService] - C:\Program Files\SYNCING.NET\bin\SyncService.exe [1730144 2013-08-20] (ASBYTE)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\Explorer: [TaskbarNoNotification] 1
HKCU\...\Policies\Explorer: [CDRAutoRun] 0
HKU\Carmen\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\Carmen\...\Run: [SyncService] - I:\Program Files\SYNCING.NET\SYNCING.NET\bin\SyncService.exe [ 2009-07-20] (SYNCING.NET Technologies GmbH)
HKU\Carmen\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe
HKU\Carmen\...\Policies\system: [LogonHoursAction] 2
HKU\Carmen\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Catherine-Sophie\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Catherine-Sophie\...\Run: [SyncService] - "C:\Program Files\SYNCING.NET Technologies\SYNCING.NET\bin\SyncService.exe" /silent
HKU\Catherine-Sophie\...\Run: [AusweisApp] - I:\Program Files\AusweisApp\siqBootLoader.exe
HKU\Catherine-Sophie\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)
HKU\Catherine-Sophie\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe
HKU\Catherine-Sophie\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\Catherine-Sophie\...\Policies\system: [LogonHoursAction] 2
HKU\Catherine-Sophie\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\DEG\...\Run: [SyncService] - "C:\Program Files\SYNCING.NET Technologies\SYNCING.NET\bin\SyncService.exe" /silent
HKU\DEG\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe
HKU\DEG\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\DEG\...\Policies\system: [LogonHoursAction] 2
HKU\DEG\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Dominik\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\Dominik\...\Run: [SyncService] - I:\Program Files\SYNCING.NET\SYNCING.NET\bin\SyncService.exe [ 2009-07-20] (SYNCING.NET Technologies GmbH)
HKU\Dominik\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKU\Dominik\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)
HKU\Dominik\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe
HKU\Dominik\...\RunOnce: [Shockwave Updater] - C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_de;_rv:1.9.1.2)_Gecko/20090729_Firefox/3.5.2_(.NET_CLR_3.5.30729)" -"hxxp://www.nordsee-club24.de/blog/urlaub/kinder-und-jugendreisen/campus-nordsee-gaestehaus.html"
HKU\Dominik\...\Policies\system: [LogonHoursAction] 2
HKU\Dominik\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Gast\...\Run: [BullGuard] - "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
HKU\Gast\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\Gast\...\Run: [SyncService] - I:\Program Files\SYNCING.NET\SYNCING.NET\bin\SyncService.exe [ 2009-07-20] (SYNCING.NET Technologies GmbH)
HKU\Gast\...\Run: [AusweisApp] - I:\Program Files\AusweisApp\siqBootLoader.exe
HKU\Gast\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)
HKU\Gast\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe
HKU\Gast\...\RunOnce: [Shockwave Updater] - C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_de;_rv:1.9.1.2)_Gecko/20090729_Firefox/3.5.2_(.NET_CLR_3.5.30729)" -"hxxp://www.nordsee-club24.de/blog/urlaub/kinder-und-jugendreisen/campus-nordsee-gaestehaus.html"
HKU\Gast\...\Policies\system: [LogonHoursAction] 2
HKU\Gast\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\UpdatusUser\...\Run: [SyncService] - "C:\Program Files\SYNCING.NET Technologies\SYNCING.NET\bin\SyncService.exe" /silent
HKU\UpdatusUser\...\Run: [AusweisApp] - I:\Program Files\AusweisApp\siqBootLoader.exe
HKU\UpdatusUser\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)
HKU\UpdatusUser\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe
HKU\UpdatusUser\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\UpdatusUser\...\Policies\system: [LogonHoursAction] 2
HKU\UpdatusUser\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
SearchScopes: HKLM - DefaultScope value is missing.
BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - No File
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: AusweisApp 1.8.0.0 - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Program Files\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - No File
Toolbar: HKCU - No Name - {968631B6-4729-440D-9BF4-251F5593EC9A} - No File
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
ShellExecuteHooks: CExecuteHook Object - {7B0E5486-E11D-437f-AC8B-7901C7D3FCCB} - C:\Program Files\SYNCING.NET\bin\ShellUI.dll [1198176 2013-08-20] (ASBYTE)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\..\Interfaces\{5D24B219-8B75-42F7-B0E3-E3BA710ACB43}: [NameServer]192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887
FF Homepage: hxxp://www.ighome.com/?t=336956
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - I:\Program Files\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @photodex.com/PhotodexPresenter - C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
FF Plugin: @reiner-sct.com/OWOK,version=2.0.0.4 - C:\Program Files\REINER SCT\OWOK\NPAPI-20\nprsct_owok_npapi-2004.dll (REINER Kartengeräte GmbH und Co. KG.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\Multimedia\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Joerg\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Joerg\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
FF Extension: Разпознаване на устройство Logitech - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\DeviceDetection@logitech.com
FF Extension: FRITZ!Box AddOn - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\fb_add_on@avm.de
FF Extension: Foxdie - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\Foxdie@tanjihay.com
FF Extension: Foxdie (Graphite) - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\FoxdieGraphite@tanjihay.com
FF Extension: Geolocater - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\geolocater@3liz.com
FF Extension: KeeFox - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\keefox@chris.tomlinson
FF Extension: Youtube MP3 Podcaster - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\youtubemp3podcaster@jeremy.d.gregorio.com
FF Extension: Forecastfox - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF Extension: Garmin Communicator - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF Extension: Universal Print - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{BE2100B3-1D80-48eb-ACCF-D26750644378}
FF Extension: Bitdefender QuickScan - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: FireJump - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\firejump@firejump.net.xpi
FF Extension: NASA Night Launch - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\nasanightlaunch@example.com.xpi
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\YoutubeDownloader@PeterOlayev.com.xpi
FF Extension: TweakTube - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{15e67a59-bd3d-49ae-90dd-b3d3fd14c2ed}.xpi
FF Extension: Integrated Inbox for Gmail & Google Apps - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi
FF Extension: X-notifier - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
FF Extension: AddonFox - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4}.xpi
FF Extension: Adblock Plus - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: DownThemAll! - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{4F3D26C8-9907-48ff-BC74-B8C572D317BF}] - C:\Program Files\AusweisApp\mozilla\eCardClientExt_FFxx_Win
FF Extension: AusweisApp - C:\Program Files\AusweisApp\mozilla\eCardClientExt_FFxx_Win
FF HKLM\...\Firefox\Extensions: [{4F0963A3-1658-4fde-9585-23A25CC288BF}] - C:\Program Files\AusweisApp\mozilla\eCardClientPIn_FFxx_Win
FF Extension: AusweisApp - C:\Program Files\AusweisApp\mozilla\eCardClientPIn_FFxx_Win
FF HKCU\...\Firefox\Extensions: [{a3490cb9-8f1a-4bc5-b1a7-6c2bc4b83424}] - C:\Program Files\Show-Password\136.xpi
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Online\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR DefaultSearchURL: hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t
CHR DefaultNewTabURL:
CHR Plugin: (Photodex Presenter Plugin) - C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
CHR Extension: (Amazon-Icon) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg\1.0_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_1
CHR Extension: (Google Wallet) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR HKLM\...\Chrome\Extension: [logekkkdbdidmmcgkonmmonclldogceg] - C:\Program Files\Show-Password\136.crx
CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Joerg\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Joerg\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
S4 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [427288 2007-08-31] (Acronis)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)
S4 BotkindSyncService; I:\Program Files\Allway Sync\Bin\SyncService.exe [182784 2013-12-12] ()
R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
S4 CVPND; N:\Program Files\DEG\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3526136 2013-08-27] (devolo AG)
S4 gupdate1c98625899d211c; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-03] (Google Inc.)
S3 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [121360 2009-07-20] (Logitech, Inc.)
R2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151744 2013-11-26] (IObit)
R2 NasPmService; C:\Program Files\BUFFALO\NASNAVI\nassvc.exe [251184 2008-07-11] (BUFFALO INC.)
S4 Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
S4 PMBDeviceInfoProvider; N:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [479840 2012-11-27] (Sony Corporation)
S4 RemoteAccess; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S4 Rohos Disk; C:\Program Files\Rohos\agent.exe [813400 2012-08-24] (Tesline-Service SRL)
S4 SN_Service; C:\Program Files\SYNCING.NET\bin\SN_Service.exe [32768 2013-05-03] (ASBYTE)
S4 StarMoney 8.0 OnlineUpdate; C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S4 TryAndDecideService; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498872 2007-08-31] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1729336 2013-10-11] (TuneUp Software)
S3 TwonkyProxy; C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe [545608 2012-05-03] ()
S3 TwonkyServer; C:\Program Files\Twonky\TwonkyServer\twonkystarter.exe [541512 2012-05-03] (PacketVideo)
S3 TwonkyWebDav; C:\Program Files\Twonky\TwonkyServer\twonkywebdav.exe [271176 2012-05-03] ()
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10)
==================== Drivers (Whitelisted) ====================
R3 3xHybrid; C:\Windows\System32\DRIVERS\3xHybrid.sys [1006816 2009-09-24] (NXP Semiconductors Germany GmbH)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-02-26] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz)
S3 camvid20; C:\Windows\System32\DRIVERS\camdrv21.sys [253909 2004-05-19] (Philips Components BU Imaging Solutions)
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28144 2011-03-29] (REINER SCT)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc. )
S3 FNETTHJM; C:\Windows\System32\drivers\fnetthjm.sys [23936 2010-09-07] (FNet Co., Ltd.)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
S3 IntelDH; C:\Windows\System32\Drivers\IntelDH.sys [5632 2007-10-15] (Intel Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2009-11-24] ()
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10.sys [50560 2008-05-27] (Generic USB smartcard reader)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [554496 2007-09-21] (Ralink Technology Corp.)
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2013-08-27] (CACE Technologies)
R1 prodrv06; C:\Windows\System32\drivers\prodrv06.sys [77184 2004-03-09] (Protection Technology)
R0 prohlp02; C:\Windows\System32\drivers\prohlp02.sys [65504 2004-03-09] (Protection Technology)
R0 prosync1; C:\Windows\System32\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2013-07-01] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2013-07-01] ()
R2 RHDISK; C:\Program Files\Rohos\RHDISK.SYS [40960 2012-08-23] (Tesline-Service SRL)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [80896 2012-05-10] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [172032 2012-05-10] (Renesas Electronics Corporation)
R0 sfhlp01; C:\Windows\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology)
R0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [83320 2007-02-08] (Protection Technology (StarForce))
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2011-01-27] (Silicon Laboratories)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [58496 2011-01-27] (Silicon Laboratories)
S3 SIUSBXP; C:\Windows\System32\drivers\SiUSBXp.sys [14848 2009-03-09] (Silicon Laboratories)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-09] (Avira GmbH)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [7168 2009-09-28] ()
S3 StMp3Rec; C:\Windows\System32\Drivers\StMp3Rec.sys [19840 2007-06-15] (Generic)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [27936 2008-07-15] (RapidSolution Software AG)
R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [368736 2008-03-29] (Acronis)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44416 2008-03-29] (Acronis)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-08-28] (TuneUp Software)
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [122752 2010-07-07] (Texas Instruments)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
S2 adfs; No ImagePath
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 GigasetGenericUSB; system32\DRIVERS\GigasetGenericUSB.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PalmUSBD; system32\drivers\PalmUSBD.sys [x]
S0 PxHelp20; System32\Drivers\PxHelp20.sys [x]
S3 TSHWMDTCP; \??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-28 20:44 - 2013-12-28 20:44 - 00033400 _____ C:\Users\Joerg\Desktop\FRST.txt
2013-12-28 20:44 - 2013-12-28 20:44 - 00000000 ____D C:\Users\Joerg\Desktop\FRST-OlderVersion
2013-12-28 20:39 - 2013-12-28 20:39 - 00000000 _____ C:\Users\Joerg\Desktop\Ominöser Ordner.zip
2013-12-27 10:52 - 2013-12-27 10:44 - 01233962 _____ C:\Users\Joerg\Desktop\adwcleaner.exe
2013-12-26 09:19 - 2013-12-26 09:19 - 00000000 ____D C:\Users\Joerg\Desktop\Teleskopsteuerung
2013-12-26 09:19 - 2013-12-26 09:19 - 00000000 ____D C:\Users\Joerg\Desktop\Astronomie
2013-12-24 16:41 - 2013-12-24 18:16 - 00002480 _____ C:\Windows\logboot_24.12.2013.tureg.log
2013-12-24 16:15 - 2013-12-24 16:15 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Avira
2013-12-24 16:13 - 2013-12-24 16:13 - 00000000 ____D C:\ProgramData\Avira
2013-12-24 16:13 - 2013-12-24 16:13 - 00000000 ____D C:\Program Files\Avira
2013-12-24 16:13 - 2013-12-09 11:37 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-24 16:13 - 2013-12-09 11:37 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-24 16:13 - 2013-12-09 11:37 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-12-24 16:13 - 2013-12-09 11:37 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-12-23 08:59 - 2013-12-23 08:59 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\CalculatedFieldsPlugin
2013-12-22 17:24 - 2013-12-22 17:24 - 00000031 _____ C:\fcStart.ini
2013-12-21 20:13 - 2013-12-21 20:13 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Macromedia
2013-12-21 15:03 - 2013-12-21 15:03 - 00000000 ____D C:\Program Files\Windows Resource Kits
2013-12-21 09:30 - 2013-12-24 16:09 - 00000000 ____D C:\Program Files\Norton Internet Security CBE
2013-12-20 18:16 - 2009-08-19 22:50 - 00022872 _____ (Adobe Systems Inc.) C:\Windows\system32\AdobePDFUI.dll
2013-12-19 20:27 - 2013-12-19 20:27 - 00000000 ____D C:\ProgramData\WindowsSearch
2013-12-19 13:53 - 2013-12-19 13:49 - 00891200 _____ C:\Users\Joerg\Desktop\SecurityCheck.exe
2013-12-19 13:53 - 2013-12-19 13:48 - 02347384 _____ (ESET) C:\Users\Joerg\Desktop\esetsmartinstaller_enu.exe
2013-12-18 17:51 - 2013-12-28 14:25 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-12-18 17:34 - 2013-12-23 09:44 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-12-18 17:34 - 2013-12-18 17:34 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DESKTOP-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2013-12-18 17:32 - 2013-12-18 17:32 - 00000000 ____D C:\RegBackup
2013-12-18 16:00 - 2013-12-18 16:00 - 00000000 ____D C:\Windows\ERUNT
2013-12-18 15:45 - 2013-12-27 11:00 - 00000000 ____D C:\AdwCleaner
2013-12-18 15:26 - 2013-12-18 15:26 - 00000618 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-18 15:25 - 2013-12-18 15:24 - 01034531 _____ (Thisisu) C:\Users\Joerg\Desktop\JRT.exe
2013-12-17 18:14 - 2013-12-17 18:14 - 00027224 _____ C:\ComboFix.txt
2013-12-17 17:49 - 2013-12-22 15:25 - 00000000 ____D C:\ComboFix
2013-12-17 17:34 - 2013-12-17 18:13 - 00000000 ____D C:\Qoobox
2013-12-17 17:30 - 2013-12-17 16:04 - 05155004 ____R (Swearware) C:\Users\Joerg\Desktop\ComboFix.exe
2013-12-17 16:17 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-17 16:17 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-17 16:17 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-17 16:17 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-17 16:17 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-17 16:17 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-17 16:17 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-17 16:17 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-17 16:14 - 2013-12-17 18:11 - 00000000 ____D C:\Windows\erdnt
2013-12-16 16:10 - 2013-12-28 20:44 - 01064037 _____ (Farbar) C:\Users\Joerg\Desktop\FRST.exe
2013-12-16 16:10 - 2013-12-28 20:44 - 00000000 ____D C:\FRST
2013-12-15 19:28 - 2013-12-27 11:12 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\QuickScan
2013-12-15 19:14 - 2013-12-15 19:43 - 3133878462 _____ C:\avenger.txt
2013-12-15 17:22 - 2013-12-15 17:22 - 00000000 ____D C:\Users\Joerg\Desktop\Ominöser Ordner
2013-12-15 09:58 - 2013-12-15 10:57 - 00001912 _____ C:\Windows\epplauncher.mif
2013-12-15 09:45 - 2013-12-21 21:01 - 00000392 ____H C:\Windows\Tasks\User_Feed_Synchronization-{792C0784-4E0D-417A-B5F3-2D5B5D6A4312}.job
2013-12-12 19:16 - 2013-12-12 19:15 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-12 19:16 - 2013-12-12 19:15 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-12 19:16 - 2013-12-12 19:15 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-12 19:16 - 2013-12-12 19:15 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-12-06 14:54 - 2013-12-22 15:26 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-06 14:54 - 2013-12-06 14:55 - 00000000 ____D C:\Program Files\iTunes
2013-12-06 14:54 - 2013-12-06 14:54 - 00000000 ____D C:\Program Files\iPod
==================== One Month Modified Files and Folders =======
2013-12-28 20:45 - 2013-12-28 20:44 - 00033400 _____ C:\Users\Joerg\Desktop\FRST.txt
2013-12-28 20:44 - 2013-12-28 20:44 - 00000000 ____D C:\Users\Joerg\Desktop\FRST-OlderVersion
2013-12-28 20:44 - 2013-12-16 16:10 - 01064037 _____ (Farbar) C:\Users\Joerg\Desktop\FRST.exe
2013-12-28 20:44 - 2013-12-16 16:10 - 00000000 ____D C:\FRST
2013-12-28 20:40 - 2012-12-29 20:47 - 00000000 ____D C:\Users\Joerg\AppData\Local\CrashDumps
2013-12-28 20:39 - 2013-12-28 20:39 - 00000000 _____ C:\Users\Joerg\Desktop\Ominöser Ordner.zip
2013-12-28 20:24 - 2012-06-11 11:42 - 01294266 _____ C:\Windows\WindowsUpdate.log
2013-12-28 14:25 - 2013-12-18 17:51 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-12-28 14:25 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-28 14:25 - 2006-11-02 13:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-28 14:25 - 2006-11-02 13:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-28 09:22 - 2006-11-02 14:01 - 00032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-27 11:12 - 2013-12-15 19:28 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\QuickScan
2013-12-27 11:00 - 2013-12-18 15:45 - 00000000 ____D C:\AdwCleaner
2013-12-27 10:44 - 2013-12-27 10:52 - 01233962 _____ C:\Users\Joerg\Desktop\adwcleaner.exe
2013-12-26 09:31 - 2008-03-11 19:17 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Adobe
2013-12-26 09:19 - 2013-12-26 09:19 - 00000000 ____D C:\Users\Joerg\Desktop\Teleskopsteuerung
2013-12-26 09:19 - 2013-12-26 09:19 - 00000000 ____D C:\Users\Joerg\Desktop\Astronomie
2013-12-26 09:18 - 2013-11-26 16:58 - 00000000 ____D C:\ProgramData\ProductData
2013-12-24 18:18 - 2008-03-11 18:55 - 00000000 ____D C:\Users\Joerg
2013-12-24 18:16 - 2013-12-24 16:41 - 00002480 _____ C:\Windows\logboot_24.12.2013.tureg.log
2013-12-24 18:16 - 2006-11-02 11:22 - 83886080 _____ C:\Windows\system32\config\SOFTWARE_tureg_old
2013-12-24 18:16 - 2006-11-02 11:22 - 53739520 _____ C:\Windows\system32\config\SYSTEM_tureg_old
2013-12-24 18:16 - 2006-11-02 11:22 - 36438016 _____ C:\Windows\system32\config\COMPONENTS_tureg_old
2013-12-24 18:16 - 2006-11-02 11:22 - 00524288 _____ C:\Windows\system32\config\DEFAULT_tureg_old
2013-12-24 18:16 - 2006-11-02 11:22 - 00028672 _____ C:\Windows\system32\config\SECURITY_tureg_old
2013-12-24 16:39 - 2006-11-02 11:22 - 00204800 _____ C:\Windows\system32\config\SAM_tureg_old
2013-12-24 16:27 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\LogFiles
2013-12-24 16:17 - 2008-03-11 19:22 - 00000000 ___RD C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Util
2013-12-24 16:15 - 2013-12-24 16:15 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Avira
2013-12-24 16:13 - 2013-12-24 16:13 - 00000000 ____D C:\ProgramData\Avira
2013-12-24 16:13 - 2013-12-24 16:13 - 00000000 ____D C:\Program Files\Avira
2013-12-24 16:09 - 2013-12-21 09:30 - 00000000 ____D C:\Program Files\Norton Internet Security CBE
2013-12-24 16:09 - 2012-11-25 09:38 - 00000000 ____D C:\ProgramData\Norton
2013-12-23 10:21 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-12-23 10:18 - 2006-11-02 11:33 - 01592432 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-23 09:54 - 2012-06-11 11:39 - 02438576 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-23 09:44 - 2013-12-18 17:34 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-12-23 09:42 - 2012-06-10 09:36 - 00142992 _____ C:\Users\Joerg\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-23 09:23 - 2009-05-31 16:17 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\KeePass
2013-12-23 09:23 - 2008-03-14 17:51 - 00000000 ____D C:\Users\Joerg\Documents\Sonstiges
2013-12-23 08:59 - 2013-12-23 08:59 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\CalculatedFieldsPlugin
2013-12-22 17:24 - 2013-12-22 17:24 - 00000031 _____ C:\fcStart.ini
2013-12-22 17:18 - 2013-02-07 19:30 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-12-22 17:01 - 2009-09-05 19:15 - 00000000 ____D C:\Windows\pss
2013-12-22 15:27 - 2013-11-26 16:58 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\IObit
2013-12-22 15:27 - 2013-11-24 17:11 - 00000000 ____D C:\Users\Joerg\Documents\StreamTransport
2013-12-22 15:27 - 2013-09-25 13:20 - 00000000 ____D C:\Users\Joerg\Documents\FotoMorph Data
2013-12-22 15:27 - 2013-07-27 13:32 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\ContactConversionWizard
2013-12-22 15:27 - 2013-07-06 14:31 - 00000000 ____D C:\Users\Joerg\AppData\Local\Temp8409436aa8c8fe2607f46d888894a0a2
2013-12-22 15:27 - 2013-07-06 14:31 - 00000000 ____D C:\Users\Joerg\AppData\Local\Temp57e798956ff6945e831cb73b3f5ebe6d
2013-12-22 15:27 - 2013-04-28 16:02 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\MyPhoneExplorer
2013-12-22 15:27 - 2013-04-01 08:49 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\mp3DirectCut
2013-12-22 15:27 - 2013-03-10 10:28 - 00000000 ___RD C:\Users\Joerg\Desktop\Fotografie
2013-12-22 15:27 - 2012-08-21 18:41 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\PhotoFiltre 7
2013-12-22 15:27 - 2012-06-08 17:55 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\TwonkyServer
2013-12-22 15:27 - 2012-05-21 16:49 - 00000000 ___SD C:\Users\Joerg\Google Drive
2013-12-22 15:27 - 2012-04-17 14:30 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\DVDVideoSoft
2013-12-22 15:27 - 2012-02-27 20:10 - 00000000 ____D C:\Users\Joerg\XnViewPortable
2013-12-22 15:27 - 2012-01-02 20:00 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Chipcardmaster
2013-12-22 15:27 - 2011-12-25 11:53 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\SmartLine
2013-12-22 15:27 - 2011-12-05 19:51 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\MediaMonkey
2013-12-22 15:27 - 2011-12-03 11:34 - 00000000 ___RD C:\Users\Joerg\Documents\Dropbox
2013-12-22 15:27 - 2011-05-03 18:56 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\gtk-2.0
2013-12-22 15:27 - 2011-05-03 15:20 - 00000000 ____D C:\Users\Joerg\Gpredict
2013-12-22 15:27 - 2011-02-05 21:11 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\PhotoScape
2013-12-22 15:27 - 2010-10-28 09:42 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\DynaGeo
2013-12-22 15:27 - 2010-10-28 09:32 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Notepad++
2013-12-22 15:27 - 2010-09-19 11:16 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Ahnenblatt
2013-12-22 15:27 - 2010-06-21 17:23 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\GeoSetter
2013-12-22 15:27 - 2010-05-29 20:55 - 00000000 ___RD C:\Users\Joerg\Desktop\Sport
2013-12-22 15:27 - 2009-09-23 19:02 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\EQMOD
2013-12-22 15:27 - 2009-09-04 18:01 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Nvu
2013-12-22 15:27 - 2009-08-12 19:33 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\dvdcss
2013-12-22 15:27 - 2009-08-03 08:56 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\vlc
2013-12-22 15:27 - 2009-02-19 14:20 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\skychart
2013-12-22 15:27 - 2008-06-13 18:42 - 00000000 ___RD C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-12-22 15:27 - 2008-05-01 10:21 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Skype
2013-12-22 15:27 - 2008-04-20 09:29 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Thunderbird
2013-12-22 15:27 - 2008-04-17 18:39 - 00000000 ____D C:\Users\Joerg\Documents\TrackMania
2013-12-22 15:27 - 2008-03-22 14:22 - 00000000 ___RD C:\Users\Joerg\Desktop\Games
2013-12-22 15:27 - 2008-03-14 18:54 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Synchronizer
2013-12-22 15:27 - 2008-03-14 18:38 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Stellarium
2013-12-22 15:27 - 2008-03-14 17:45 - 00000000 ___SD C:\Users\Joerg\Documents\Meine Shapes
2013-12-22 15:27 - 2008-03-14 17:45 - 00000000 ____D C:\Users\Joerg\Documents\Navigation
2013-12-22 15:27 - 2008-03-14 17:41 - 00000000 ____D C:\Users\Joerg\Documents\MediaShows
2013-12-22 15:27 - 2008-03-14 17:40 - 00000000 ____D C:\Users\Joerg\Documents\Cartes du Ciel
2013-12-22 15:27 - 2008-03-14 17:40 - 00000000 ____D C:\Users\Joerg\Documents\Astronomie
2013-12-22 15:27 - 2008-03-11 19:23 - 00000000 ___RD C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Online
2013-12-22 15:27 - 2008-03-11 19:21 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anwendung
2013-12-22 15:27 - 2008-03-11 18:56 - 00000000 ____D C:\Users\Joerg\AppData\Local\TVEnhance
2013-12-22 15:27 - 2008-03-11 18:55 - 00000000 ___RD C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-12-22 15:27 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Defender
2013-12-22 15:27 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\spool
2013-12-22 15:27 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\Msdtc
2013-12-22 15:27 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system
2013-12-22 15:26 - 2013-12-06 14:54 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-22 15:26 - 2013-07-06 14:31 - 00000000 ____D C:\Users\Joerg\AppData\Local\Temp4195a7306b30f4fd47dce8db05cd6580
2013-12-22 15:26 - 2012-04-17 14:31 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-12-22 15:26 - 2010-10-29 21:53 - 00000000 ____D C:\ProgramData\FLEXnet
2013-12-22 15:26 - 2010-10-29 20:10 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-12-22 15:26 - 2010-02-13 10:44 - 00000000 ____D C:\Users\Joerg\.jskat
2013-12-22 15:26 - 2009-08-30 09:41 - 00000000 ____D C:\Program Files\Common Files\PX Storage Engine
2013-12-22 15:26 - 2009-02-19 14:25 - 00000000 ____D C:\Users\Joerg\AppData\Local\Skychart
2013-12-22 15:26 - 2008-04-26 09:14 - 00000000 ____D C:\Users\Joerg\AppData\Local\MediaMonkey
2013-12-22 15:26 - 2007-10-10 12:05 - 00000000 ____D C:\Program Files\Adobe
2013-12-22 15:25 - 2013-12-17 17:49 - 00000000 ____D C:\ComboFix
2013-12-22 15:24 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\registration
2013-12-22 10:43 - 2006-11-02 11:22 - 83099648 _____ C:\Windows\system32\config\software_previous
2013-12-22 10:43 - 2006-11-02 11:22 - 53739520 _____ C:\Windows\system32\config\system_previous
2013-12-22 10:43 - 2006-11-02 11:22 - 36438016 _____ C:\Windows\system32\config\components_previous
2013-12-22 10:43 - 2006-11-02 11:22 - 00319488 _____ C:\Windows\system32\config\default_previous
2013-12-22 10:43 - 2006-11-02 11:22 - 00204800 _____ C:\Windows\system32\config\sam_previous
2013-12-22 10:43 - 2006-11-02 11:22 - 00028672 _____ C:\Windows\system32\config\security_previous
2013-12-22 10:24 - 2012-09-03 15:56 - 00000000 ____D C:\Users\DEG
2013-12-22 10:24 - 2010-11-10 16:29 - 00000000 ____D C:\Users\Catherine-Sophie
2013-12-22 10:24 - 2008-04-20 10:13 - 00000000 ____D C:\Users\Dominik
2013-12-22 10:24 - 2008-03-13 19:00 - 00000000 ____D C:\Users\Gast
2013-12-21 21:01 - 2013-12-15 09:45 - 00000392 ____H C:\Windows\Tasks\User_Feed_Synchronization-{792C0784-4E0D-417A-B5F3-2D5B5D6A4312}.job
2013-12-21 20:16 - 2006-11-02 11:22 - 83361792 _____ C:\Windows\system32\config\software.old
2013-12-21 20:16 - 2006-11-02 11:22 - 53739520 _____ C:\Windows\system32\config\system.old
2013-12-21 20:16 - 2006-11-02 11:22 - 36438016 _____ C:\Windows\system32\config\components.old
2013-12-21 20:16 - 2006-11-02 11:22 - 00524288 _____ C:\Windows\system32\config\default.old
2013-12-21 20:16 - 2006-11-02 11:22 - 00204800 _____ C:\Windows\system32\config\sam.old
2013-12-21 20:16 - 2006-11-02 11:22 - 00028672 _____ C:\Windows\system32\config\security.old
2013-12-21 20:13 - 2013-12-21 20:13 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Macromedia
2013-12-21 17:20 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-12-21 16:45 - 2013-10-09 09:49 - 00000000 ____D C:\Users\Carmen\AppData\Roaming\JFritz
2013-12-21 16:40 - 2008-03-21 20:28 - 00142992 _____ C:\Users\Carmen\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-21 15:17 - 2010-05-22 16:49 - 00000000 ____D C:\Users\Joerg\AppData\Local\FixItCenter
2013-12-21 15:03 - 2013-12-21 15:03 - 00000000 ____D C:\Program Files\Windows Resource Kits
2013-12-21 10:08 - 2012-01-02 20:00 - 00000000 ____D C:\Program Files\Chipcardmaster
2013-12-21 09:45 - 2013-03-27 17:03 - 00000000 ____D C:\Program Files\AusweisApp
2013-12-21 09:41 - 2012-02-21 16:36 - 00000000 ____D C:\Users\Joerg\.ausweisapp
2013-12-20 18:43 - 2007-10-10 12:06 - 00000000 ____D C:\ProgramData\Adobe
2013-12-19 20:27 - 2013-12-19 20:27 - 00000000 ____D C:\ProgramData\WindowsSearch
2013-12-19 13:49 - 2013-12-19 13:53 - 00891200 _____ C:\Users\Joerg\Desktop\SecurityCheck.exe
2013-12-19 13:48 - 2013-12-19 13:53 - 02347384 _____ (ESET) C:\Users\Joerg\Desktop\esetsmartinstaller_enu.exe
2013-12-18 17:51 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Public
2013-12-18 17:45 - 2006-11-02 11:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_676
2013-12-18 17:34 - 2013-12-18 17:34 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DESKTOP-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2013-12-18 17:32 - 2013-12-18 17:32 - 00000000 ____D C:\RegBackup
2013-12-18 16:00 - 2013-12-18 16:00 - 00000000 ____D C:\Windows\ERUNT
2013-12-18 15:26 - 2013-12-18 15:26 - 00000618 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-18 15:24 - 2013-12-18 15:25 - 01034531 _____ (Thisisu) C:\Users\Joerg\Desktop\JRT.exe
2013-12-17 18:14 - 2013-12-17 18:14 - 00027224 _____ C:\ComboFix.txt
2013-12-17 18:13 - 2013-12-17 17:34 - 00000000 ____D C:\Qoobox
2013-12-17 18:11 - 2013-12-17 16:14 - 00000000 ____D C:\Windows\erdnt
2013-12-17 18:07 - 2006-11-02 11:23 - 00000215 _____ C:\Windows\system.ini
2013-12-17 18:07 - 2006-11-02 11:23 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts_bak_663
2013-12-17 16:05 - 2013-11-26 16:58 - 00000000 ____D C:\ProgramData\IObit
2013-12-17 16:04 - 2013-12-17 17:30 - 05155004 ____R (Swearware) C:\Users\Joerg\Desktop\ComboFix.exe
2013-12-15 19:43 - 2013-12-15 19:14 - 3133878462 _____ C:\avenger.txt
2013-12-15 19:14 - 2011-01-26 19:37 - 00000000 ____D C:\Windows\Sun
2013-12-15 18:05 - 2012-09-20 13:27 - 00000000 ____D C:\Program Files\TuneUp Utilities 2013
2013-12-15 17:22 - 2013-12-15 17:22 - 00000000 ____D C:\Users\Joerg\Desktop\Ominöser Ordner
2013-12-15 17:22 - 2012-06-17 18:09 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-15 17:22 - 2011-06-23 09:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-15 17:22 - 2008-04-05 17:05 - 00000000 ____D C:\Program Files\Google
2013-12-15 10:57 - 2013-12-15 09:58 - 00001912 _____ C:\Windows\epplauncher.mif
2013-12-15 09:32 - 2010-05-28 19:30 - 01056768 _____ C:\Windows\system32\defltbase.sdb
2013-12-13 20:20 - 2009-09-06 21:26 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Media Player Classic
2013-12-13 19:22 - 2008-04-23 18:40 - 00050688 _____ C:\Users\Joerg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-12 19:32 - 2008-03-12 20:38 - 00000000 ____D C:\Users\Joerg\AppData\Local\Adobe
2013-12-12 19:17 - 2013-10-04 19:25 - 00000000 ____D C:\ProgramData\Oracle
2013-12-12 19:15 - 2013-12-12 19:16 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-12 19:15 - 2013-12-12 19:16 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-12 19:15 - 2013-12-12 19:16 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-12 19:15 - 2013-12-12 19:16 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-12-12 18:01 - 2012-07-10 08:41 - 00000000 ____D C:\Program Files\StarMoney 8.0 S-Edition
2013-12-12 17:49 - 2012-10-10 17:57 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-11 17:47 - 2007-10-10 11:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 17:44 - 2013-07-23 19:59 - 00000000 ____D C:\Windows\system32\MRT
2013-12-11 17:40 - 2006-11-02 11:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-12-09 11:37 - 2013-12-24 16:13 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-09 11:37 - 2013-12-24 16:13 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-09 11:37 - 2013-12-24 16:13 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-12-09 11:37 - 2013-12-24 16:13 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-12-08 15:24 - 2012-11-18 18:24 - 00000000 ____D C:\Users\Joerg\AppData\Local\Rohos
2013-12-08 10:07 - 2008-03-12 18:52 - 00000000 ____D C:\Program Files\Astronomie
2013-12-08 09:56 - 2008-05-01 10:20 - 00000000 ____D C:\ProgramData\Skype
2013-12-06 17:24 - 2013-11-26 16:58 - 00001166 _____ C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-12-06 14:55 - 2013-12-06 14:54 - 00000000 ____D C:\Program Files\iTunes
2013-12-06 14:54 - 2013-12-06 14:54 - 00000000 ____D C:\Program Files\iPod
2013-12-06 14:54 - 2011-03-15 19:14 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-06 14:54 - 2011-03-15 19:09 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-05 19:23 - 2011-08-23 17:37 - 00002629 _____ C:\Users\Joerg\BT747SettingsJ2SE.pdb
2013-12-05 17:31 - 2011-08-22 12:27 - 00000000 ____D C:\Users\Joerg\Documents\ezTour_Workspace
2013-12-05 17:00 - 2007-10-09 15:23 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-12-04 18:23 - 2011-10-03 14:52 - 00000000 ____D C:\Users\Joerg\AppData\Local\Eye-Fi
2013-12-04 18:10 - 2011-10-03 14:52 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Eye-Fi
Some content of TEMP:
====================
C:\Users\Joerg\AppData\Local\temp\avgnt.exe
C:\Users\Joerg\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-28 14:31
==================== End Of Log ============================
Danke und bis bald. Jörg Geändert von Joetra (28.12.2013 um 21:00 Uhr) |
|
29.12.2013, 12:43
| #30 |
| /// the machine /// TB-Ausbilder | Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden? Du hast den Ordner schon mal per Linux gelöscht? Bitte nochmal, auch diesen Ordner: C:\Program Files\Google\Desktop\Install
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden? |
| 32 bit, bitdefender, brauch, cs4/contributeieplugin.dll, dateien, defender, frage, meldung, mobogenie, mobogenie entfernen, passwörter, problem, schutzsoftware, software, speicher, system, verschwunden, vista, win32/adware.addlyrics.x, win32/adware.addlyrics.y, windows, windows vista, wirklich, zero.access; vista, ändern |
Linear-Darstellung
