| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.12.2013, 07:43
| #1 |
 |  Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden? Hallo an alle, nach fast 30 Jahren "störungsfreier" Computernutzung hat es mich nun irgendwie erwischt. Norton meldet einen Befall mit zero.access. Nach mehrmaligem "reinigen" und Neustarts kommt nun keine Meldung mehr. Auch Bitdefender ist der Meinung, daß mein System ohne Befall ist. Nach meinen Recherchen im Netz ist das aber scheinbar nur eine trügerische Ruhe. Deswegen bitte ich um Eure Hilfe. Eine Auffälligkeit gibt es: ich kann keine heruntergeladene Dateien mehr speichern. Beim Versuch Online-Scanner zu nutzen, schlug der Download der benötigten Dateien immer fehl: die Dateien wurden nicht gespeichert (versucht mit FF 24.2 und Chrome). Chrome gibt die Meldung aus, daß es ein Problem mit der Antivirensoftware (Norton) gibt. Auch mit deinstallierter Schutzsoftware taucht das gleiche Problem auf. Was braucht Ihr, um mir helfen zu können? Und noch eine Frage: stimmt es, daß ich wirklich ALLE Passwörter ändern muß? Ich habe seit dem Befall lediglich meinen Mailaccount geöffnet. Banking geht bei mir über einen externen Kartenleser. Auf meinem Rechner ist Windows Vista 32 Bit, SP 1 installiert. Ach noch etwas: ich denke, ich bin das was man einen DAU bezeichnet (aber einen mit soliden Grundkenntnissen ;-) Schon jetzt mal vielen Dank für Eure Geduld. Viele Grüße sendet Euch Jörg |
|
16.12.2013, 07:51
| #2 |
| /// the machine /// TB-Ausbilder    | Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden? hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
16.12.2013, 16:24
| #3 |
| | Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden? Hallo Schrauber,
__________________vielen Dank für Deine Rückmeldung. Ich habe Deine Anweisungen ausgeführt. Anbei die Dateien: Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-12-2013 02 Ran by Joerg at 2013-12-16 16:13:37 Running from C:\Users\Joerg\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) 2007 Microsoft Office Suite Service Pack 2 (SP2) 2007 Microsoft Office Suite Service Pack 3 (SP3) 7-Zip 4.65 Acrobat.com (Version: 0.0.0) Acrobat.com (Version: 1.2.443) Acronis*True*Image*Home (Version: 11.0.8010) Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0) Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.5.5) Adobe After Effects CS4 (Version: 9) Adobe After Effects CS4 Presets (Version: 9) Adobe After Effects CS4 Third Party Content (Version: 9) Adobe AIR (Version: 3.7.0.1530) Adobe Anchor Service CS4 (Version: 2.0) Adobe Asset Services CS4 (Version: 4) Adobe Bridge CS4 (Version: 3) Adobe CMaps CS4 (Version: 2.0) Adobe Color - Photoshop Specific CS4 (Version: 2.0) Adobe Color EU Recommended Settings CS4 (Version: 2.0) Adobe Color JA Extra Settings CS4 (Version: 2.0) Adobe Color NA Extra Settings CS4 (Version: 2.0) Adobe Color Video Profiles AE CS4 (Version: 2.0) Adobe Color Video Profiles CS CS4 (Version: 2.0) Adobe Contribute CS4 (Version: 5.0) Adobe Creative Suite 4 Master Collection (Version: 4.0) Adobe CS4 American English Speech Analysis Models (Version: 1) Adobe CSI CS4 (Version: 1) Adobe Default Language CS4 (Version: 2.0) Adobe Device Central CS4 (Version: 2) Adobe Dreamweaver CS4 (Version: 10.0) Adobe Drive CS4 (Version: 1) Adobe Dynamiclink Support (Version: 1) Adobe Encore CS4 (Version: 4) Adobe Encore CS4 Codecs (Version: 4) Adobe ExtendScript Toolkit CS4 (Version: 3.0.0) Adobe Extension Manager CS4 (Version: 2.0) Adobe Fireworks CS4 (Version: 10.0) Adobe Flash CS4 (Version: 10.0) Adobe Flash CS4 Extension - Flash Lite STI others (Version: 3.0) Adobe Flash CS4 STI-other (Version: 10.0) Adobe Flash Player 11 ActiveX (Version: 11.9.900.170) Adobe Flash Player 11 Plugin (Version: 11.9.900.170) Adobe Fonts All (Version: 2.0) Adobe Illustrator CS4 (Version: 14.0) Adobe InDesign CS4 (Version: 6.0) Adobe InDesign CS4 Application Feature Set Files (Roman) (Version: 6.0) Adobe InDesign CS4 Common Base Files (Version: 6.0) Adobe InDesign CS4 Icon Handler (Version: 6.0) Adobe Linguistics CS4 (Version: 4.0.0) Adobe Media Encoder CS4 (Version: 1.0) Adobe Media Encoder CS4 Additional Exporter (Version: 1.0) Adobe Media Encoder CS4 Dolby (Version: 1.0) Adobe Media Encoder CS4 Exporter (Version: 1.0) Adobe Media Encoder CS4 Importer (Version: 1.0) Adobe Media Player (Version: 0.0.0) Adobe Media Player (Version: 1.1) Adobe MotionPicture Color Files CS4 (Version: 2.0) Adobe OnLocation CS4 (Version: 4) Adobe Output Module (Version: 2.0) Adobe PDF Library Files CS4 (Version: 9.0) Adobe Photoshop CS4 (Version: 11.0) Adobe Photoshop CS4 Support (Version: 11.0) Adobe Premiere Pro CS4 (Version: 4) Adobe Premiere Pro CS4 Functional Content (Version: 4) Adobe Premiere Pro CS4 Third Party Content (Version: 4) Adobe Reader X (10.1.4) - Deutsch (Version: 10.1.4) Adobe Search for Help (Version: 1.0) Adobe Service Manager Extension (Version: 1.0) Adobe Setup (Version: 2.0) Adobe SGM CS4 (Version: 3.0) Adobe Shockwave Player 12.0 (Version: 12.0.7.148) Adobe SING CS4 (Version: 2.0) Adobe Soundbooth CS4 (Version: 2) Adobe Soundbooth CS4 Codecs (Version: 2) Adobe Type Support CS4 (Version: 9.0) Adobe Update Manager CS4 (Version: 6.0.0) Adobe Version Cue CS4 Server (Version: 4.0) Adobe WinSoft Linguistics Plugin (Version: 1.1) Adobe XMP Panels CS4 (Version: 2.0) AdobeColorCommonSetCMYK (Version: 2.0) AdobeColorCommonSetRGB (Version: 2.0) Advanced IP Scanner (Version: 2.2.224) Allway Sync version 12.16.9 Amazon MP3-Downloader 1.0.17 (Version: 1.0.17) AntiBrowserSpy (Version: 2.1.40) Apple Application Support (Version: 2.3.6) Apple Mobile Device Support (Version: 7.0.0.117) Apple Software Update (Version: 2.1.3.127) ASCOM Platform 5.0a (Version: 5.0.21) ATW (Version: 10.0.0) Auslogics Disk Defrag (Version: version 3.3) AusweisApp (Version: 1.11.0) AVM FRITZ!fax für FRITZ!Box AVM TAPI Services for FRITZ!Box Babylon Chrome Toolbar (Version: 2.0.0.7) <==== ATTENTION Beurer*HealthManager (Version: 2.0.1.0) Bonjour (Version: 3.0.0.10) BT747 Desktop Latest BUFFALO NAS Navigator Bundled software uninstaller <==== ATTENTION Canon CanoScan Toolbox 5.0 Canon MovieEdit Task for ZoomBrowser EX (Version: 3.6.0.5) Canon RAW Codec (Version: 1.8.0.68) Canon Utilities CameraWindow DC 8 (Version: 8.8.0.17) Canon Utilities Digital Photo Professional 3.9 (Version: 3.9.3.0) Canon Utilities EOS Capture 1.5 (Version: 1.5) Canon Utilities EOS Utility (Version: 2.4.0.1) Canon Utilities ImageBrowser EX (Version: 1.3.0.5) Canon Utilities ZoomBrowser EX (Version: 6.6.0.23) CanoScan 4400F Cartes du Ciel V3.6 CCleaner (Version: 4.08) CDBurnerXP (Version: 4.5.2.4291) CDDRV_Installer (Version: 4.60) Chipcardmaster 7.04 Cisco Systems VPN Client 5.0.07.0410 (Version: 5.0.7) Citrix Online Plug-in - Web (Version: 12.3.0.8) Citrix Online Plug-in (DV) (Version: 12.3.0.8) Citrix Online Plug-in (HDX) (Version: 12.3.0.8) Citrix Online Plug-in (USB) (Version: 12.3.0.8) Citrix Online Plug-in (Web) (Version: 12.3.0.8) Citrix XenApp Web Plugin (Version: 11.0.0.5357) CNebulaX (Version: 1.5.0.0) Cobra 11 - Nitro (Version: 1.0.0) Color LaserJet 2600n Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000) COMPUTERBILD Karten-Tresor (Version: 1.0.8) COMPUTERBILD Mein Datensafe (Version: 1.0.21) COMPUTERBILD-Cloud Connect (Version: 1.0.0.1) Connectivity Library and TI-Nspire™ handheld drivers (Version: 1.1.0.44) cyberJack Base Components (Version: 6.10.0) Das Planetarium 1900 - 2100 (Version: 13) Defraggler (Version: 2.09) Derive 6 Demo (Version: 6.1) Deutsche Post E-Porto (Version: 2.3.0) devolo dLAN Cockpit (Version: 4.1.3.0) devolo dLAN Wireless extender Konfiguration (Version: 1.0.0.0) devolo dLAN-Konfigurationsassistent (Version: 20.0.0.0) devolo EasyShare (Version: 4.0.0.0) devolo Informer (Version: 28.0.0.0) dLAN Cockpit (Version: 3.23.12) Dropbox (HKCU Version: 2.0.22) EOS 20D WIA Driver (Version: 6.0.0.4) EOSInfo (Version: 0.2.0) Eye-Fi Center 3.4 (Version: 3.4.26) FireJump (Version: 1.0.2.8) Formelsammlung Mathematik Formelsammlung Physik FotoMorph version 13.8 (Version: 13.8) Free DVD Video Converter version 2.0.13.1212 (Version: 2.0.13.1212) Free MP4 Video Converter version 5.0.21.1212 (Version: 5.0.21.1212) Free Studio version 5.9.0.1212 (Version: 5.9.0.1212) FreeCommander 2009.02b (Version: 2009.02) Freizeitkarte_AUT (Ausgabe 13.11) Freizeitkarte_DEU (Ausgabe 13.11) Freizeitkarte_FRA (Ausgabe 13.11) Freizeitkarte_LUX (Ausgabe 13.11) Garmin ANT Agent (Version: 2.3.4) Garmin BaseCamp (Version: 4.2.4) Garmin City Navigator Europe NT 2011.10 (Version: 14.10.0.0) Garmin Communicator Plugin (Version: 4.0.4) Garmin MapInstall (Version: 4.0.4) Garmin MapSource (Version: 6.16.3) Garmin Training Center (Version: 3.5.3) Garmin Training Center (Version: 3.6.5) Garmin USB Drivers (Version: 2.3.1.0) Garmin WebUpdater (Version: 2.5.6) GeoGebra (Version: 4.0.31.0) GeoGebra 4.2 Beta GeoGebra 5.0 (Version: 4.9.218.0) GeoGebra 5.0 Beta GEONExT 1.73 (Version: 1.73) GeoSetter 3.3.48 Google Chrome (HKCU Version: 31.0.1650.57) Google Drive (Version: 1.11.4865.2530) Google Earth (Version: 7.1.1.1888) Google Update Helper (Version: 1.3.21.153) GPS2PowerTrack Plugin (Version: 1.0.3390.38123 as of 2009-04-13) GPSBabel 1.4.4 Hama Racing Wheel Thunder V5 (Version: 1.00.0000) High Precision Ephemeris Tool HOLUX ezTour for Logger v2.2 (Version: v2.2) HOLUX GPS USB DEVICE iCloud (Version: 2.1.2.8) IL-2 Sturmovik Image Data Converter (Version: 4.2.02.10112) ImagXpress (Version: 7.0.74.0) Integrity Tool (Version: 1.10.0) Intel(R) Matrix Storage Manager Intel(R) Network Connections 13.5.32.0 (Version: 13.5.32.0) IObit Uninstaller (Version: 3.0.4.922) iPhoneBrowser (Version: 1.9.3) iTunes (Version: 11.1.3.8) Java 7 Update 45 (Version: 7.0.450) Java Auto Updater (Version: 2.1.9.8) Java(TM) 6 Update 4 (Version: 1.6.0.40) Java(TM) 6 Update 7 (Version: 1.6.0.70) JFritz 0.7.4.2 KeePass Password Safe 1.15 (Version: 1.15) KeePass Password Safe 2.20.1 KhalInstallWrapper (Version: 2.00.0000) K-Lite Mega Codec Pack 6.4.0 (Version: 6.4.0) kuler (Version: 2.0) LG NASDetector (Version: 1.00.0000) Logitech Communications Manager (Version: 10.45.1121) Logitech SetPoint (Version: 4.80) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) MediaManager (Version: 3.0.49) MediaMonkey 4.0 (Version: 4.0) Microsoft .NET Compact Framework 3.5 (Version: 3.5.7283) Microsoft .NET Framework 1.1 (Version: 1.1.4322) Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Automated Troubleshooting Services Shim Microsoft Choice Guard (Version: 2.0.48.0) Microsoft Fix it Center (Version: 1.0.0080) Microsoft Mathematics (Version: 4.0) Microsoft Mathematics-Add-In (32 Bit) (Version: 2.0.041222.01) Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014) Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000) Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1) Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000) Microsoft Office Project 2007 Service Pack 3 (SP3) Microsoft Office Project MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Project Professional 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000) Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Publisher 2007 (Version: 12.0.6612.1000) Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Visio 2007 Service Pack 3 (SP3) Microsoft Office Visio MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Visio Professional 2007 (Version: 12.0.6612.1000) Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Silverlight (Version: 5.1.20913.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Text-to-Speech Engine 4.0 (English) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft WorldWide Telescope (Version: 2.7.12) MobileMe Control Panel (Version: 3.1.8.0) MozBackup 1.5.1 Mozilla Firefox 17.0.5 (x86 de) (Version: 17.0.5) Mozilla Maintenance Service (Version: 24.2.0) Mozilla Thunderbird 24.1.1 (x86 de) (Version: 24.1.1) MPC-HC 1.7.0 (Version: 1.7.0.7858) MSVCRT (Version: 14.0.1468.721) MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0) MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0) MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0) MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MSXML 4.0 SP2 Parser und SDK (Version: 4.20.9818.0) MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0) MSXML 4.0 SP3 Parser (Version: 4.30.2100.0) MyPhoneExplorer (Version: 1.8.4) MyTourbook 13.4.0 (32bit) NAVIGON Fresh 3.4.1 (Version: 3.4.1) NeroLiveGadget (Version: 1.2.7.100) neroxml (Version: 1.0.0) Norton Internet Security CBE (Version: 20.1.1.2) NVIDIA 3D Vision Controller Driver (Version: 280.19) NVIDIA 3D Vision Controller-Treiber 280.19 (Version: 280.19) NVIDIA 3D Vision Treiber 311.06 (Version: 311.06) NVIDIA Display Control Panel (Version: 6.14.11.9745) NVIDIA Grafiktreiber 311.06 (Version: 311.06) NVIDIA Install Application (Version: 2.1002.108.688) NVIDIA PhysX (Version: 9.10.0514) NVIDIA PhysX-Systemsoftware 9.10.0514 (Version: 9.10.0514) NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106) NVIDIA Systemsteuerung 311.06 (Version: 311.06) NVIDIA Update 1.11.3 (Version: 1.11.3) NVIDIA Update Components (Version: 1.10.8) OpenAL OpenSatellite (Version: 3.8) OWOK 2.0.0.4 NPAPI (Version: 2.0.0.4) Pacific Hawk 1.0 (Version: 1.0) PDF Settings CS4 (Version: 9.0) Philips ToUcam Pro Camera Photodex Presenter PHOTOfunSTUDIO HD Edition (Version: 3.00.126) Photoshop Camera Raw (Version: 5.0) Picasa 3 (Version: 3.9) Pixel Bender Toolkit (Version: 1.0) PixiePack Codec Pack (Version: 0.10.6.0) PL-2303 USB-to-Serial (Version: 1.2.10) PlayMemories Home (Version: 7.0.00.11271) ProShow Gold ProShow Producer PVSonyDll (Version: 1.00.0001) QuickTime (Version: 7.74.80.86) Realtek High Definition Audio Driver (Version: 6.0.1.6482) Remote Camera Control (Version: 3.0.09100) Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.1.36.0) Renesas Electronics USB 3.0 Host Controller Driver (Version: 3.0.20.0) Rohos Mini Drive 2.0 Show-Password Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista (Version: 5.30) SkyGazer 4.5 Educational Edition (Version: 4.5.5) Sony Image Data Suite (Version: 3.2.00.15160) Sony RAW Driver (Version: 2.0.00.08130) SportTracks 3.1 (Version: 3.1.5024) StarMoney (Version: 1.0) StarMoney (Version: 2.0) StarMoney (Version: 3.0.2.50) StarMoney 8.0 S-Edition (Version: 8.0) Stellarium 0.12.2 (Version: 0.12.2) StreamTransport version: 1.1.0.1 Suite Shared Configuration CS4 (Version: 1.0) swMSM (Version: 12.0.0.1) SYNCING.NET 5.0 (Version: 5.0) System Requirements Lab TI-Diagnostics Tool (Version: 3.1.270) TI-Nspire(TM) Teacher Software (Version: 3.2.0.1219) TmNationsForever Update 2010-03-15 Tom Clancy's H.A.W.X (Version: 1.02.00000) TrackMania Sunrise Extreme 1.5.0 TraXEx 4.0 (Version: 4.0.0.0) TuneUp Utilities 2013 (Version: 13.0.4000.122) TuneUp Utilities Language Pack (de-DE) (Version: 10.0.4410.1) TuneUp Utilities Language Pack (de-DE) (Version: 12.0.3600.73) TuneUp Utilities Language Pack (de-DE) (Version: 13.0.4000.122) TuneUp Utilities Language Pack (de-DE) (Version: 9.0.4700.21) Ulead PhotoImpact 12 (Version: 12.0) Uninstall of File Security Tool Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition Update für Microsoft Office Excel 2007 Help (KB963678) Update für Microsoft Office Outlook 2007 Help (KB963677) Update für Microsoft Office Powerpoint 2007 Help (KB963669) Update für Microsoft Office Word 2007 Help (KB963665) Updater (Version: 2.6.48) VCRedistSetup (Version: 1.0.0) Virtual Moon Atlas V6.0 Virtual Sky 5 VLC media player 2.1.0 (Version: 2.1.0) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0) Windows Live Anmelde-Assistent (Version: 5.000.818.5) Windows Live Communications Platform (Version: 14.0.8117.416) Windows Live Essentials (Version: 14.0.8117.0416) Windows Live Essentials (Version: 14.0.8117.416) Windows Live Fotogalerie (Version: 14.0.8117.416) Windows Live Movie Maker (Version: 14.0.8117.0416) Windows Live Sync (Version: 14.0.8117.416) Windows Live Writer (Version: 14.0.8117.0416) Windows Live-Uploadtool (Version: 14.0.8014.1029) Windows Mobile-Gerätecenter (Version: 6.1.6965.0) Windows-Treiberpaket - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2) (Version: 07/07/2009 1.12.2) Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (Version: 02/06/2007 3.1) winlogin (Version: 1.0.7) X10 Hardware(TM) XnViewMP 0.61 (Version: 0.61) ==================== Restore Points ========================= Could not list Restore Points. Check WMI. ==================== Hosts content: ========================== 2006-11-02 11:23 - 2010-10-29 20:09 - 00001330 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com ==================== Scheduled Tasks (whitelisted) ============= Task: {0D1401A3-1D12-4F95-A2A6-243D538A61DE} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2013\OneClick.exe [2013-10-11] (TuneUp Software) Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {21CB96F6-BD1F-464B-B7AF-BCA56B706D06} - System32\Tasks\EPUpdater => C:\Users\Joerg\AppData\Roaming\BabSolution\Shared\BabMaint.exe <==== ATTENTION Task: {2FDBDC47-7148-49DB-9D32-32E6A003C996} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 => Rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem Task: {2FDD4F9D-0DA3-4A7B-803B-0BD960E8F69B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-03] (Google Inc.) Task: {33A2F674-DE8E-4202-87CF-970CA089B24F} - System32\Tasks\Microsoft\Windows\RestartManager\{742DA0F6-AEEF-4628-B51B-5828AACCEC1B} => C:\Windows\System32\RmClient.exe [2006-11-02] (Microsoft Corporation) Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {43FA1868-0F60-43E5-B024-6683811EAE7D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4155243805-854486168-2168257993-1004Core => C:\Users\Joerg\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-15] (Google Inc.) Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-18] (Microsoft Corporation) Task: {4779E55D-9920-4E97-AD8B-F7F47656A237} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Joerg => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-18] (Microsoft Corporation) Task: {554C4964-7999-41D4-8C63-C29FF87B972F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {599549B1-99AE-47B6-90C3-7567B7596426} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation) Task: {75967F5A-F06E-4F14-B74E-59E04BB6B8DB} - System32\Tasks\Norton Internet Security CBE\Norton Error Processor => C:\Program Files\Norton Internet Security CBE\Engine\20.1.1.2\symerr.exe [2012-08-17] (Symantec Corporation) Task: {7ECEE2A1-8151-431F-86D8-82F4BD408389} - System32\Tasks\{FF6E49E7-EEC1-4CA6-AF02-9C73F65A0EE5} => C:\Program Files\Skype\Phone\Skype.exe Task: {A1868F64-ED08-49A9-9F86-F62ED855AFFD} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => Rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation Task: {C097CCA7-7BFF-48D5-94A0-146435DCCE8F} - System32\Tasks\Defraggler Volume C Task => C:\Program Files\Util\Defraggler\df.exe [2012-01-16] (Piriform Ltd) Task: {C33D12D1-68E8-48BC-9599-494E39E0FB00} - System32\Tasks\Show-Password Update => C:\Program Files\Show-Password\Show_Password.exe [2013-12-12] () Task: {C4404BA7-35AD-4B01-9264-23B857D92773} - \Microsoft\Windows Defender\MP Scheduled Scan No Task File Task: {C9923C71-A490-4849-BDFD-D1AC37A055F0} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {D14C66E1-6F16-4215-912D-EA243A8255D9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4155243805-854486168-2168257993-1004UA => C:\Users\Joerg\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-15] (Google Inc.) Task: {DD1CE5D5-76B1-4979-A4FE-4BE4C5F6BE43} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\Util\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-05] () Task: {E725336B-954D-4428-80E6-AE8477ACDAA7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-03] (Google Inc.) Task: {E7F91F03-66DF-49C7-9A12-8F1988CFC5AD} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security CBE\Engine\20.1.1.2\WSCStub.exe [2012-08-29] (Symantec Corporation) Task: {E992A907-2470-4FAB-8953-869413148A8E} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files\TuneUp Utilities 2012\OneClick.exe Task: {EB9473A2-88DA-46D4-84B2-737A8976FE9D} - System32\Tasks\Norton Internet Security CBE\Norton Error Analyzer => C:\Program Files\Norton Internet Security CBE\Engine\20.1.1.2\symerr.exe [2012-08-17] (Symantec Corporation) Task: {F8D6E476-24FE-4649-A4D7-985706B29128} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 => Rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem Task: {FF36B272-5FBD-4814-A5D5-19C31B45CD0F} - System32\Tasks\Google Updater and Installer => C:\Users\Joerg\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-15] (Google Inc.) Task: C:\Windows\Tasks\Defraggler Volume C Task.job => C:\Program Files\Util\Defraggler\df.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4155243805-854486168-2168257993-1004Core.job => C:\Users\Joerg\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4155243805-854486168-2168257993-1004UA.job => C:\Users\Joerg\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Show-Password Update.job => C:\Program Files\Show-Password\Show_Password.exe Task: C:\Windows\Tasks\User_Feed_Synchronization-{792C0784-4E0D-417A-B5F3-2D5B5D6A4312}.job => C:\Windows\system32\msfeedssync.exe ==================== Loaded Modules (whitelisted) ============= ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Windows:7D42EAC16CE61F88 AlternateDataStreams: C:\ProgramData\Temp:5F64C164 ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= Could not list Devices. Check WMI. ==================== Event log errors: ========================= Application errors: ================== Error: (12/16/2013 03:56:55 PM) (Source: WinMgmt) (User: ) Description: 0x8007007e Error: (12/15/2013 08:53:06 PM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung ieuser.exe, Version 6.0.6001.18000, Zeitstempel 0x47918f0e, fehlerhaftes Modul gdiplus.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x4cd536ec, Ausnahmecode 0xc0000005, Fehleroffset 0x73f9836d, Prozess-ID 0x159c, Anwendungsstartzeit ieuser.exe0. Error: (12/15/2013 08:45:16 PM) (Source: WinMgmt) (User: ) Description: 0x8007007e Error: (12/15/2013 08:07:47 PM) (Source: System Restore) (User: ) Description: Fehler beim Initiieren der Systemwiederherstellung (IObit Uninstaller restore point). Error: (12/15/2013 07:59:28 PM) (Source: WinMgmt) (User: ) Description: 0x8007007e Error: (12/15/2013 07:46:43 PM) (Source: WinMgmt) (User: ) Description: 0x8007007e Error: (12/15/2013 07:36:56 PM) (Source: EventSystem) (User: ) Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (12/15/2013 07:36:43 PM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6001.18164, Zeitstempel 0x4907e242, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x0729b7a2, Prozess-ID 0x6e8, Anwendungsstartzeit Explorer.EXE0. Error: (12/15/2013 07:25:01 PM) (Source: EventSystem) (User: ) Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (12/15/2013 07:24:30 PM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6001.18164, Zeitstempel 0x4907e242, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x06a4b7a2, Prozess-ID 0x778, Anwendungsstartzeit Explorer.EXE0. System errors: ============= Error: (12/16/2013 03:58:03 PM) (Source: WMPNetworkSvc) (User: ) Description: WMPNetworkSvc0x80070424 Error: (12/16/2013 03:58:02 PM) (Source: SCardSvr) (User: ) Description: Kein Medium im Laufwerk.REINER SCT cyberJack RFID komfort USB 52POWER Error: (12/16/2013 03:58:02 PM) (Source: SCardSvr) (User: ) Description: Kein Medium im Laufwerk.REINER SCT cyberJack RFID komfort USB 52POWER Error: (12/16/2013 03:58:02 PM) (Source: SCardSvr) (User: ) Description: Kein Medium im Laufwerk.REINER SCT cyberJack RFID komfort USB 52POWER Error: (12/16/2013 03:58:02 PM) (Source: SCardSvr) (User: ) Description: Der Datenträger wurde nicht erkannt. Vielleicht ist er nicht formatiert.REINER SCT cyberJack RFID komfort USB 52TRANSMIT Error: (12/16/2013 03:58:02 PM) (Source: SCardSvr) (User: ) Description: Unzulässige Funktion.REINER SCT cyberJack RFID basis 00x313520 Error: (12/16/2013 03:55:55 PM) (Source: iScsiPrt) (User: ) Description: Vom Initiator konnte keine Verbindung mit dem Ziel hergestellt werden. Die Ziel-IP-Adresse und die TCP-Anschlussnummer sind in Sicherungsdaten angegeben. Error: (12/16/2013 03:55:35 PM) (Source: HTTP) (User: ) Description: \Device\Http\ReqQueueKerberos Error: (12/15/2013 08:47:19 PM) (Source: SCardSvr) (User: ) Description: Kein Medium im Laufwerk.REINER SCT cyberJack RFID komfort USB 52POWER Error: (12/15/2013 08:47:19 PM) (Source: SCardSvr) (User: ) Description: Kein Medium im Laufwerk.REINER SCT cyberJack RFID komfort USB 52POWER Microsoft Office Sessions: ========================= Error: (07/27/2013 01:12:40 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 834 seconds with 120 seconds of active time. This session ended with a crash. Error: (05/05/2013 10:54:23 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3653 seconds with 3180 seconds of active time. This session ended with a crash. Error: (05/02/2013 02:53:13 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 16 seconds with 0 seconds of active time. This session ended with a crash. Error: (05/02/2013 02:52:44 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 35 seconds with 0 seconds of active time. This session ended with a crash. Error: (05/02/2013 02:52:01 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1204 seconds with 300 seconds of active time. This session ended with a crash. Error: (04/30/2013 06:43:27 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 102 seconds with 60 seconds of active time. This session ended with a crash. Error: (04/30/2013 06:12:46 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2279 seconds with 180 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2013-12-16 16:13:26.196 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-16 16:13:26.056 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-16 16:13:25.915 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-16 16:13:25.775 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-16 16:13:25.635 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-16 16:13:25.494 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-16 16:13:25.354 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-16 16:13:25.213 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-16 16:13:08.178 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-16 16:13:08.022 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 50% Total physical RAM: 3069.45 MB Available physical RAM: 1509.75 MB Total Pagefile: 6347.87 MB Available Pagefile: 4921.79 MB Total Virtual: 2047.88 MB Available Virtual: 1894.09 MB ==================== Drives ================================ Drive c: (BOOT) (Fixed) (Total:445.76 GB) (Free:247.36 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (RECOVER) (Fixed) (Total:19.99 GB) (Free:9.25 GB) FAT32 Drive h: () (Removable) (Total:1.86 GB) (Free:1.83 GB) FAT Drive i: (HDDRIVE2GO) (Fixed) (Total:931.28 GB) (Free:245.1 GB) FAT32 Drive n: (Datensicherung) (Fixed) (Total:465.76 GB) (Free:110.5 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 2BAB359D) Partition 1: (Active) - (Size=446 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=20 GB) - (Type=OF Extended) ======================================================== Disk: 1 (Size: 932 GB) (Disk ID: C2AC2C31) Partition 1: (Not Active) - (Size=932 GB) - (Type=0C) ======================================================== Disk: 2 (Size: 466 GB) (Disk ID: 9458C93E) Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ======================================================== Disk: 6 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: 858463E0) Partition 1: (Active) - (Size=2 GB) - (Type=06) ==================== End Of Log ============================ und hier die FRST.txt-Datei. Nochmals vielen Dank für Deine Hilfe.  FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-12-2013 02
Ran by Joerg (administrator) on DESKTOP on 16-12-2013 16:10:36
Running from C:\Users\Joerg\Desktop
Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal
==================== Could not list processes ===============
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [] - [x]
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11430504 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [NUSB3MON] - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM\...\Run: [RUSB3MON] - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - KHALMNPR.EXE
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Policies\Explorer: [ShowDriveLettersFirst] 4
HKCU\...\Run: [SyncService] - C:\Program Files\SYNCING.NET\bin\SyncService.exe [1730144 2013-08-20] (ASBYTE)
HKCU\...\Run: [AusweisApp] - C:\Program Files\AusweisApp\siqBootLoader.exe [2514560 2013-05-27] (OpenLimit SignCubes AG)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\Explorer: [TaskbarNoNotification] 1
HKCU\...\Policies\Explorer: [CDRAutoRun] 0
HKCU\...\Policies\Explorer: [NoDrives] 0x03000000
HKCU\...\Policies\Explorer: [NoTrayItemsDisplay] 0x00000000
MountPoints2: {5c9fc732-d402-11dd-b083-001d92739b0b} - explorer.exe body_index.html
MountPoints2: {80281203-b1d1-11df-b7b5-0015af5d9472} - H:\Password.exe
MountPoints2: {cb789139-0742-11de-862f-001d92739b0b} - H:\LaunchU3.exe -a
HKU\Carmen\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\Carmen\...\Run: [SyncService] - I:\Program Files\SYNCING.NET\SYNCING.NET\bin\SyncService.exe [ 2009-07-20] (SYNCING.NET Technologies GmbH)
HKU\Carmen\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe
HKU\Carmen\...\Policies\system: [LogonHoursAction] 2
HKU\Carmen\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Catherine-Sophie\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Catherine-Sophie\...\Run: [SyncService] - "C:\Program Files\SYNCING.NET Technologies\SYNCING.NET\bin\SyncService.exe" /silent
HKU\Catherine-Sophie\...\Run: [AusweisApp] - I:\Program Files\AusweisApp\siqBootLoader.exe
HKU\Catherine-Sophie\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)
HKU\Catherine-Sophie\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe
HKU\Catherine-Sophie\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\Catherine-Sophie\...\Policies\system: [LogonHoursAction] 2
HKU\Catherine-Sophie\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\DEG\...\Run: [SyncService] - "C:\Program Files\SYNCING.NET Technologies\SYNCING.NET\bin\SyncService.exe" /silent
HKU\DEG\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe
HKU\DEG\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\DEG\...\Policies\system: [LogonHoursAction] 2
HKU\DEG\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Dominik\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\Dominik\...\Run: [SyncService] - I:\Program Files\SYNCING.NET\SYNCING.NET\bin\SyncService.exe [ 2009-07-20] (SYNCING.NET Technologies GmbH)
HKU\Dominik\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKU\Dominik\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)
HKU\Dominik\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe
HKU\Dominik\...\RunOnce: [Shockwave Updater] - C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_de;_rv:1.9.1.2)_Gecko/20090729_Firefox/3.5.2_(.NET_CLR_3.5.30729)" -"hxxp://www.nordsee-club24.de/blog/urlaub/kinder-und-jugendreisen/campus-nordsee-gaestehaus.html"
HKU\Dominik\...\Policies\system: [LogonHoursAction] 2
HKU\Dominik\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Gast\...\Run: [BullGuard] - "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
HKU\Gast\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\Gast\...\Run: [SyncService] - I:\Program Files\SYNCING.NET\SYNCING.NET\bin\SyncService.exe [ 2009-07-20] (SYNCING.NET Technologies GmbH)
HKU\Gast\...\Run: [AusweisApp] - I:\Program Files\AusweisApp\siqBootLoader.exe
HKU\Gast\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)
HKU\Gast\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe
HKU\Gast\...\RunOnce: [Shockwave Updater] - C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_de;_rv:1.9.1.2)_Gecko/20090729_Firefox/3.5.2_(.NET_CLR_3.5.30729)" -"hxxp://www.nordsee-club24.de/blog/urlaub/kinder-und-jugendreisen/campus-nordsee-gaestehaus.html"
HKU\Gast\...\Policies\system: [LogonHoursAction] 2
HKU\Gast\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\UpdatusUser\...\Run: [SyncService] - "C:\Program Files\SYNCING.NET Technologies\SYNCING.NET\bin\SyncService.exe" /silent
HKU\UpdatusUser\...\Run: [AusweisApp] - I:\Program Files\AusweisApp\siqBootLoader.exe
HKU\UpdatusUser\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)
HKU\UpdatusUser\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe
HKU\UpdatusUser\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\UpdatusUser\...\Policies\system: [LogonHoursAction] 2
HKU\UpdatusUser\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
IFEO: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\cgcclient.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\connect.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\defraggler.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\deldatabase.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\dualmonitor.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\fixitcenter.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\imagebrowserex.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\infopath.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\inteldh.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\ipsecdialer.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\keepass.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\lightscribecontrolpanel.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\lslauncher.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\mediabuilder.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\mfmanager.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\mspscan.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\mspview.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\mstore.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\netviewer.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\notificationservice.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\nusb3utl.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\nvstlink.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\nvstview.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\offdiag.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\ois.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\outlook.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\phautorun.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\phedit.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\phoebe5.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\pmbbrowser.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\pmbinit.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\rbrowser.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\rohos mini.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\scrconfig.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\scrsetup.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\setmtu.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\setpoint.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\shell.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\smkonv.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\startstarmoney.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\syncappw.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\syncservice.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\teamviewer.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\trueimage.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\uninst.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\visio.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\vpngui.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\vscontentinstaller.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\vslauncher.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\winproj.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\wyupdate.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
SearchScopes: HKLM - DefaultScope {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://www.firetab.org/?type=ds3se&p={searchTerms}
SearchScopes: HKLM - {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://www.firetab.org/?type=ds3se&p={searchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - DefaultScope {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://www.firetab.org/?type=ds3se&p={searchTerms}
SearchScopes: HKCU - {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://www.firetab.org/?type=ds3se&p={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security CBE\Engine\20.1.1.2\CoIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security CBE\Engine\20.1.1.2\IPS\IPSBHO.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Show-Password - {8254df71-5ab7-4882-8b1d-4f9eb66bf311} - C:\Program Files\Show-Password\136.dll ()
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: DNS Error Helper - {9B6B03F1-16CF-4491-BBBB-E872802DD717} - C:\ProgramData\DNSErrorHelper\bho.dll ()
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: AusweisApp 1.8.0.0 - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Program Files\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security CBE\Engine\20.1.1.2\CoIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No File
Toolbar: HKCU - No Name - {968631B6-4729-440D-9BF4-251F5593EC9A} - No File
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - No File
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
ShellExecuteHooks: CExecuteHook Object - {7B0E5486-E11D-437f-AC8B-7901C7D3FCCB} - C:\Program Files\SYNCING.NET\bin\ShellUI.dll [1198176 2013-08-20] (ASBYTE)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog9 12 mswsock.dll File Not found ()
Winsock: Catalog9 13 mswsock.dll File Not found ()
Winsock: Catalog9 14 mswsock.dll File Not found ()
Winsock: Catalog9 15 mswsock.dll File Not found ()
Winsock: Catalog9 16 mswsock.dll File Not found ()
Winsock: Catalog9 17 mswsock.dll File Not found ()
Winsock: Catalog9 18 mswsock.dll File Not found ()
Winsock: Catalog9 19 mswsock.dll File Not found ()
Winsock: Catalog9 20 mswsock.dll File Not found ()
Winsock: Catalog9 21 mswsock.dll File Not found ()
Winsock: Catalog9 22 mswsock.dll File Not found ()
Winsock: Catalog9 23 mswsock.dll File Not found ()
Winsock: Catalog9 24 mswsock.dll File Not found ()
Winsock: Catalog9 25 mswsock.dll File Not found ()
Winsock: Catalog9 26 mswsock.dll File Not found ()
Winsock: Catalog9 27 mswsock.dll File Not found ()
Winsock: Catalog9 28 mswsock.dll File Not found ()
Winsock: Catalog9 29 mswsock.dll File Not found ()
Winsock: Catalog9 30 mswsock.dll File Not found ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{5D24B219-8B75-42F7-B0E3-E3BA710ACB43}: [NameServer]192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887
FF user.js: detected! => C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\user.js
FF Homepage: hxxp://www.ighome.com/?t=336956
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - I:\Program Files\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @photodex.com/PhotodexPresenter - C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
FF Plugin: @reiner-sct.com/OWOK,version=2.0.0.4 - C:\Program Files\REINER SCT\OWOK\NPAPI-20\nprsct_owok_npapi-2004.dll (REINER Kartengeräte GmbH und Co. KG.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\Multimedia\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Joerg\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Joerg\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\searchplugins\babylon1.xml
FF SearchPlugin: C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\searchplugins\safesearch.xml
FF Extension: Виявлення пристроїв Logitech - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\DeviceDetection@logitech.com
FF Extension: FRITZ!Box AddOn - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\fb_add_on@avm.de
FF Extension: FireJump - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\firejump@firejump.net
FF Extension: Foxdie - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\Foxdie@tanjihay.com
FF Extension: Foxdie (Graphite) - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\FoxdieGraphite@tanjihay.com
FF Extension: Geolocater - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\geolocater@3liz.com
FF Extension: KeeFox - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\keefox@chris.tomlinson
FF Extension: Youtube MP3 Podcaster - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\youtubemp3podcaster@jeremy.d.gregorio.com
FF Extension: Forecastfox - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF Extension: Garmin Communicator - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF Extension: EPUBReader - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF Extension: Universal Print - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{BE2100B3-1D80-48eb-ACCF-D26750644378}
FF Extension: Bitdefender QuickScan - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF Extension: adblockpopups - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: nasanightlaunch - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\nasanightlaunch@example.com.xpi
FF Extension: YoutubeDownloader - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\YoutubeDownloader@PeterOlayev.com.xpi
FF Extension: prefs - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi
FF Extension: prefs - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
FF Extension: addonfox - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4}.xpi
FF Extension: Adblock Plus - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: dta - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF HKLM\...\Firefox\Extensions: [{4F3D26C8-9907-48ff-BC74-B8C572D317BF}] - C:\Program Files\AusweisApp\mozilla\eCardClientExt_FFxx_Win
FF Extension: AusweisApp - C:\Program Files\AusweisApp\mozilla\eCardClientExt_FFxx_Win
FF HKLM\...\Firefox\Extensions: [{4F0963A3-1658-4fde-9585-23A25CC288BF}] - C:\Program Files\AusweisApp\mozilla\eCardClientPIn_FFxx_Win
FF Extension: AusweisApp - C:\Program Files\AusweisApp\mozilla\eCardClientPIn_FFxx_Win
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFF
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF HKCU\...\Firefox\Extensions: [firejump@firejump.net] - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\oci3xkhu.default\extensions\firejump@firejump.net
FF HKCU\...\Firefox\Extensions: [{a3490cb9-8f1a-4bc5-b1a7-6c2bc4b83424}] - C:\Program Files\Show-Password\136.xpi
FF Extension: No Name - C:\Program Files\Show-Password\136.xpi
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Online\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t
CHR DefaultNewTabURL:
CHR Plugin: (Photodex Presenter Plugin) - C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
CHR Extension: (Show-Password) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\logekkkdbdidmmcgkonmmonclldogceg\1.136_0
CHR Extension: (Amazon-Icon) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg\1.0_0
CHR Extension: (Norton Identity Protection) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.1.1.4_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_1
CHR Extension: (Google Wallet) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1
CHR Extension: (DVDVideoSoftTB) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo\2.3.4.2_0
CHR HKLM\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\Joerg\AppData\Roaming\BabSolution\CR\BabylonChrome1.crx
CHR HKLM\...\Chrome\Extension: [logekkkdbdidmmcgkonmmonclldogceg] - C:\Program Files\Show-Password\136.crx
CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Joerg\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security CBE\Engine\20.1.1.2\Exts\Chrome.crx
CHR HKLM\...\Chrome\Extension: [nohfdhapjjlndfgjnmdlcabloeembdkj] - C:\Users\Joerg\AppData\Roaming\BabSolution\CR\delta2.crx
CHR HKLM\...\Chrome\Extension: [plmlpkfpkijnlijgalnjaacllnjmoamo] - C:\Users\Joerg\AppData\Local\CRE\plmlpkfpkijnlijgalnjaacllnjmoamo.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Joerg\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
S4 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [427288 2007-08-31] (Acronis)
S3 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)
S4 BotkindSyncService; I:\Program Files\Allway Sync\Bin\SyncService.exe [182784 2013-10-10] ()
R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
S4 CVPND; N:\Program Files\DEG\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3526136 2013-08-27] (devolo AG)
S4 gupdate1c98625899d211c; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-03] (Google Inc.)
S3 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [121360 2009-07-20] (Logitech, Inc.)
R2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151744 2013-11-26] (IObit)
R2 NasPmService; C:\Program Files\BUFFALO\NASNAVI\nassvc.exe [251184 2008-07-11] (BUFFALO INC.)
S4 Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
R2 NIS; C:\Program Files\Norton Internet Security CBE\Engine\20.1.1.2\diMaster.dll [531864 2012-08-21] (Symantec Corporation)
S4 PMBDeviceInfoProvider; N:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [479840 2012-11-27] (Sony Corporation)
S4 Rohos Disk; C:\Program Files\Rohos\agent.exe [813400 2012-08-24] (Tesline-Service SRL)
S4 SearchAnonymizer; C:\Users\Joerg\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2013-10-04] ()
S2 SharedAccess; C:\Windows\System32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S4 SN_Service; C:\Program Files\SYNCING.NET\bin\SN_Service.exe [32768 2013-05-03] (ASBYTE)
S4 StarMoney 8.0 OnlineUpdate; C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S4 TryAndDecideService; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498872 2007-08-31] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1729336 2013-10-11] (TuneUp Software)
S3 TwonkyProxy; C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe [545608 2012-05-03] ()
S3 TwonkyServer; C:\Program Files\Twonky\TwonkyServer\twonkystarter.exe [541512 2012-05-03] (PacketVideo)
S3 TwonkyWebDav; C:\Program Files\Twonky\TwonkyServer\twonkywebdav.exe [271176 2012-05-03] ()
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10)
U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{b3f4bc23-f743-f11a-6c7d-77e802656f9e}\ \...\???\{b3f4bc23-f743-f11a-6c7d-77e802656f9e}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
==================== Drivers (Whitelisted) ====================
R3 3xHybrid; C:\Windows\System32\DRIVERS\3xHybrid.sys [1006816 2009-09-24] (NXP Semiconductors Germany GmbH)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-02-26] ()
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20131203.001\BHDrvx86.sys [1098968 2013-12-03] (Symantec Corporation)
R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz)
S3 camvid20; C:\Windows\System32\DRIVERS\camdrv21.sys [253909 2004-05-19] (Philips Components BU Imaging Solutions)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1401010.002\ccSetx86.sys [134304 2012-08-07] (Symantec Corporation)
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation)
R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28144 2011-03-29] (REINER SCT)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-12-15] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-12-15] (Symantec Corporation)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc. )
S3 FNETTHJM; C:\Windows\System32\drivers\fnetthjm.sys [23936 2010-09-07] (FNet Co., Ltd.)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20131213.001\IDSvix86.sys [394456 2013-12-13] (Symantec Corporation)
S3 IntelDH; C:\Windows\System32\Drivers\IntelDH.sys [5632 2007-10-15] (Intel Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2009-11-24] ()
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10.sys [50560 2008-05-27] (Generic USB smartcard reader)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20131214.005\NAVENG.SYS [93272 2013-12-15] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20131214.005\NAVEX15.SYS [1612376 2013-12-15] (Symantec Corporation)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [554496 2007-09-21] (Ralink Technology Corp.)
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2013-08-27] (CACE Technologies)
R1 prodrv06; C:\Windows\System32\drivers\prodrv06.sys [77184 2004-03-09] (Protection Technology)
R0 prohlp02; C:\Windows\System32\drivers\prohlp02.sys [65504 2004-03-09] (Protection Technology)
R0 prosync1; C:\Windows\System32\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2013-07-01] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2013-07-01] ()
R2 RHDISK; C:\Program Files\Rohos\RHDISK.SYS [40960 2012-08-23] (Tesline-Service SRL)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [80896 2012-05-10] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [172032 2012-05-10] (Renesas Electronics Corporation)
R0 sfhlp01; C:\Windows\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology)
R0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [83320 2007-02-08] (Protection Technology (StarForce))
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2011-01-27] (Silicon Laboratories)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [58496 2011-01-27] (Silicon Laboratories)
S3 SIUSBXP; C:\Windows\System32\drivers\SiUSBXp.sys [14848 2009-03-09] (Silicon Laboratories)
R3 SRTSP; C:\Windows\system32\drivers\NIS\1401010.002\SRTSP.SYS [585888 2012-08-10] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1401010.002\SRTSPX.SYS [32888 2012-05-24] (Symantec Corporation)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [7168 2009-09-28] ()
S3 StMp3Rec; C:\Windows\System32\Drivers\StMp3Rec.sys [19840 2007-06-15] (Generic)
R0 SymDS; C:\Windows\System32\drivers\NIS\1401010.002\SYMDS.SYS [368288 2012-07-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1401010.002\SYMEFA.SYS [926880 2012-08-07] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-12-15] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1401010.002\Ironx86.SYS [175264 2012-07-27] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\system32\drivers\NIS\1401010.002\SYMTDIV.SYS [350368 2012-07-22] (Symantec Corporation)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [27936 2008-07-15] (RapidSolution Software AG)
R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [368736 2008-03-29] (Acronis)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44416 2008-03-29] (Acronis)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-08-28] (TuneUp Software)
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [122752 2010-07-07] (Texas Instruments)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 GigasetGenericUSB; system32\DRIVERS\GigasetGenericUSB.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PalmUSBD; system32\drivers\PalmUSBD.sys [x]
S3 TSHWMDTCP; \??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-16 16:10 - 2013-12-16 16:13 - 00045069 _____ C:\Users\Joerg\Desktop\FRST.txt
2013-12-16 16:10 - 2013-12-16 16:10 - 00000000 ____D C:\FRST
2013-12-16 16:10 - 2013-12-16 16:07 - 01060997 _____ (Farbar) C:\Users\Joerg\Desktop\FRST.exe
2013-12-15 20:10 - 2013-12-15 20:48 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-12-15 20:10 - 2013-12-15 20:10 - 00142496 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2013-12-15 20:10 - 2013-12-15 20:10 - 00007446 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT
2013-12-15 20:10 - 2013-12-15 20:10 - 00000000 ____D C:\Program Files\Symantec
2013-12-15 20:09 - 2013-12-15 20:09 - 00000000 ____D C:\Windows\system32\Drivers\NIS
2013-12-15 20:09 - 2013-12-15 20:09 - 00000000 ____D C:\Program Files\Norton Internet Security CBE
2013-12-15 19:58 - 2013-12-16 15:55 - 00679002 _____ C:\Windows\PFRO.log
2013-12-15 19:28 - 2013-12-15 20:15 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\QuickScan
2013-12-15 19:14 - 2013-12-15 19:43 - 3133878462 _____ C:\avenger.txt
2013-12-15 09:58 - 2013-12-15 10:57 - 00001912 _____ C:\Windows\epplauncher.mif
2013-12-15 09:45 - 2013-12-16 16:00 - 00000392 ____H C:\Windows\Tasks\User_Feed_Synchronization-{792C0784-4E0D-417A-B5F3-2D5B5D6A4312}.job
2013-12-12 19:16 - 2013-12-12 19:15 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-12 19:16 - 2013-12-12 19:15 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-12 19:16 - 2013-12-12 19:15 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-12 19:16 - 2013-12-12 19:15 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-12-12 18:55 - 2013-12-15 16:32 - 00000380 _____ C:\Windows\Tasks\Show-Password Update.job
2013-12-12 18:55 - 2013-12-12 18:55 - 00000000 ____D C:\Program Files\Show-Password
2013-12-06 14:54 - 2013-12-06 14:55 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-06 14:54 - 2013-12-06 14:55 - 00000000 ____D C:\Program Files\iTunes
2013-12-06 14:54 - 2013-12-06 14:54 - 00000000 ____D C:\Program Files\iPod
2013-12-03 17:56 - 2013-12-03 17:56 - 00000000 ____D C:\Users\Joerg\Neuer Ordner
2013-11-26 17:32 - 2013-11-26 17:32 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Malwarebytes
2013-11-26 17:31 - 2013-11-26 17:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-26 17:31 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-26 17:25 - 2013-10-31 09:35 - 00001136 _____ C:\Users\Joerg\Documents\indexfile.txt
2013-11-26 16:58 - 2013-12-11 11:41 - 00000000 ____D C:\ProgramData\ProductData
2013-11-26 16:58 - 2013-12-06 17:24 - 00001166 _____ C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-11-26 16:58 - 2013-11-26 16:59 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\IObit
2013-11-26 16:58 - 2013-11-26 16:59 - 00000000 ____D C:\Program Files\IObit
2013-11-26 16:58 - 2013-11-26 16:58 - 00000000 ____D C:\ProgramData\IObit
2013-11-26 16:48 - 2013-11-26 16:48 - 00000953 _____ C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-26 16:28 - 2013-11-26 16:28 - 32823600 _____ (DVDVideoSoft Ltd. ) C:\Users\Joerg\Downloads\FreeAVIVideoConverter (1).exe
2013-11-26 15:25 - 2013-11-26 15:25 - 00000000 ____D C:\ProgramData\TubeDimmer
2013-11-24 17:11 - 2013-11-24 17:11 - 00000000 ____D C:\Users\Joerg\Documents\StreamTransport
2013-11-24 15:02 - 2013-11-26 18:24 - 00000000 ____D C:\ProgramData\Updater
2013-11-24 15:01 - 2013-11-24 15:02 - 00000000 ____D C:\Users\Joerg\AppData\Local\Mobogenie
2013-11-24 15:01 - 2013-11-24 15:01 - 00000000 ____D C:\Users\Joerg\Documents\Mobogenie
2013-11-24 15:01 - 2013-11-24 15:01 - 00000000 ____D C:\Users\Joerg\AppData\Local\cache
2013-11-24 15:01 - 2013-11-24 15:01 - 00000000 _____ C:\Users\Joerg\daemonprocess.txt
2013-11-24 15:00 - 2013-11-24 15:02 - 00000000 ____D C:\Program Files\Mobogenie
2013-11-24 10:23 - 2013-11-24 10:23 - 28289104 _____ (Any-Video-Converter.com ) C:\Users\Joerg\Downloads\avc-free.exe
2013-11-24 10:21 - 2013-11-24 10:21 - 00000000 ____D C:\Users\Joerg\Documents\Any Video Converter
2013-11-21 12:10 - 2013-11-21 12:10 - 00000000 ____D C:\ProgramData\PCSettings
2013-11-17 17:42 - 2013-11-17 17:42 - 00002160 _____ C:\{69136949-8CA9-49E5-8CF3-CFAA369C114F}
==================== One Month Modified Files and Folders =======
2013-12-16 16:13 - 2013-12-16 16:10 - 00045069 _____ C:\Users\Joerg\Desktop\FRST.txt
2013-12-16 16:10 - 2013-12-16 16:10 - 00000000 ____D C:\FRST
2013-12-16 16:07 - 2013-12-16 16:10 - 01060997 _____ (Farbar) C:\Users\Joerg\Desktop\FRST.exe
2013-12-16 16:01 - 2012-06-11 11:42 - 01142541 _____ C:\Windows\WindowsUpdate.log
2013-12-16 16:00 - 2013-12-15 09:45 - 00000392 ____H C:\Windows\Tasks\User_Feed_Synchronization-{792C0784-4E0D-417A-B5F3-2D5B5D6A4312}.job
2013-12-16 15:57 - 2012-02-21 16:36 - 00000000 ____D C:\Users\Joerg\.ausweisapp
2013-12-16 15:55 - 2013-12-15 19:58 - 00679002 _____ C:\Windows\PFRO.log
2013-12-16 15:55 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-16 15:55 - 2006-11-02 13:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-16 15:55 - 2006-11-02 13:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-15 21:04 - 2006-11-02 14:01 - 00032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-15 20:48 - 2013-12-15 20:10 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-12-15 20:15 - 2013-12-15 19:28 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\QuickScan
2013-12-15 20:13 - 2008-03-11 19:17 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Adobe
2013-12-15 20:10 - 2013-12-15 20:10 - 00142496 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2013-12-15 20:10 - 2013-12-15 20:10 - 00007446 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT
2013-12-15 20:10 - 2013-12-15 20:10 - 00000000 ____D C:\Program Files\Symantec
2013-12-15 20:09 - 2013-12-15 20:09 - 00000000 ____D C:\Windows\system32\Drivers\NIS
2013-12-15 20:09 - 2013-12-15 20:09 - 00000000 ____D C:\Program Files\Norton Internet Security CBE
2013-12-15 20:09 - 2012-11-25 09:38 - 00000000 ____D C:\ProgramData\Norton
2013-12-15 19:55 - 2012-12-29 20:47 - 00000000 ____D C:\Users\Joerg\AppData\Local\CrashDumps
2013-12-15 19:43 - 2013-12-15 19:14 - 3133878462 _____ C:\avenger.txt
2013-12-15 19:14 - 2011-01-26 19:37 - 00000000 ____D C:\Windows\Sun
2013-12-15 18:05 - 2012-09-20 13:27 - 00000000 ____D C:\Program Files\TuneUp Utilities 2013
2013-12-15 17:34 - 2006-11-02 11:33 - 01579272 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-15 17:22 - 2012-06-17 18:09 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-15 17:22 - 2011-06-23 09:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-15 17:22 - 2008-04-05 17:05 - 00000000 ____D C:\Program Files\Google
2013-12-15 16:32 - 2013-12-12 18:55 - 00000380 _____ C:\Windows\Tasks\Show-Password Update.job
2013-12-15 16:32 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\LogFiles
2013-12-15 10:57 - 2013-12-15 09:58 - 00001912 _____ C:\Windows\epplauncher.mif
2013-12-15 09:32 - 2010-05-28 19:30 - 01056768 _____ C:\Windows\system32\defltbase.sdb
2013-12-13 20:20 - 2009-09-06 21:26 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Media Player Classic
2013-12-13 19:22 - 2008-04-23 18:40 - 00050688 _____ C:\Users\Joerg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-12 19:32 - 2008-03-12 20:38 - 00000000 ____D C:\Users\Joerg\AppData\Local\Adobe
2013-12-12 19:23 - 2010-10-29 20:10 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-12-12 19:23 - 2007-10-10 12:05 - 00000000 ____D C:\Program Files\Adobe
2013-12-12 19:22 - 2007-10-10 12:06 - 00000000 ____D C:\ProgramData\Adobe
2013-12-12 19:17 - 2013-10-04 19:25 - 00000000 ____D C:\ProgramData\Oracle
2013-12-12 19:15 - 2013-12-12 19:16 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-12 19:15 - 2013-12-12 19:16 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-12 19:15 - 2013-12-12 19:16 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-12 19:15 - 2013-12-12 19:16 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-12-12 18:55 - 2013-12-12 18:55 - 00000000 ____D C:\Program Files\Show-Password
2013-12-12 18:01 - 2012-07-10 08:41 - 00000000 ____D C:\Program Files\StarMoney 8.0 S-Edition
2013-12-12 17:49 - 2012-10-10 17:57 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-11 17:47 - 2007-10-10 11:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 17:44 - 2013-07-23 19:59 - 00000000 ____D C:\Windows\system32\MRT
2013-12-11 17:40 - 2006-11-02 11:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-12-11 15:02 - 2013-10-09 09:49 - 00000000 ____D C:\Users\Carmen\AppData\Roaming\JFritz
2013-12-11 11:41 - 2013-11-26 16:58 - 00000000 ____D C:\ProgramData\ProductData
2013-12-08 15:24 - 2012-11-18 18:24 - 00000000 ____D C:\Users\Joerg\AppData\Local\Rohos
2013-12-08 10:07 - 2008-03-12 18:52 - 00000000 ____D C:\Program Files\Astronomie
2013-12-08 10:00 - 2008-03-11 19:23 - 00000000 ___RD C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Online
2013-12-08 09:56 - 2008-05-01 10:20 - 00000000 ____D C:\ProgramData\Skype
2013-12-08 09:54 - 2008-05-01 10:21 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Skype
2013-12-08 09:54 - 2008-03-11 19:22 - 00000000 ___RD C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Util
2013-12-08 09:39 - 2008-03-11 18:55 - 00000000 ____D C:\Users\Joerg
2013-12-08 09:25 - 2009-05-31 16:17 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\KeePass
2013-12-07 09:40 - 2006-11-02 11:22 - 83361792 _____ C:\Windows\system32\config\SOFTWARE_tureg_old
2013-12-07 09:40 - 2006-11-02 11:22 - 53215232 _____ C:\Windows\system32\config\SYSTEM_tureg_old
2013-12-07 09:40 - 2006-11-02 11:22 - 36069376 _____ C:\Windows\system32\config\COMPONENTS_tureg_old
2013-12-07 09:40 - 2006-11-02 11:22 - 00524288 _____ C:\Windows\system32\config\DEFAULT_tureg_old
2013-12-07 09:40 - 2006-11-02 11:22 - 00028672 _____ C:\Windows\system32\config\SECURITY_tureg_old
2013-12-06 18:13 - 2006-11-02 11:22 - 00204800 _____ C:\Windows\system32\config\SAM_tureg_old
2013-12-06 17:32 - 2012-04-17 14:32 - 00000000 ____D C:\Users\Joerg\AppData\Local\Conduit
2013-12-06 17:29 - 2011-12-05 19:51 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\MediaMonkey
2013-12-06 17:24 - 2013-11-26 16:58 - 00001166 _____ C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-12-06 14:55 - 2013-12-06 14:54 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-06 14:55 - 2013-12-06 14:54 - 00000000 ____D C:\Program Files\iTunes
2013-12-06 14:54 - 2013-12-06 14:54 - 00000000 ____D C:\Program Files\iPod
2013-12-06 14:54 - 2011-03-15 19:14 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-06 14:54 - 2011-03-15 19:09 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-05 19:23 - 2011-08-23 17:37 - 00002629 _____ C:\Users\Joerg\BT747SettingsJ2SE.pdb
2013-12-05 17:31 - 2011-08-22 12:27 - 00000000 ____D C:\Users\Joerg\Documents\ezTour_Workspace
2013-12-05 17:00 - 2007-10-09 15:23 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-12-04 18:23 - 2011-10-03 14:52 - 00000000 ____D C:\Users\Joerg\AppData\Local\Eye-Fi
2013-12-04 18:10 - 2011-10-03 14:52 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Eye-Fi
2013-12-03 17:56 - 2013-12-03 17:56 - 00000000 ____D C:\Users\Joerg\Neuer Ordner
2013-12-01 20:17 - 2008-03-14 17:45 - 00000000 ____D C:\Users\Joerg\Documents\Navigation
2013-11-27 15:54 - 2008-04-20 15:17 - 00000000 ____D C:\Users\Carmen\Documents\Eigene Dokumente
2013-11-26 19:49 - 2009-09-05 19:15 - 00000000 ____D C:\Windows\pss
2013-11-26 18:24 - 2013-11-24 15:02 - 00000000 ____D C:\ProgramData\Updater
2013-11-26 17:47 - 2013-07-06 14:31 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Windows Net Data
2013-11-26 17:47 - 2013-01-05 20:23 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Babylon
2013-11-26 17:32 - 2013-11-26 17:32 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Malwarebytes
2013-11-26 17:31 - 2013-11-26 17:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-26 17:16 - 2011-04-25 08:44 - 00002078 _____ C:\Windows\system32\OSSService.log
2013-11-26 17:08 - 2008-03-11 19:33 - 00000000 ____D C:\Program Files\Online
2013-11-26 16:59 - 2013-11-26 16:58 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\IObit
2013-11-26 16:59 - 2013-11-26 16:58 - 00000000 ____D C:\Program Files\IObit
2013-11-26 16:58 - 2013-11-26 16:58 - 00000000 ____D C:\ProgramData\IObit
2013-11-26 16:48 - 2013-11-26 16:48 - 00000953 _____ C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-26 16:48 - 2013-11-12 16:57 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Opera Software
2013-11-26 16:48 - 2013-11-12 16:57 - 00000000 ____D C:\Users\Joerg\AppData\Local\Opera Software
2013-11-26 16:41 - 2010-10-29 21:53 - 00000000 ____D C:\ProgramData\FLEXnet
2013-11-26 16:41 - 2010-05-19 17:19 - 00000000 ____D C:\Program Files\Garmin
2013-11-26 16:41 - 2009-08-03 08:56 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\vlc
2013-11-26 16:41 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\spool
2013-11-26 16:41 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\registration
2013-11-26 16:28 - 2013-11-26 16:28 - 32823600 _____ (DVDVideoSoft Ltd. ) C:\Users\Joerg\Downloads\FreeAVIVideoConverter (1).exe
2013-11-26 15:25 - 2013-11-26 15:25 - 00000000 ____D C:\ProgramData\TubeDimmer
2013-11-24 17:11 - 2013-11-24 17:11 - 00000000 ____D C:\Users\Joerg\Documents\StreamTransport
2013-11-24 15:02 - 2013-11-24 15:01 - 00000000 ____D C:\Users\Joerg\AppData\Local\Mobogenie
2013-11-24 15:02 - 2013-11-24 15:00 - 00000000 ____D C:\Program Files\Mobogenie
2013-11-24 15:01 - 2013-11-24 15:01 - 00000000 ____D C:\Users\Joerg\Documents\Mobogenie
2013-11-24 15:01 - 2013-11-24 15:01 - 00000000 ____D C:\Users\Joerg\AppData\Local\cache
2013-11-24 15:01 - 2013-11-24 15:01 - 00000000 _____ C:\Users\Joerg\daemonprocess.txt
2013-11-24 10:23 - 2013-11-24 10:23 - 28289104 _____ (Any-Video-Converter.com ) C:\Users\Joerg\Downloads\avc-free.exe
2013-11-24 10:21 - 2013-11-24 10:21 - 00000000 ____D C:\Users\Joerg\Documents\Any Video Converter
2013-11-22 12:12 - 2011-04-17 10:39 - 00000000 ___HD C:\Users\Joerg\Documents\_SYNCAPP
2013-11-21 12:10 - 2013-11-21 12:10 - 00000000 ____D C:\ProgramData\PCSettings
2013-11-19 11:21 - 2009-10-02 17:50 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-17 17:42 - 2013-11-17 17:42 - 00002160 _____ C:\{69136949-8CA9-49E5-8CF3-CFAA369C114F}
2013-11-17 16:07 - 2008-03-11 20:29 - 00000000 ____D C:\ProgramData\TuneUp Software
ZeroAccess:
C:\Users\Joerg\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install
Some content of TEMP:
====================
C:\Users\Joerg\AppData\Local\Temp\InstallFlashPlayer.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
LastRegBack: 2013-12-16 16:01
==================== End Of Log ============================
--- --- --- |
|
17.12.2013, 10:00
| #4 |
| /// the machine /// TB-Ausbilder | Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden? hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.12.2013, 18:40
| #5 |
| | Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden? Hi Schrauber, nachfolgend ist die ComboFix.txt. Folgende Meldung ist nach Abschluß des Scans in einer DOS Box angezeigt worden: Fast fertig..Dieses Bildschirmfenster wird sich in Kürze schließen. (Bem.: hat es nicht getan) Bitte warte ein paar Sekunden, damit das Log geöffnet und angezeigt werden kann. (Bem.: wurde nicht angezeigt) Das ComboFix-Log wird unter c:\COMBOFIX.TXT zu finden sein. SED: can't read catchlog: No such file or directory SED: can't read catchlog: No such file or directory grep: catchlog: No such file or directory ...Meldung DOS-Box Ende... Was habe ich falsch gemacht? So, und hier nun die ComboFix.txt Code:
ATTFilter ComboFix 13-12-17.02 - Joerg 17.12.2013 17:55:12.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3069.1725 [GMT 1:00]
ausgeführt von:: c:\users\Joerg\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\programdata\60a7806a-0eea-424c-a464-20f4730cd631
c:\programdata\DNSErrorHelper\bhO.dll
c:\users\Carmen\AppData\Local\Microsoft\Windows\Temporary Internet Files\pplCsv.txt
c:\users\Carmen\AppData\Local\Microsoft\Windows\Temporary Internet Files\tempCsv.txt
c:\users\Dominik\AppData\Roaming\Skype
c:\users\Dominik\AppData\Roaming\Skype\shared.lck
c:\users\Dominik\AppData\Roaming\Skype\shared.xml
c:\users\Joerg\4.0
c:\users\Joerg\AppData\Roaming\AD ON Multimedia
c:\users\Joerg\AppData\Roaming\inst.exe
c:\windows\CAPI2032.DLL
c:\windows\IsUn0407.exe
c:\windows\ST6UNST.000
c:\windows\system\Agcgauge.ax
c:\windows\system32\SET42AC.tmp
c:\windows\system32\SET5793.tmp
c:\windows\system32\SET617D.tmp
c:\windows\system32\SET620E.tmp
c:\windows\system32\tmpCAEC.tmp
c:\windows\system32\tmpCBF6.tmp
c:\windows\system32\uxt3800.tmp
c:\windows\system32\uxt9AAB.tmp
c:\windows\system32\uxtF551.tmp
c:\windows\system32\zip32.dll
c:\windows\unin0407.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-11-17 bis 2013-12-17 ))))))))))))))))))))))))))))))
.
.
2013-12-17 17:04 . 2013-12-17 17:08 -------- d-----w- c:\users\Joerg\AppData\Local\temp
2013-12-17 17:04 . 2013-12-17 17:04 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-12-17 17:04 . 2013-12-17 17:04 -------- d-----w- c:\users\Gast\AppData\Local\temp
2013-12-17 17:04 . 2013-12-17 17:04 -------- d-----w- c:\users\Dominik\AppData\Local\temp
2013-12-17 17:04 . 2013-12-17 17:04 -------- d-----w- c:\users\DEG\AppData\Local\temp
2013-12-17 17:04 . 2013-12-17 17:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-16 15:10 . 2013-12-16 15:10 -------- d-----w- C:\FRST
2013-12-15 18:28 . 2013-12-15 19:15 -------- d-----w- c:\users\Joerg\AppData\Roaming\QuickScan
2013-12-12 18:16 . 2013-12-12 18:15 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-12-12 17:55 . 2013-12-12 17:55 -------- d-----w- c:\program files\Show-Password
2013-12-06 13:54 . 2013-12-06 13:54 -------- d-----w- c:\program files\iPod
2013-12-06 13:54 . 2013-12-06 13:55 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-06 13:54 . 2013-12-06 13:55 -------- d-----w- c:\program files\iTunes
2013-12-03 16:56 . 2013-12-03 16:56 -------- d-----w- c:\users\Joerg\Neuer Ordner
2013-11-26 16:32 . 2013-11-26 16:32 -------- d-----w- c:\users\Joerg\AppData\Roaming\Malwarebytes
2013-11-26 16:31 . 2013-11-26 16:31 -------- d-----w- c:\programdata\Malwarebytes
2013-11-26 16:31 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-26 15:58 . 2013-11-26 15:59 -------- d-----w- c:\users\Joerg\AppData\Roaming\IObit
2013-11-26 15:58 . 2013-12-17 15:05 -------- d-----w- c:\programdata\IObit
2013-11-26 15:58 . 2013-12-11 10:41 -------- d-----w- c:\programdata\ProductData
2013-11-26 15:58 . 2013-11-26 15:59 -------- d-----w- c:\program files\IObit
2013-11-26 14:25 . 2013-11-26 14:25 -------- d-----w- c:\programdata\TubeDimmer
2013-11-24 14:02 . 2013-11-26 17:24 -------- d-----w- c:\programdata\Updater
2013-11-24 14:01 . 2013-11-24 14:01 -------- d-----w- c:\users\Joerg\AppData\Local\cache
2013-11-24 14:01 . 2013-11-24 14:02 -------- d-----w- c:\users\Joerg\AppData\Local\Mobogenie
2013-11-24 14:00 . 2013-11-24 14:02 -------- d-----w- c:\program files\Mobogenie
2013-11-21 11:10 . 2013-11-21 11:10 -------- d-----w- c:\programdata\PCSettings
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-15 16:22 . 2012-06-17 17:09 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-15 16:22 . 2011-06-23 08:17 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-19 10:21 . 2009-10-02 16:50 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-19 08:55 . 2013-06-22 14:28 1082 ----a-w- c:\users\Joerg\advanced_ip_scanner_MAC.bin
2013-10-11 12:59 . 2012-09-20 12:27 32568 ----a-w- c:\windows\system32\TURegOpt.exe
2013-10-11 12:59 . 2013-02-08 16:20 22328 ----a-w- c:\windows\system32\authuitu.dll
2013-10-11 12:59 . 2013-02-08 16:20 30520 ----a-w- c:\windows\system32\uxtuneup.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2013-11-26 15:58 752448 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{8254df71-5ab7-4882-8b1d-4f9eb66bf311}]
2013-12-12 17:55 137216 ----a-w- c:\program files\Show-Password\136.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{C9EE92B7-EDD5-4ad9-8029-2EC6818E653A}]
2013-05-27 14:33 3075712 ----a-w- c:\program files\AusweisApp\siqeCardClient.ols
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!1SYNCING.NET Unread]
@="{5C9D3C37-2C95-4b5b-9EF0-4E0AFCA5E78A}"
[HKEY_CLASSES_ROOT\CLSID\{5C9D3C37-2C95-4b5b-9EF0-4E0AFCA5E78A}]
2013-08-20 14:23 1198176 ----a-w- c:\program files\SYNCING.NET\bin\ShellUI.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!2SYNCING.NET Shared Folder]
@="{FB8CDFB0-B508-4F12-A91E-26E68ABB4DAE}"
[HKEY_CLASSES_ROOT\CLSID\{FB8CDFB0-B508-4F12-A91E-26E68ABB4DAE}]
2013-08-20 14:23 1198176 ----a-w- c:\program files\SYNCING.NET\bin\ShellUI.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!3SYNCING.NET CheckedOutByTeammate]
@="{5CBF1ABD-2D6A-4570-9A4F-A47798BBFC08}"
[HKEY_CLASSES_ROOT\CLSID\{5CBF1ABD-2D6A-4570-9A4F-A47798BBFC08}]
2013-08-20 14:23 1198176 ----a-w- c:\program files\SYNCING.NET\bin\ShellUI.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!4SYNCING.NET CheckedOutByMe]
@="{B133F3E9-124C-4669-BFFF-1B74508B5A84}"
[HKEY_CLASSES_ROOT\CLSID\{B133F3E9-124C-4669-BFFF-1B74508B5A84}]
2013-08-20 14:23 1198176 ----a-w- c:\program files\SYNCING.NET\bin\ShellUI.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!5SYNCING.NET DownArrow]
@="{0B914147-F836-4cfa-893A-ECE90B815982}"
[HKEY_CLASSES_ROOT\CLSID\{0B914147-F836-4cfa-893A-ECE90B815982}]
2013-08-20 14:23 1198176 ----a-w- c:\program files\SYNCING.NET\bin\ShellUI.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CloudIcon_DOWNLOAD]
@="{C3DBFBE2-A521-4619-9F32-502318CB4EC2}"
[HKEY_CLASSES_ROOT\CLSID\{C3DBFBE2-A521-4619-9F32-502318CB4EC2}]
2012-05-18 14:19 96344 ----a-w- c:\program files\COMPUTERBILD-Cloud\ShellExt32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CloudIcon_ERROR]
@="{851C758E-C636-4045-B323-059931A3A331}"
[HKEY_CLASSES_ROOT\CLSID\{851C758E-C636-4045-B323-059931A3A331}]
2012-05-18 14:19 96344 ----a-w- c:\program files\COMPUTERBILD-Cloud\ShellExt32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CloudIcon_INSYNC]
@="{580030D3-492E-45EA-A1C9-A0AC525BEB26}"
[HKEY_CLASSES_ROOT\CLSID\{580030D3-492E-45EA-A1C9-A0AC525BEB26}]
2012-05-18 14:19 96344 ----a-w- c:\program files\COMPUTERBILD-Cloud\ShellExt32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CloudIcon_REFRESH]
@="{FEBF62C8-B6B3-43B7-BEC4-1A9CD61BDCD2}"
[HKEY_CLASSES_ROOT\CLSID\{FEBF62C8-B6B3-43B7-BEC4-1A9CD61BDCD2}]
2012-05-18 14:19 96344 ----a-w- c:\program files\COMPUTERBILD-Cloud\ShellExt32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CloudIcon_UPLOAD]
@="{EBED3602-8915-43F9-81F7-CAA6FC4F70D6}"
[HKEY_CLASSES_ROOT\CLSID\{EBED3602-8915-43F9-81F7-CAA6FC4F70D6}]
2012-05-18 14:19 96344 ----a-w- c:\program files\COMPUTERBILD-Cloud\ShellExt32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SyncService"="c:\program files\SYNCING.NET\bin\SyncService.exe" [2013-08-20 1730144]
"AusweisApp"="c:\program files\AusweisApp\siqBootLoader.exe" [2013-05-27 2514560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE " [X]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-10-17 11430504]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"RUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" [2011-09-20 115048]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SyncService"="c:\program files\SYNCING.NET\bin\SyncService.exe" [2013-08-20 1730144]
.
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2008-10-25 98696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
JFritz.lnk - i:\program files\JFritz\jfritz.exe [2013-10-8 202752]
VPN Client.lnk - c:\windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico -user_logon [2012-9-3 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"ShowDriveLettersFirst"= 4 (0x4)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{7B0E5486-E11D-437f-AC8B-7901C7D3FCCB}"= "c:\program files\SYNCING.NET\bin\ShellUI.dll" [2013-08-20 1198176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageBrowser EX Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk
backup=c:\windows\pss\ImageBrowser EX Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO HD Edition.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO HD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO HD Edition.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Joerg^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NAS Scheduler.lnk]
path=c:\users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk
backup=c:\windows\pss\NAS Scheduler.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
KHALMNPR.EXE [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANT Agent]
2013-02-15 16:23 14731776 ----a-w- c:\program files\Garmin\ANT Agent\ANT Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-10-03 14:44 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeePass 2 PreLoad]
2013-02-03 10:43 1937920 ----a-w- d:\program files\KeePass Password Safe\KeePass.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2007-01-12 01:12 244512 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMBVolumeWatcher]
2012-11-27 20:08 739936 ----a-w- n:\program files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
"ANT Agent"=c:\program files\Garmin\ANT Agent\ANT Agent.exe
"AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe"
"Google Update"="c:\users\Joerg\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"Rohos"=c:\program files\Rohos\agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"WPCUMI"=c:\windows\system32\WpcUmi.exe
"AcronisTimounterMonitor"=c:\program files\Util\TrueImageHome\TimounterMonitor.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"TrueImageMonitor.exe"=c:\program files\Util\TrueImageHome\TrueImageMonitor.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"BDRegion"=c:\program files\Cyberlink\Shared Files\brs.exe
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"KeePass 2 PreLoad"="d:\program files\KeePass Password Safe\KeePass.exe" --preload
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"Adobe_ID0ENQBO"=c:\progra~1\COMMON~1\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ToUcamVProperty"=c:\progra~1\Philips ToUcam Camera\VProperty.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
"ConnectionCenter"="c:\users\DEG\AppData\Local\Citrix\ICA Client\concentr.exe" /startup
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Ocs_SM"=c:\users\Joerg\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4155243805-854486168-2168257993-1004]
"EnableNotificationsRef"=dword:00000003
.
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S3 3xHybrid;CTX SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2009-09-24 1006816]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
2008-02-25 09:55 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-20 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Util\Defraggler\df.exe [2012-01-16 14:37]
.
2013-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 17:33]
.
2013-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 17:33]
.
2013-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4155243805-854486168-2168257993-1004Core.job
- c:\users\Joerg\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-02 17:07]
.
2013-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4155243805-854486168-2168257993-1004UA.job
- c:\users\Joerg\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-02 17:07]
.
2013-12-15 c:\windows\Tasks\Show-Password Update.job
- c:\program files\Show-Password\Show_Password.exe [2013-12-12 17:55]
.
2013-12-17 c:\windows\Tasks\User_Feed_Synchronization-{792C0784-4E0D-417A-B5F3-2D5B5D6A4312}.job
- c:\windows\system32\msfeedssync.exe [2008-02-05 22:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
TCP: Interfaces\{5D24B219-8B75-42F7-B0E3-E3BA710ACB43}: NameServer = 192.168.0.1
FF - ProfilePath - c:\users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB1&ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.ighome.com/?t=336956
FF - ExtSQL: 2013-12-12 18:55; {a3490cb9-8f1a-4bc5-b1a7-6c2bc4b83424}; c:\program files\Show-Password\136.xpi
FF - ExtSQL: 2013-12-15 19:28; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - ExtSQL: 2013-12-15 20:10; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn
FF - ExtSQL: 2013-12-15 20:10; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFF
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
MSConfigStartUp-sbitunesagent - i:\program files\Songbird\songbirditunesagent.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-Updater - c:\programdata\Updater\updater.exe
HKLM_ActiveSetup-{5CCF8330-F742-411A-8A04-719806D168B5} - msiexec
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
AddRemove-High Precision Ephemeris Tool - c:\windows\unin0407.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-TAPI - c:\windows\IsUn0407.exe
AddRemove-Virtual Sky 5 - c:\windows\unin0407.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1176)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'lsass.exe'(1060)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'Explorer.exe'(468)
c:\program files\SYNCING.NET\bin\ShellUI.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\System32\bgsvcgen.exe
c:\windows\system32\cjpcsc.exe
c:\program files\devolo\dlan\devolonetsvc.exe
c:\program files\IObit\LiveUpdate\LiveUpdate.exe
c:\program files\BUFFALO\NASNAVI\nassvc.exe
c:\windows\system32\locator.exe
c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\System32\tlntsvr.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-12-17 18:14:01 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-12-17 17:13
.
Vor Suchlauf: 11 Verzeichnis(se), 265.992.601.600 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 266.702.995.456 Bytes frei
.
- - End Of File - - 0CFBD315114542D2C928A39EAE8C23DC
671B81004FDD1588FA9ED1331C9CECA9
Jörg |
|
18.12.2013, 10:31
| #6 |
| /// the machine /// TB-Ausbilder | Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden? Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden? |
|
18.12.2013, 16:13
| #7 |
| | Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden? Moin, moin Schrauber, anbei die gewünschten Dateien: mbam-log: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.12.18.04 Windows Vista Service Pack 1 x86 FAT32 Internet Explorer 7.0.6001.18000 Joerg :: DESKTOP [Administrator] 18.12.2013 15:34:36 mbam-log-2013-12-18 (15-34-36).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 402656 Laufzeit: 9 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) AdwCleaner.txt: Code:
ATTFilter # AdwCleaner v3.015 - Bericht erstellt am 18/12/2013 um 15:46:23
# Updated 10/12/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Benutzername : Joerg - DESKTOP
# Gestartet von : C:\Users\Joerg\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : SearchAnonymizer
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\DNSErrorHelper
Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\ProgramData\TubeDimmer
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\NCH Software
Ordner Gelöscht : C:\Program Files\Show-Password
Ordner Gelöscht : C:\Program Files\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Joerg\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Joerg\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Joerg\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Joerg\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Joerg\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Joerg\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Joerg\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Joerg\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Joerg\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\Joerg\AppData\Roaming\OCS
Ordner Gelöscht : C:\Users\Joerg\AppData\Roaming\thinstall
Ordner Gelöscht : C:\Users\Joerg\AppData\Roaming\Windows Net Data
Ordner Gelöscht : C:\Users\Carmen\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : C:\Users\Carmen\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Carmen\AppData\LocalLow\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\Carmen\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\DEG\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\DEG\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\DEG\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\DEG\AppData\LocalLow\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Conduit
Ordner Gelöscht : C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\ConduitCommon
Ordner Gelöscht : C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\firejump@firejump.net
Ordner Gelöscht : C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
[!] Ordner Gelöscht : C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Datei Gelöscht : C:\Users\Joerg\AppData\Roaming\BabMaint.exe
Datei Gelöscht : C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\bProtector_extensions.rdf
Datei Gelöscht : C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\invalidprefs.js
Datei Gelöscht : C:\Users\Carmen\AppData\Roaming\Mozilla\Firefox\Profiles\566jdtlk.default\invalidprefs.js
Datei Gelöscht : C:\Users\Carmen\AppData\Roaming\Mozilla\Firefox\Profiles\566jdtlk.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\92ohfzdx.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Catherine-Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\zc1lm9pe.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\searchplugins\babylon1.xml
Datei Gelöscht : C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\searchplugins\delta.xml
Datei Gelöscht : C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\searchplugins\safesearch.xml
Datei Gelöscht : C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\EPUpdater
Datei Gelöscht : C:\Windows\System32\Tasks\NCH Software
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [firejump@firejump.net]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\nohfdhapjjlndfgjnmdlcabloeembdkj
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21CB96F6-BD1F-464B-B7AF-BCA56B706D06}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21CB96F6-BD1F-464B-B7AF-BCA56B706D06}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKCU\Software\5228c8abc34e415
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{721061FB-EB79-4568-A03C-3CE26D68DAE9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{721061FB-EB79-4568-A03C-3CE26D68DAE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Babylon
Schlüssel Gelöscht : HKCU\Software\NCH Software
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\pdfforge.org
Schlüssel Gelöscht : HKCU\Software\powerpack
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DynConIE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Show-Password
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\NCH Software
Schlüssel Gelöscht : HKLM\Software\pdfforge.org
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\bi_uninstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
***** [ Browser ] *****
-\\ Internet Explorer v7.0.6001.18000
-\\ Mozilla Firefox v17.0.5 (de)
[ Datei : C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\prefs.js ]
Zeile gelöscht : user_pref("CT2269050..clientLogIsEnabled", false);
Zeile gelöscht : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Zeile gelöscht : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Zeile gelöscht : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Zeile gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Zeile gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Zeile gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
Zeile gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129881141106886992", true);
Zeile gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129977890572899945", true);
Zeile gelöscht : user_pref("CT2269050.CTID", "CT2269050");
Zeile gelöscht : user_pref("CT2269050.CurrentServerDate", "6-1-2013");
Zeile gelöscht : user_pref("CT2269050.DSInstall", true);
Zeile gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Zeile gelöscht : user_pref("CT2269050.DialogsGetterLastCheckTime", "Sun Jan 06 2013 09:46:31 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.DownloadReferralCookieData", "");
Zeile gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Tue Apr 17 2012 15:43:15 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.EnableClickToSearchBox", false);
Zeile gelöscht : user_pref("CT2269050.EnableSearchHistory", false);
Zeile gelöscht : user_pref("CT2269050.EnableSearchSuggest", false);
Zeile gelöscht : user_pref("CT2269050.FirstServerDate", "17-4-2012");
Zeile gelöscht : user_pref("CT2269050.FirstTime", true);
Zeile gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
Zeile gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", false);
Zeile gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Zeile gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Zeile gelöscht : user_pref("CT2269050.HPChangedManually", false);
Zeile gelöscht : user_pref("CT2269050.HPInstall", true);
Zeile gelöscht : user_pref("CT2269050.HasUserGlobalKeys", true);
Zeile gelöscht : user_pref("CT2269050.HomePageProtectorEnabled", false);
Zeile gelöscht : user_pref("CT2269050.HomepageBeforeUnload", "hxxp://search.conduit.com/?SSPV=FFOB1&ctid=CT2269050&SearchSource=13");
Zeile gelöscht : user_pref("CT2269050.Initialize", true);
Zeile gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Zeile gelöscht : user_pref("CT2269050.InstallationId", "ConduitNSISIntegration");
Zeile gelöscht : user_pref("CT2269050.InstallationType", "ConduitXPEIntegration");
Zeile gelöscht : user_pref("CT2269050.InstalledDate", "Tue Apr 17 2012 15:33:13 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.InvalidateCache", false);
Zeile gelöscht : user_pref("CT2269050.IsGrouping", false);
Zeile gelöscht : user_pref("CT2269050.IsInitSetupIni", true);
Zeile gelöscht : user_pref("CT2269050.IsMulticommunity", false);
Zeile gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false);
Zeile gelöscht : user_pref("CT2269050.IsOpenUninstallPage", true);
Zeile gelöscht : user_pref("CT2269050.IsProtectorsInit", true);
Zeile gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Sun Jan 06 2013 09:46:31 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Zeile gelöscht : user_pref("CT2269050.LastLogin_3.10.0.250", "Tue Apr 17 2012 19:33:14 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.LastLogin_3.12.0.7", "Sun Apr 29 2012 09:55:31 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.LastLogin_3.12.2.3", "Thu May 31 2012 16:59:20 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.LastLogin_3.13.0.6", "Wed Jun 27 2012 19:13:53 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.LastLogin_3.14.1.0", "Tue Aug 21 2012 17:08:45 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.LastLogin_3.15.1.0", "Wed Nov 07 2012 16:41:04 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.LastLogin_3.16.0.100", "Sun Jan 06 2013 09:46:31 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.LastLogin_3.16.0.3", "Sun Dec 30 2012 18:32:06 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.LatestVersion", "3.16.0.3");
Zeile gelöscht : user_pref("CT2269050.Locale", "en");
Zeile gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Zeile gelöscht : user_pref("CT2269050.MCDetectTooltipShow", false);
Zeile gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Zeile gelöscht : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Zeile gelöscht : user_pref("CT2269050.OriginalFirstVersion", "3.10.0.250");
Zeile gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Tue Apr 17 2012 15:33:15 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Zeile gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Zeile gelöscht : user_pref("CT2269050.RadioShrinkedFromSetup", false);
Zeile gelöscht : user_pref("CT2269050.SHRINK_TOOLBAR", 1);
Zeile gelöscht : user_pref("CT2269050.SavedHomepage", "hxxp://www.google.de/");
Zeile gelöscht : user_pref("CT2269050.SearchBackToDefaultEngine", false);
Zeile gelöscht : user_pref("CT2269050.SearchCaption", "DVDVideoSoftTB Customized Web Search");
Zeile gelöscht : user_pref("CT2269050.SearchEngineBeforeUnload", "DVDVideoSoftTB Customized Web Search");
Zeile gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB1&ctid=CT2269050&SearchSource=2&q=");
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Sun Jan 06 2013 09:46:28 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabUserEnabled", false);
Zeile gelöscht : user_pref("CT2269050.SearchProtectorEnabled", true);
Zeile gelöscht : user_pref("CT2269050.SearchProtectorToolbarDisabled", false);
Zeile gelöscht : user_pref("CT2269050.SendProtectorDataViaLogin", true);
Zeile gelöscht : user_pref("CT2269050.ServiceMapLastCheckTime", "Sun Jan 06 2013 09:46:28 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Sun Jan 06 2013 09:46:27 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1357414822");
Zeile gelöscht : user_pref("CT2269050.TBHomePageUrl", "hxxp://search.conduit.com/?SSPV=FFOB1&ctid=CT2269050&SearchSource=13");
Zeile gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Zeile gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Tue Apr 17 2012 15:33:12 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1312887586");
Zeile gelöscht : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
Zeile gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Zeile gelöscht : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Zeile gelöscht : user_pref("CT2269050.UserID", "UN30329668693821816");
Zeile gelöscht : user_pref("CT2269050.WeatherNetwork", "");
Zeile gelöscht : user_pref("CT2269050.WeatherPollDate", "Tue Apr 17 2012 20:45:27 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.WeatherUnit", "C");
Zeile gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Zeile gelöscht : user_pref("CT2269050.approveUntrustedApps", true);
Zeile gelöscht : user_pref("CT2269050.autoDisableScopes", -1);
Zeile gelöscht : user_pref("CT2269050.componentAlertEnabled", false);
Zeile gelöscht : user_pref("CT2269050.components.1000034", false);
Zeile gelöscht : user_pref("CT2269050.components.1000082", false);
Zeile gelöscht : user_pref("CT2269050.components.129023235807856892", false);
Zeile gelöscht : user_pref("CT2269050.components.129121052374999726", false);
Zeile gelöscht : user_pref("CT2269050.components.129351672002618989", false);
Zeile gelöscht : user_pref("CT2269050.components.129351776130744254", false);
Zeile gelöscht : user_pref("CT2269050.components.129391330693125668", false);
Zeile gelöscht : user_pref("CT2269050.components.129466585396013141", false);
Zeile gelöscht : user_pref("CT2269050.components.129466585399606892", false);
Zeile gelöscht : user_pref("CT2269050.components.129681780741097243", false);
Zeile gelöscht : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Zeile gelöscht : user_pref("CT2269050.globalFirstTimeInfoLastCheckTime", "Tue Apr 17 2012 15:33:14 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Zeile gelöscht : user_pref("CT2269050.initDone", true);
Zeile gelöscht : user_pref("CT2269050.isAppTrackingManagerOn", true);
Zeile gelöscht : user_pref("CT2269050.isFirstRadioInstallation", false);
Zeile gelöscht : user_pref("CT2269050.isSearchProtectorNotifyChanges", false);
Zeile gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Zeile gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Zeile gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Zeile gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Zeile gelöscht : user_pref("CT2269050.navigateToUrlOnSearch", false);
Zeile gelöscht : user_pref("CT2269050.revertSettingsEnabled", true);
Zeile gelöscht : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Zeile gelöscht : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Zeile gelöscht : user_pref("CT2269050.testingCtid", "");
Zeile gelöscht : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Sun Jan 06 2013 09:46:31 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.toolbarContextMenuLastCheckTime", "Tue Apr 17 2012 15:33:15 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.usageEnabled", false);
Zeile gelöscht : user_pref("CT2269050.usagesFlag", 1);
Zeile gelöscht : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Zeile gelöscht : user_pref("CT2319825.CTID", "CT2319825");
Zeile gelöscht : user_pref("CT2319825.CurrentServerDate", "16-10-2010");
Zeile gelöscht : user_pref("CT2319825.DialogsAlignMode", "LTR");
Zeile gelöscht : user_pref("CT2319825.EMailNotifierPollDate", "Sat Oct 16 2010 17:35:24 GMT+0200");
Zeile gelöscht : user_pref("CT2319825.FeedPollDate11908299", "Sat Oct 16 2010 17:35:23 GMT+0200");
Zeile gelöscht : user_pref("CT2319825.FirstServerDate", "16-10-2010");
Zeile gelöscht : user_pref("CT2319825.FirstTime", true);
Zeile gelöscht : user_pref("CT2319825.FirstTimeFF3", true);
Zeile gelöscht : user_pref("CT2319825.FixPageNotFoundErrors", true);
Zeile gelöscht : user_pref("CT2319825.GroupingServerCheckInterval", 1440);
Zeile gelöscht : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Zeile gelöscht : user_pref("CT2319825.Initialize", true);
Zeile gelöscht : user_pref("CT2319825.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("CT2319825.InstalledDate", "Sat Oct 16 2010 17:35:20 GMT+0200");
Zeile gelöscht : user_pref("CT2319825.InvalidateCache", false);
Zeile gelöscht : user_pref("CT2319825.IsGrouping", false);
Zeile gelöscht : user_pref("CT2319825.IsMulticommunity", false);
Zeile gelöscht : user_pref("CT2319825.IsOpenThankYouPage", false);
Zeile gelöscht : user_pref("CT2319825.IsOpenUninstallPage", true);
Zeile gelöscht : user_pref("CT2319825.LanguagePackLastCheckTime", "Sat Oct 16 2010 17:35:22 GMT+0200");
Zeile gelöscht : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Zeile gelöscht : user_pref("CT2319825.LastLogin_2.5.8.6", "Sat Oct 16 2010 17:35:21 GMT+0200");
Zeile gelöscht : user_pref("CT2319825.LatestVersion", "2.7.2.0");
Zeile gelöscht : user_pref("CT2319825.Locale", "de");
Zeile gelöscht : user_pref("CT2319825.LoginCache", 4);
Zeile gelöscht : user_pref("CT2319825.MCDetectTooltipHeight", "83");
Zeile gelöscht : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gelöscht : user_pref("CT2319825.MCDetectTooltipWidth", "295");
Zeile gelöscht : user_pref("CT2319825.RadioIsPodcast", false);
Zeile gelöscht : user_pref("CT2319825.RadioLastCheckTime", "Sat Oct 16 2010 17:35:22 GMT+0200");
Zeile gelöscht : user_pref("CT2319825.RadioLastUpdateIPServer", "3");
Zeile gelöscht : user_pref("CT2319825.RadioLastUpdateServer", "129224641269630000");
Zeile gelöscht : user_pref("CT2319825.RadioMediaID", "11949532");
Zeile gelöscht : user_pref("CT2319825.RadioMediaType", "Media Player");
Zeile gelöscht : user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532");
Zeile gelöscht : user_pref("CT2319825.RadioStationName", "1Live");
Zeile gelöscht : user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_einslive_a");
Zeile gelöscht : user_pref("CT2319825.SHRINK_TOOLBAR", 1);
Zeile gelöscht : user_pref("CT2319825.SavedHomepage", "www.google.de");
Zeile gelöscht : user_pref("CT2319825.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2319825&octid=EB_ORIGINAL_CTID&SearchSource=1");
Zeile gelöscht : user_pref("CT2319825.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=");
Zeile gelöscht : user_pref("CT2319825.SearchInNewTabEnabled", true);
Zeile gelöscht : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Sat Oct 16 2010 17:35:22 GMT+0200");
Zeile gelöscht : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2319825.SettingsCheckIntervalMin", 120);
Zeile gelöscht : user_pref("CT2319825.SettingsLastCheckTime", "Sat Oct 16 2010 17:35:19 GMT+0200");
Zeile gelöscht : user_pref("CT2319825.SettingsLastUpdate", "1286791737");
Zeile gelöscht : user_pref("CT2319825.ThirdPartyComponentsInterval", 504);
Zeile gelöscht : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Sat Oct 16 2010 17:35:19 GMT+0200");
Zeile gelöscht : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255348257");
Zeile gelöscht : user_pref("CT2319825.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Zeile gelöscht : user_pref("CT2319825.Uninstall", true);
Zeile gelöscht : user_pref("CT2319825.UserID", "UN66137809758017473");
Zeile gelöscht : user_pref("CT2319825.WeatherNetwork", "");
Zeile gelöscht : user_pref("CT2319825.WeatherPollDate", "Sat Oct 16 2010 17:35:22 GMT+0200");
Zeile gelöscht : user_pref("CT2319825.WeatherUnit", "C");
Zeile gelöscht : user_pref("CT2319825.alertChannelId", "715912");
Zeile gelöscht : user_pref("CT2319825.backendstorage.id", "323539353334");
Zeile gelöscht : user_pref("CT2319825.clientLogIsEnabled", false);
Zeile gelöscht : user_pref("CT2319825.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Zeile gelöscht : user_pref("CT2319825.myStuffEnabled", true);
Zeile gelöscht : user_pref("CT2319825.myStuffPublihserMinWidth", 400);
Zeile gelöscht : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Zeile gelöscht : user_pref("CT2319825.myStuffServiceIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Zeile gelöscht : user_pref("CT2319825.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Zeile gelöscht : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?SSPV=FFOB1&ctid=CT2269050&SearchSource=13");
Zeile gelöscht : user_pref("CommunityToolbar.ConduitSearchList", "DVDVideoSoftTB Customized Web Search");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050", "\"4d25a87d027132e566b964aa7a2149363\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", "\"1353315459\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wNaokyQn90mMItP1sym06A==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "V3ke+ogt4ejn0sB1xPR3nw==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "bM8wQLfFAEKgVLVF/G5zig==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"80133a6b165cd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10.0.250", "\"4ead38b3e6bcd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.100", "\"0343677cfb1cd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050", "\"b0247494cf7d18dd5da86e5d578c7bdb\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"88eef6610905598e4cdef3edc77d8f2b\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"6ede9e8e22ce05785f434956fc90de10\"");
Zeile gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Joerg\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\oci3xkhu.default\\conduitCommon\\modules\\3.10.0.250");
Zeile gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.250");
Zeile gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2319825,CT2269050");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2319825,CT2269050");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2269050");
Zeile gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Oct 16 2010 17:35:22 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.globalUserId", "73c360d7-756e-41fa-9c1d-a744a00952d2");
Zeile gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Apr 17 2012 15:33:16 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Apr 17 2012 16:33:24 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Apr 17 2012 15:33:14 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.userId", "61b29220-45f2-4f6b-ace1-ffc639c9e93c");
Zeile gelöscht : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.de/");
Zeile gelöscht : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "DVDVideoSoftTB Customized Web Search");
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB1&ctid=CT2269050&SearchSource=3&q={searchTerms}");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", "6");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.cntry", "DE");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.dpkLst", "");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.hdrMd5", "0631ED83831C2EF8F919A25E24FE1CC5");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.id", "94bc888d000000000000001d92739b0b");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15710");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.7.220:23:37");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"59\",\"lastVrsn\":\"59\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.rvrt", "false");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.sg", "azb");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=94bc888d000000000000001d92739b0b&q=");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.8.7.2");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.8.7.2");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110184&tt=0113_2");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.excTlbr", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.220:23:41");
Zeile gelöscht : user_pref("extensions.addonfox.addit.remoteInstallItems", "{ \"software\": {\"78\": {\"id\": \"78\",\"title\": \"Ciuvo\",\"type\": \"XPI\",\"url\": \"hxxps://addons.mozilla.org/firefox/downloads/lates[...]
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "en");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.id", "94bc888d000000000000001d92739b0b");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15823");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.16.16");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.16.1617:03:17");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.16.16");
Zeile gelöscht : user_pref("extensions.xnotifier.accounts.[facebook#Joerg.Trampert@anpa.de].inboxOnly", true);
Zeile gelöscht : user_pref("extensions.xnotifier.accounts.[gmail#Joerg.Trampert@gmail.com].inboxOnly", true);
Zeile gelöscht : user_pref("extensions.xnotifier.accounts.[hotmail#Joerg.Trampert@outlook.com].inboxOnly", true);
Zeile gelöscht : user_pref("extensions.xnotifier.accounts.[hotmail#Joetra@outlook.com].inboxOnly", true);
Zeile gelöscht : user_pref("extensions.xnotifier.accounts.[twitter#Joetra@gmx.net].inboxOnly", true);
Zeile gelöscht : user_pref("extensions.xnotifier.accounts.[yahoo#Joerg.Trampert@yahoo.de].inboxOnly", true);
Zeile gelöscht : user_pref("integratedgmail-expanded-inbox", true);
[ Datei : C:\Users\Carmen\AppData\Roaming\Mozilla\Firefox\Profiles\566jdtlk.default\prefs.js ]
[ Datei : C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\92ohfzdx.default\prefs.js ]
[ Datei : C:\Users\Catherine-Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\zc1lm9pe.default\prefs.js ]
[ Datei : C:\Users\DEG\AppData\Roaming\Mozilla\Firefox\Profiles\esetj92j.default\prefs.js ]
[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\kev8xf4d.default\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [41881 octets] - [18/12/2013 15:45:13]
AdwCleaner[S0].txt - [41722 octets] - [18/12/2013 15:46:23]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [41783 octets] ##########
JRT.txt Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Joerg on 18.12.2013 at 16:00:41,81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Joerg\appdata\local\cre"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.12.2013 at 16:02:54,58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Und, last but not least, die FRST.txt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-12-2013 03
Ran by Joerg (administrator) on DESKTOP on 18-12-2013 16:04:36
Running from C:\Users\Joerg\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(B.H.A Corporation) C:\Windows\System32\bgsvcgen.exe
(REINER SCT) C:\Windows\System32\cjpcsc.exe
(devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe
(IObit) C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
(BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
(OpenLimit SignCubes AG) C:\Program Files\AusweisApp\siqBootLoader.exe
() I:\Program Files\JFritz\jfritz.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Oracle Corporation) C:\Program Files\Java\jre7\launch4j-tmp\jfritz.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\System32\tlntsvr.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Thisisu) C:\Users\Joerg\Desktop\JRT.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11430504 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [NUSB3MON] - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM\...\Run: [RUSB3MON] - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - KHALMNPR.EXE
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Policies\Explorer: [ShowDriveLettersFirst] 4
HKCU\...\Run: [SyncService] - C:\Program Files\SYNCING.NET\bin\SyncService.exe [1730144 2013-08-20] (ASBYTE)
HKCU\...\Run: [AusweisApp] - C:\Program Files\AusweisApp\siqBootLoader.exe [2514560 2013-05-27] (OpenLimit SignCubes AG)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\Explorer: [TaskbarNoNotification] 1
HKCU\...\Policies\Explorer: [CDRAutoRun] 0
HKU\Carmen\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\Carmen\...\Run: [SyncService] - I:\Program Files\SYNCING.NET\SYNCING.NET\bin\SyncService.exe [ 2009-07-20] (SYNCING.NET Technologies GmbH)
HKU\Carmen\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe
HKU\Carmen\...\Policies\system: [LogonHoursAction] 2
HKU\Carmen\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Catherine-Sophie\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Catherine-Sophie\...\Run: [SyncService] - "C:\Program Files\SYNCING.NET Technologies\SYNCING.NET\bin\SyncService.exe" /silent
HKU\Catherine-Sophie\...\Run: [AusweisApp] - I:\Program Files\AusweisApp\siqBootLoader.exe
HKU\Catherine-Sophie\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)
HKU\Catherine-Sophie\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe
HKU\Catherine-Sophie\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\Catherine-Sophie\...\Policies\system: [LogonHoursAction] 2
HKU\Catherine-Sophie\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\DEG\...\Run: [SyncService] - "C:\Program Files\SYNCING.NET Technologies\SYNCING.NET\bin\SyncService.exe" /silent
HKU\DEG\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe
HKU\DEG\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\DEG\...\Policies\system: [LogonHoursAction] 2
HKU\DEG\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Dominik\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\Dominik\...\Run: [SyncService] - I:\Program Files\SYNCING.NET\SYNCING.NET\bin\SyncService.exe [ 2009-07-20] (SYNCING.NET Technologies GmbH)
HKU\Dominik\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKU\Dominik\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)
HKU\Dominik\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe
HKU\Dominik\...\RunOnce: [Shockwave Updater] - C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_de;_rv:1.9.1.2)_Gecko/20090729_Firefox/3.5.2_(.NET_CLR_3.5.30729)" -"hxxp://www.nordsee-club24.de/blog/urlaub/kinder-und-jugendreisen/campus-nordsee-gaestehaus.html"
HKU\Dominik\...\Policies\system: [LogonHoursAction] 2
HKU\Dominik\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Gast\...\Run: [BullGuard] - "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
HKU\Gast\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\Gast\...\Run: [SyncService] - I:\Program Files\SYNCING.NET\SYNCING.NET\bin\SyncService.exe [ 2009-07-20] (SYNCING.NET Technologies GmbH)
HKU\Gast\...\Run: [AusweisApp] - I:\Program Files\AusweisApp\siqBootLoader.exe
HKU\Gast\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)
HKU\Gast\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe
HKU\Gast\...\RunOnce: [Shockwave Updater] - C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_de;_rv:1.9.1.2)_Gecko/20090729_Firefox/3.5.2_(.NET_CLR_3.5.30729)" -"hxxp://www.nordsee-club24.de/blog/urlaub/kinder-und-jugendreisen/campus-nordsee-gaestehaus.html"
HKU\Gast\...\Policies\system: [LogonHoursAction] 2
HKU\Gast\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\UpdatusUser\...\Run: [SyncService] - "C:\Program Files\SYNCING.NET Technologies\SYNCING.NET\bin\SyncService.exe" /silent
HKU\UpdatusUser\...\Run: [AusweisApp] - I:\Program Files\AusweisApp\siqBootLoader.exe
HKU\UpdatusUser\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)
HKU\UpdatusUser\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe
HKU\UpdatusUser\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\UpdatusUser\...\Policies\system: [LogonHoursAction] 2
HKU\UpdatusUser\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
SearchScopes: HKLM - DefaultScope value is missing.
BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Show-Password - {8254df71-5ab7-4882-8b1d-4f9eb66bf311} - C:\Program Files\Show-Password\136.dll No File
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: AusweisApp 1.8.0.0 - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Program Files\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKCU - No Name - {968631B6-4729-440D-9BF4-251F5593EC9A} - No File
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
ShellExecuteHooks: CExecuteHook Object - {7B0E5486-E11D-437f-AC8B-7901C7D3FCCB} - C:\Program Files\SYNCING.NET\bin\ShellUI.dll [1198176 2013-08-20] (ASBYTE)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\..\Interfaces\{5D24B219-8B75-42F7-B0E3-E3BA710ACB43}: [NameServer]192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887
FF Homepage: hxxp://www.ighome.com/?t=336956
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - I:\Program Files\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @photodex.com/PhotodexPresenter - C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
FF Plugin: @reiner-sct.com/OWOK,version=2.0.0.4 - C:\Program Files\REINER SCT\OWOK\NPAPI-20\nprsct_owok_npapi-2004.dll (REINER Kartengeräte GmbH und Co. KG.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\Multimedia\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Joerg\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Joerg\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
FF Extension: Виявлення пристроїв Logitech - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\DeviceDetection@logitech.com
FF Extension: FRITZ!Box AddOn - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\fb_add_on@avm.de
FF Extension: Foxdie - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\Foxdie@tanjihay.com
FF Extension: Foxdie (Graphite) - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\FoxdieGraphite@tanjihay.com
FF Extension: Geolocater - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\geolocater@3liz.com
FF Extension: KeeFox - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\keefox@chris.tomlinson
FF Extension: Youtube MP3 Podcaster - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\youtubemp3podcaster@jeremy.d.gregorio.com
FF Extension: Forecastfox - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF Extension: Garmin Communicator - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF Extension: EPUBReader - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF Extension: Universal Print - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{BE2100B3-1D80-48eb-ACCF-D26750644378}
FF Extension: Bitdefender QuickScan - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF Extension: adblockpopups - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: nasanightlaunch - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\nasanightlaunch@example.com.xpi
FF Extension: YoutubeDownloader - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\YoutubeDownloader@PeterOlayev.com.xpi
FF Extension: No Name - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi
FF Extension: No Name - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
FF Extension: addonfox - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4}.xpi
FF Extension: Adblock Plus - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: DownThemAll! - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{4F3D26C8-9907-48ff-BC74-B8C572D317BF}] - C:\Program Files\AusweisApp\mozilla\eCardClientExt_FFxx_Win
FF Extension: AusweisApp - C:\Program Files\AusweisApp\mozilla\eCardClientExt_FFxx_Win
FF HKLM\...\Firefox\Extensions: [{4F0963A3-1658-4fde-9585-23A25CC288BF}] - C:\Program Files\AusweisApp\mozilla\eCardClientPIn_FFxx_Win
FF Extension: AusweisApp - C:\Program Files\AusweisApp\mozilla\eCardClientPIn_FFxx_Win
FF HKCU\...\Firefox\Extensions: [{a3490cb9-8f1a-4bc5-b1a7-6c2bc4b83424}] - C:\Program Files\Show-Password\136.xpi
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Online\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t
CHR DefaultNewTabURL:
CHR Plugin: (Photodex Presenter Plugin) - C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
CHR Extension: (Show-Password) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\logekkkdbdidmmcgkonmmonclldogceg\1.136_0
CHR Extension: (Amazon-Icon) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg\1.0_0
CHR Extension: (Norton Identity Protection) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.1.1.4_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_1
CHR Extension: (Google Wallet) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1
CHR HKLM\...\Chrome\Extension: [logekkkdbdidmmcgkonmmonclldogceg] - C:\Program Files\Show-Password\136.crx
CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Joerg\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Joerg\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
S4 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [427288 2007-08-31] (Acronis)
S3 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)
S4 BotkindSyncService; I:\Program Files\Allway Sync\Bin\SyncService.exe [182784 2013-10-10] ()
R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
S4 CVPND; N:\Program Files\DEG\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3526136 2013-08-27] (devolo AG)
S4 gupdate1c98625899d211c; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-03] (Google Inc.)
S3 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [121360 2009-07-20] (Logitech, Inc.)
R2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151744 2013-11-26] (IObit)
R2 NasPmService; C:\Program Files\BUFFALO\NASNAVI\nassvc.exe [251184 2008-07-11] (BUFFALO INC.)
S4 Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
S4 PMBDeviceInfoProvider; N:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [479840 2012-11-27] (Sony Corporation)
S4 RemoteAccess; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S4 Rohos Disk; C:\Program Files\Rohos\agent.exe [813400 2012-08-24] (Tesline-Service SRL)
S4 SN_Service; C:\Program Files\SYNCING.NET\bin\SN_Service.exe [32768 2013-05-03] (ASBYTE)
S4 StarMoney 8.0 OnlineUpdate; C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S4 TryAndDecideService; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498872 2007-08-31] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1729336 2013-10-11] (TuneUp Software)
S3 TwonkyProxy; C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe [545608 2012-05-03] ()
S3 TwonkyServer; C:\Program Files\Twonky\TwonkyServer\twonkystarter.exe [541512 2012-05-03] (PacketVideo)
S3 TwonkyWebDav; C:\Program Files\Twonky\TwonkyServer\twonkywebdav.exe [271176 2012-05-03] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] ()
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10)
==================== Drivers (Whitelisted) ====================
R3 3xHybrid; C:\Windows\System32\DRIVERS\3xHybrid.sys [1006816 2009-09-24] (NXP Semiconductors Germany GmbH)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-02-26] ()
R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz)
S3 camvid20; C:\Windows\System32\DRIVERS\camdrv21.sys [253909 2004-05-19] (Philips Components BU Imaging Solutions)
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28144 2011-03-29] (REINER SCT)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc. )
S3 FNETTHJM; C:\Windows\System32\drivers\fnetthjm.sys [23936 2010-09-07] (FNet Co., Ltd.)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
S3 IntelDH; C:\Windows\System32\Drivers\IntelDH.sys [5632 2007-10-15] (Intel Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2009-11-24] ()
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10.sys [50560 2008-05-27] (Generic USB smartcard reader)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [554496 2007-09-21] (Ralink Technology Corp.)
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2013-08-27] (CACE Technologies)
R1 prodrv06; C:\Windows\System32\drivers\prodrv06.sys [77184 2004-03-09] (Protection Technology)
R0 prohlp02; C:\Windows\System32\drivers\prohlp02.sys [65504 2004-03-09] (Protection Technology)
R0 prosync1; C:\Windows\System32\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2013-07-01] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2013-07-01] ()
R2 RHDISK; C:\Program Files\Rohos\RHDISK.SYS [40960 2012-08-23] (Tesline-Service SRL)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [80896 2012-05-10] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [172032 2012-05-10] (Renesas Electronics Corporation)
R0 sfhlp01; C:\Windows\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology)
R0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [83320 2007-02-08] (Protection Technology (StarForce))
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2011-01-27] (Silicon Laboratories)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [58496 2011-01-27] (Silicon Laboratories)
S3 SIUSBXP; C:\Windows\System32\drivers\SiUSBXp.sys [14848 2009-03-09] (Silicon Laboratories)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [7168 2009-09-28] ()
S3 StMp3Rec; C:\Windows\System32\Drivers\StMp3Rec.sys [19840 2007-06-15] (Generic)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [27936 2008-07-15] (RapidSolution Software AG)
R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [368736 2008-03-29] (Acronis)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44416 2008-03-29] (Acronis)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-08-28] (TuneUp Software)
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [122752 2010-07-07] (Texas Instruments)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 GigasetGenericUSB; system32\DRIVERS\GigasetGenericUSB.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PalmUSBD; system32\drivers\PalmUSBD.sys [x]
S3 TSHWMDTCP; \??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-18 16:04 - 2013-12-18 16:04 - 00032120 _____ C:\Users\Joerg\Desktop\FRST.txt
2013-12-18 16:04 - 2013-12-18 16:04 - 00000000 ____D C:\Users\Joerg\Desktop\FRST-OlderVersion
2013-12-18 16:02 - 2013-12-18 16:02 - 00000876 _____ C:\Users\Joerg\Desktop\JRT.txt
2013-12-18 16:00 - 2013-12-18 16:00 - 00000000 ____D C:\Windows\ERUNT
2013-12-18 15:59 - 2013-12-18 15:59 - 00041864 _____ C:\Users\Joerg\Desktop\AdwCleaner[S0].txt
2013-12-18 15:45 - 2013-12-18 15:46 - 00000000 ____D C:\AdwCleaner
2013-12-18 15:26 - 2013-12-18 15:26 - 00000618 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-18 15:25 - 2013-12-18 15:24 - 01226750 _____ C:\Users\Joerg\Desktop\adwcleaner.exe
2013-12-18 15:25 - 2013-12-18 15:24 - 01034531 _____ (Thisisu) C:\Users\Joerg\Desktop\JRT.exe
2013-12-17 18:14 - 2013-12-17 18:14 - 00027224 _____ C:\ComboFix.txt
2013-12-17 18:06 - 2013-12-17 18:06 - 00000552 _____ C:\Windows\PFRO.log
2013-12-17 17:49 - 2013-12-17 18:14 - 00000000 ____D C:\ComboFix
2013-12-17 17:34 - 2013-12-17 18:13 - 00000000 ____D C:\Qoobox
2013-12-17 17:30 - 2013-12-17 16:04 - 05155004 ____R (Swearware) C:\Users\Joerg\Desktop\ComboFix.exe
2013-12-17 16:17 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-17 16:17 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-17 16:17 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-17 16:17 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-17 16:17 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-17 16:17 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-17 16:17 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-17 16:17 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-17 16:14 - 2013-12-17 18:11 - 00000000 ____D C:\Windows\erdnt
2013-12-16 16:10 - 2013-12-18 16:04 - 01062259 _____ (Farbar) C:\Users\Joerg\Desktop\FRST.exe
2013-12-16 16:10 - 2013-12-18 16:04 - 00000000 ____D C:\FRST
2013-12-15 19:28 - 2013-12-15 20:15 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\QuickScan
2013-12-15 19:14 - 2013-12-15 19:43 - 3133878462 _____ C:\avenger.txt
2013-12-15 09:58 - 2013-12-15 10:57 - 00001912 _____ C:\Windows\epplauncher.mif
2013-12-15 09:45 - 2013-12-17 18:25 - 00000392 ____H C:\Windows\Tasks\User_Feed_Synchronization-{792C0784-4E0D-417A-B5F3-2D5B5D6A4312}.job
2013-12-12 19:16 - 2013-12-12 19:15 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-12 19:16 - 2013-12-12 19:15 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-12 19:16 - 2013-12-12 19:15 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-12 19:16 - 2013-12-12 19:15 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-12-12 18:55 - 2013-12-15 16:32 - 00000380 _____ C:\Windows\Tasks\Show-Password Update.job
2013-12-06 14:54 - 2013-12-06 14:55 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-06 14:54 - 2013-12-06 14:55 - 00000000 ____D C:\Program Files\iTunes
2013-12-06 14:54 - 2013-12-06 14:54 - 00000000 ____D C:\Program Files\iPod
2013-12-03 17:56 - 2013-12-03 17:56 - 00000000 ____D C:\Users\Joerg\Neuer Ordner
2013-11-26 17:32 - 2013-11-26 17:32 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Malwarebytes
2013-11-26 17:31 - 2013-11-26 17:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-26 17:31 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-26 17:25 - 2013-10-31 09:35 - 00001136 _____ C:\Users\Joerg\Documents\indexfile.txt
2013-11-26 16:58 - 2013-12-18 15:49 - 00000000 ____D C:\ProgramData\ProductData
2013-11-26 16:58 - 2013-12-17 16:05 - 00000000 ____D C:\ProgramData\IObit
2013-11-26 16:58 - 2013-12-06 17:24 - 00001166 _____ C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-11-26 16:58 - 2013-11-26 16:59 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\IObit
2013-11-26 16:58 - 2013-11-26 16:59 - 00000000 ____D C:\Program Files\IObit
2013-11-26 16:48 - 2013-11-26 16:48 - 00000953 _____ C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-26 16:28 - 2013-11-26 16:28 - 32823600 _____ (DVDVideoSoft Ltd. ) C:\Users\Joerg\Downloads\FreeAVIVideoConverter (1).exe
2013-11-24 17:11 - 2013-11-24 17:11 - 00000000 ____D C:\Users\Joerg\Documents\StreamTransport
2013-11-24 15:02 - 2013-11-26 18:24 - 00000000 ____D C:\ProgramData\Updater
2013-11-24 15:01 - 2013-11-24 15:02 - 00000000 ____D C:\Users\Joerg\AppData\Local\Mobogenie
2013-11-24 15:01 - 2013-11-24 15:01 - 00000000 ____D C:\Users\Joerg\Documents\Mobogenie
2013-11-24 15:01 - 2013-11-24 15:01 - 00000000 ____D C:\Users\Joerg\AppData\Local\cache
2013-11-24 15:01 - 2013-11-24 15:01 - 00000000 _____ C:\Users\Joerg\daemonprocess.txt
2013-11-24 15:00 - 2013-11-24 15:02 - 00000000 ____D C:\Program Files\Mobogenie
2013-11-24 10:23 - 2013-11-24 10:23 - 28289104 _____ (Any-Video-Converter.com ) C:\Users\Joerg\Downloads\avc-free.exe
2013-11-24 10:21 - 2013-11-24 10:21 - 00000000 ____D C:\Users\Joerg\Documents\Any Video Converter
2013-11-21 12:10 - 2013-11-21 12:10 - 00000000 ____D C:\ProgramData\PCSettings
==================== One Month Modified Files and Folders =======
2013-12-18 16:05 - 2013-12-18 16:04 - 00032120 _____ C:\Users\Joerg\Desktop\FRST.txt
2013-12-18 16:04 - 2013-12-18 16:04 - 00000000 ____D C:\Users\Joerg\Desktop\FRST-OlderVersion
2013-12-18 16:04 - 2013-12-16 16:10 - 01062259 _____ (Farbar) C:\Users\Joerg\Desktop\FRST.exe
2013-12-18 16:04 - 2013-12-16 16:10 - 00000000 ____D C:\FRST
2013-12-18 16:02 - 2013-12-18 16:02 - 00000876 _____ C:\Users\Joerg\Desktop\JRT.txt
2013-12-18 16:00 - 2013-12-18 16:00 - 00000000 ____D C:\Windows\ERUNT
2013-12-18 15:59 - 2013-12-18 15:59 - 00041864 _____ C:\Users\Joerg\Desktop\AdwCleaner[S0].txt
2013-12-18 15:53 - 2012-06-11 11:42 - 01232004 _____ C:\Windows\WindowsUpdate.log
2013-12-18 15:50 - 2012-02-21 16:36 - 00000000 ____D C:\Users\Joerg\.ausweisapp
2013-12-18 15:49 - 2013-11-26 16:58 - 00000000 ____D C:\ProgramData\ProductData
2013-12-18 15:48 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-18 15:48 - 2006-11-02 13:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-18 15:48 - 2006-11-02 13:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-18 15:47 - 2006-11-02 14:01 - 00032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-18 15:46 - 2013-12-18 15:45 - 00000000 ____D C:\AdwCleaner
2013-12-18 15:26 - 2013-12-18 15:26 - 00000618 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-18 15:24 - 2013-12-18 15:25 - 01226750 _____ C:\Users\Joerg\Desktop\adwcleaner.exe
2013-12-18 15:24 - 2013-12-18 15:25 - 01034531 _____ (Thisisu) C:\Users\Joerg\Desktop\JRT.exe
2013-12-17 18:25 - 2013-12-15 09:45 - 00000392 ____H C:\Windows\Tasks\User_Feed_Synchronization-{792C0784-4E0D-417A-B5F3-2D5B5D6A4312}.job
2013-12-17 18:14 - 2013-12-17 18:14 - 00027224 _____ C:\ComboFix.txt
2013-12-17 18:14 - 2013-12-17 17:49 - 00000000 ____D C:\ComboFix
2013-12-17 18:13 - 2013-12-17 17:34 - 00000000 ____D C:\Qoobox
2013-12-17 18:11 - 2013-12-17 16:14 - 00000000 ____D C:\Windows\erdnt
2013-12-17 18:10 - 2006-11-02 11:33 - 01579272 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-17 18:07 - 2006-11-02 11:23 - 00000215 _____ C:\Windows\system.ini
2013-12-17 18:06 - 2013-12-17 18:06 - 00000552 _____ C:\Windows\PFRO.log
2013-12-17 18:04 - 2008-03-11 18:55 - 00000000 ____D C:\Users\Joerg
2013-12-17 18:04 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system
2013-12-17 17:28 - 2012-12-29 20:47 - 00000000 ____D C:\Users\Joerg\AppData\Local\CrashDumps
2013-12-17 16:26 - 2012-11-25 09:38 - 00000000 ____D C:\ProgramData\Norton
2013-12-17 16:05 - 2013-11-26 16:58 - 00000000 ____D C:\ProgramData\IObit
2013-12-17 16:04 - 2013-12-17 17:30 - 05155004 ____R (Swearware) C:\Users\Joerg\Desktop\ComboFix.exe
2013-12-15 20:15 - 2013-12-15 19:28 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\QuickScan
2013-12-15 20:13 - 2008-03-11 19:17 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Adobe
2013-12-15 19:43 - 2013-12-15 19:14 - 3133878462 _____ C:\avenger.txt
2013-12-15 19:14 - 2011-01-26 19:37 - 00000000 ____D C:\Windows\Sun
2013-12-15 18:05 - 2012-09-20 13:27 - 00000000 ____D C:\Program Files\TuneUp Utilities 2013
2013-12-15 17:22 - 2012-06-17 18:09 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-15 17:22 - 2011-06-23 09:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-15 17:22 - 2008-04-05 17:05 - 00000000 ____D C:\Program Files\Google
2013-12-15 16:32 - 2013-12-12 18:55 - 00000380 _____ C:\Windows\Tasks\Show-Password Update.job
2013-12-15 16:32 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\LogFiles
2013-12-15 10:57 - 2013-12-15 09:58 - 00001912 _____ C:\Windows\epplauncher.mif
2013-12-15 09:32 - 2010-05-28 19:30 - 01056768 _____ C:\Windows\system32\defltbase.sdb
2013-12-13 20:20 - 2009-09-06 21:26 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Media Player Classic
2013-12-13 19:22 - 2008-04-23 18:40 - 00050688 _____ C:\Users\Joerg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-12 19:32 - 2008-03-12 20:38 - 00000000 ____D C:\Users\Joerg\AppData\Local\Adobe
2013-12-12 19:23 - 2010-10-29 20:10 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-12-12 19:23 - 2007-10-10 12:05 - 00000000 ____D C:\Program Files\Adobe
2013-12-12 19:22 - 2007-10-10 12:06 - 00000000 ____D C:\ProgramData\Adobe
2013-12-12 19:17 - 2013-10-04 19:25 - 00000000 ____D C:\ProgramData\Oracle
2013-12-12 19:15 - 2013-12-12 19:16 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-12 19:15 - 2013-12-12 19:16 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-12 19:15 - 2013-12-12 19:16 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-12 19:15 - 2013-12-12 19:16 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-12-12 18:01 - 2012-07-10 08:41 - 00000000 ____D C:\Program Files\StarMoney 8.0 S-Edition
2013-12-12 17:49 - 2012-10-10 17:57 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-11 17:47 - 2007-10-10 11:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 17:44 - 2013-07-23 19:59 - 00000000 ____D C:\Windows\system32\MRT
2013-12-11 17:40 - 2006-11-02 11:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-12-11 15:02 - 2013-10-09 09:49 - 00000000 ____D C:\Users\Carmen\AppData\Roaming\JFritz
2013-12-08 15:24 - 2012-11-18 18:24 - 00000000 ____D C:\Users\Joerg\AppData\Local\Rohos
2013-12-08 10:07 - 2008-03-12 18:52 - 00000000 ____D C:\Program Files\Astronomie
2013-12-08 10:00 - 2008-03-11 19:23 - 00000000 ___RD C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Online
2013-12-08 09:56 - 2008-05-01 10:20 - 00000000 ____D C:\ProgramData\Skype
2013-12-08 09:54 - 2008-05-01 10:21 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Skype
2013-12-08 09:54 - 2008-03-11 19:22 - 00000000 ___RD C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Util
2013-12-08 09:25 - 2009-05-31 16:17 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\KeePass
2013-12-07 09:40 - 2006-11-02 11:22 - 83361792 _____ C:\Windows\system32\config\SOFTWARE_tureg_old
2013-12-07 09:40 - 2006-11-02 11:22 - 53215232 _____ C:\Windows\system32\config\SYSTEM_tureg_old
2013-12-07 09:40 - 2006-11-02 11:22 - 36069376 _____ C:\Windows\system32\config\COMPONENTS_tureg_old
2013-12-07 09:40 - 2006-11-02 11:22 - 00524288 _____ C:\Windows\system32\config\DEFAULT_tureg_old
2013-12-07 09:40 - 2006-11-02 11:22 - 00028672 _____ C:\Windows\system32\config\SECURITY_tureg_old
2013-12-06 18:13 - 2006-11-02 11:22 - 00204800 _____ C:\Windows\system32\config\SAM_tureg_old
2013-12-06 17:29 - 2011-12-05 19:51 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\MediaMonkey
2013-12-06 17:24 - 2013-11-26 16:58 - 00001166 _____ C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-12-06 14:55 - 2013-12-06 14:54 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-06 14:55 - 2013-12-06 14:54 - 00000000 ____D C:\Program Files\iTunes
2013-12-06 14:54 - 2013-12-06 14:54 - 00000000 ____D C:\Program Files\iPod
2013-12-06 14:54 - 2011-03-15 19:14 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-06 14:54 - 2011-03-15 19:09 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-05 19:23 - 2011-08-23 17:37 - 00002629 _____ C:\Users\Joerg\BT747SettingsJ2SE.pdb
2013-12-05 17:31 - 2011-08-22 12:27 - 00000000 ____D C:\Users\Joerg\Documents\ezTour_Workspace
2013-12-05 17:00 - 2007-10-09 15:23 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-12-04 18:23 - 2011-10-03 14:52 - 00000000 ____D C:\Users\Joerg\AppData\Local\Eye-Fi
2013-12-04 18:10 - 2011-10-03 14:52 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Eye-Fi
2013-12-03 17:56 - 2013-12-03 17:56 - 00000000 ____D C:\Users\Joerg\Neuer Ordner
2013-12-01 20:17 - 2008-03-14 17:45 - 00000000 ____D C:\Users\Joerg\Documents\Navigation
2013-11-27 15:54 - 2008-04-20 15:17 - 00000000 ____D C:\Users\Carmen\Documents\Eigene Dokumente
2013-11-26 19:49 - 2009-09-05 19:15 - 00000000 ____D C:\Windows\pss
2013-11-26 18:24 - 2013-11-24 15:02 - 00000000 ____D C:\ProgramData\Updater
2013-11-26 17:32 - 2013-11-26 17:32 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Malwarebytes
2013-11-26 17:31 - 2013-11-26 17:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-26 17:16 - 2011-04-25 08:44 - 00002078 _____ C:\Windows\system32\OSSService.log
2013-11-26 17:08 - 2008-03-11 19:33 - 00000000 ____D C:\Program Files\Online
2013-11-26 16:59 - 2013-11-26 16:58 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\IObit
2013-11-26 16:59 - 2013-11-26 16:58 - 00000000 ____D C:\Program Files\IObit
2013-11-26 16:48 - 2013-11-26 16:48 - 00000953 _____ C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-26 16:48 - 2013-11-12 16:57 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Opera Software
2013-11-26 16:48 - 2013-11-12 16:57 - 00000000 ____D C:\Users\Joerg\AppData\Local\Opera Software
2013-11-26 16:41 - 2010-10-29 21:53 - 00000000 ____D C:\ProgramData\FLEXnet
2013-11-26 16:41 - 2010-05-19 17:19 - 00000000 ____D C:\Program Files\Garmin
2013-11-26 16:41 - 2009-08-03 08:56 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\vlc
2013-11-26 16:41 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\spool
2013-11-26 16:41 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\registration
2013-11-26 16:28 - 2013-11-26 16:28 - 32823600 _____ (DVDVideoSoft Ltd. ) C:\Users\Joerg\Downloads\FreeAVIVideoConverter (1).exe
2013-11-24 17:11 - 2013-11-24 17:11 - 00000000 ____D C:\Users\Joerg\Documents\StreamTransport
2013-11-24 15:02 - 2013-11-24 15:01 - 00000000 ____D C:\Users\Joerg\AppData\Local\Mobogenie
2013-11-24 15:02 - 2013-11-24 15:00 - 00000000 ____D C:\Program Files\Mobogenie
2013-11-24 15:01 - 2013-11-24 15:01 - 00000000 ____D C:\Users\Joerg\Documents\Mobogenie
2013-11-24 15:01 - 2013-11-24 15:01 - 00000000 ____D C:\Users\Joerg\AppData\Local\cache
2013-11-24 15:01 - 2013-11-24 15:01 - 00000000 _____ C:\Users\Joerg\daemonprocess.txt
2013-11-24 10:23 - 2013-11-24 10:23 - 28289104 _____ (Any-Video-Converter.com ) C:\Users\Joerg\Downloads\avc-free.exe
2013-11-24 10:21 - 2013-11-24 10:21 - 00000000 ____D C:\Users\Joerg\Documents\Any Video Converter
2013-11-22 12:12 - 2011-04-17 10:39 - 00000000 ___HD C:\Users\Joerg\Documents\_SYNCAPP
2013-11-21 12:10 - 2013-11-21 12:10 - 00000000 ____D C:\ProgramData\PCSettings
2013-11-19 11:21 - 2009-10-02 17:50 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
ZeroAccess:
C:\Users\Joerg\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install
Some content of TEMP:
====================
C:\Users\Joerg\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
LastRegBack: 2013-12-18 15:54
==================== End Of Log ============================
--- --- --- Wieder einmal einen schönen Dank an Dich. Viele Grüße Jörg |
|
19.12.2013, 11:51
| #8 |
| /// the machine /// TB-Ausbilder | Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden?ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.12.2013, 03:58
| #9 |
| | Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden? Hallo Schrauber, hier die log.txt Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=03e8c24e840c4a4bba599967e5ea50f8
# engine=16328
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-19 01:56:54
# local_time=2013-12-19 02:56:54 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5892 16776574 100 100 33702454 224994142 0 0
# scanned=129871
# found=2
# cleaned=0
# scan_time=3693
sh=3C65E5AB5116DE604A72FA7C732C2254450F58C5 ft=1 fh=c71c0011afe11947 vn="a variant of Win32/AdWare.AddLyrics.X application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Show-Password\Show_Password.exe.vir"
sh=81D0C707938C31C84803CE76C5FAC62F6B562D5B ft=1 fh=ffa31804069c5ed5 vn="a variant of Win32/AdWare.AddLyrics.Y application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Show-Password\Uninstall.exe.vir"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=03e8c24e840c4a4bba599967e5ea50f8
# engine=16328
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-19 03:38:31
# local_time=2013-12-19 04:38:31 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5892 16776574 100 100 33712149 225000239 0 0
# scanned=253651
# found=2
# cleaned=0
# scan_time=6052
sh=3C65E5AB5116DE604A72FA7C732C2254450F58C5 ft=1 fh=c71c0011afe11947 vn="a variant of Win32/AdWare.AddLyrics.X application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Show-Password\Show_Password.exe.vir"
sh=81D0C707938C31C84803CE76C5FAC62F6B562D5B ft=1 fh=ffa31804069c5ed5 vn="a variant of Win32/AdWare.AddLyrics.Y application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Show-Password\Uninstall.exe.vir"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=03e8c24e840c4a4bba599967e5ea50f8
# engine=16331
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-19 10:03:35
# local_time=2013-12-19 11:03:35 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5892 16776574 100 100 33731655 225023343 0 0
# scanned=1082942
# found=2
# cleaned=0
# scan_time=23047
sh=3C65E5AB5116DE604A72FA7C732C2254450F58C5 ft=1 fh=c71c0011afe11947 vn="a variant of Win32/AdWare.AddLyrics.X application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Show-Password\Show_Password.exe.vir"
sh=81D0C707938C31C84803CE76C5FAC62F6B562D5B ft=1 fh=ffa31804069c5ed5 vn="a variant of Win32/AdWare.AddLyrics.Y application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Show-Password\Uninstall.exe.vir"
Code:
ATTFilter Results of screen317's Security Check version 0.99.77 Windows Vista Service Pack 1 x86 (UAC is enabled) Out of date service pack!! Internet Explorer 7 Out of date! ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` AntiBrowserSpy Malwarebytes Anti-Malware Version 1.75.0.1300 TuneUp Utilities 2013 TuneUp Utilities Language Pack (de-DE) TuneUp Utilities 2013 TuneUp Utilities Language Pack (de-DE) CCleaner Java 7 Update 45 Java(TM) 6 Update 4 Java(TM) 6 Update 7 Adobe Flash Player 11.9.900.170 Adobe Reader 10.1.4 Adobe Reader out of Date! Mozilla Firefox 17.0.5 Firefox out of Date! Mozilla Thunderbird (24.1.1) Google Chrome 28.0.1500.95 Google Chrome 31.0.1650.57 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-12-2013
Ran by Joerg (administrator) on DESKTOP on 20-12-2013 03:53:14
Running from C:\Users\Joerg\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(B.H.A Corporation) C:\Windows\System32\bgsvcgen.exe
(REINER SCT) C:\Windows\System32\cjpcsc.exe
(devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(IObit) C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
(BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
() I:\Program Files\JFritz\jfritz.exe
(Oracle Corporation) C:\Program Files\Java\jre7\launch4j-tmp\jfritz.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Marek Jasinski - www.FreeCommander.com) C:\Program Files\Util\FreeCommander\FreeCommander.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
() C:\Users\Joerg\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11430504 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [NUSB3MON] - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM\...\Run: [RUSB3MON] - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - KHALMNPR.EXE
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Policies\Explorer: [ShowDriveLettersFirst] 4
HKCU\...\Run: [SyncService] - C:\Program Files\SYNCING.NET\bin\SyncService.exe [1730144 2013-08-20] (ASBYTE)
HKCU\...\Run: [AusweisApp] - C:\Program Files\AusweisApp\siqBootLoader.exe [2514560 2013-05-27] (OpenLimit SignCubes AG)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\Explorer: [TaskbarNoNotification] 1
HKCU\...\Policies\Explorer: [CDRAutoRun] 0
HKU\Carmen\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\Carmen\...\Run: [SyncService] - I:\Program Files\SYNCING.NET\SYNCING.NET\bin\SyncService.exe [ 2009-07-20] (SYNCING.NET Technologies GmbH)
HKU\Carmen\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe
HKU\Carmen\...\Policies\system: [LogonHoursAction] 2
HKU\Carmen\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Catherine-Sophie\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Catherine-Sophie\...\Run: [SyncService] - "C:\Program Files\SYNCING.NET Technologies\SYNCING.NET\bin\SyncService.exe" /silent
HKU\Catherine-Sophie\...\Run: [AusweisApp] - I:\Program Files\AusweisApp\siqBootLoader.exe
HKU\Catherine-Sophie\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)
HKU\Catherine-Sophie\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe
HKU\Catherine-Sophie\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\Catherine-Sophie\...\Policies\system: [LogonHoursAction] 2
HKU\Catherine-Sophie\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\DEG\...\Run: [SyncService] - "C:\Program Files\SYNCING.NET Technologies\SYNCING.NET\bin\SyncService.exe" /silent
HKU\DEG\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe
HKU\DEG\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\DEG\...\Policies\system: [LogonHoursAction] 2
HKU\DEG\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Dominik\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\Dominik\...\Run: [SyncService] - I:\Program Files\SYNCING.NET\SYNCING.NET\bin\SyncService.exe [ 2009-07-20] (SYNCING.NET Technologies GmbH)
HKU\Dominik\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKU\Dominik\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)
HKU\Dominik\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe
HKU\Dominik\...\RunOnce: [Shockwave Updater] - C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_de;_rv:1.9.1.2)_Gecko/20090729_Firefox/3.5.2_(.NET_CLR_3.5.30729)" -"hxxp://www.nordsee-club24.de/blog/urlaub/kinder-und-jugendreisen/campus-nordsee-gaestehaus.html"
HKU\Dominik\...\Policies\system: [LogonHoursAction] 2
HKU\Dominik\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Gast\...\Run: [BullGuard] - "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
HKU\Gast\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\Gast\...\Run: [SyncService] - I:\Program Files\SYNCING.NET\SYNCING.NET\bin\SyncService.exe [ 2009-07-20] (SYNCING.NET Technologies GmbH)
HKU\Gast\...\Run: [AusweisApp] - I:\Program Files\AusweisApp\siqBootLoader.exe
HKU\Gast\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)
HKU\Gast\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe
HKU\Gast\...\RunOnce: [Shockwave Updater] - C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_de;_rv:1.9.1.2)_Gecko/20090729_Firefox/3.5.2_(.NET_CLR_3.5.30729)" -"hxxp://www.nordsee-club24.de/blog/urlaub/kinder-und-jugendreisen/campus-nordsee-gaestehaus.html"
HKU\Gast\...\Policies\system: [LogonHoursAction] 2
HKU\Gast\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\UpdatusUser\...\Run: [SyncService] - "C:\Program Files\SYNCING.NET Technologies\SYNCING.NET\bin\SyncService.exe" /silent
HKU\UpdatusUser\...\Run: [AusweisApp] - I:\Program Files\AusweisApp\siqBootLoader.exe
HKU\UpdatusUser\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)
HKU\UpdatusUser\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe
HKU\UpdatusUser\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\UpdatusUser\...\Policies\system: [LogonHoursAction] 2
HKU\UpdatusUser\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
SearchScopes: HKLM - DefaultScope value is missing.
BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: AusweisApp 1.8.0.0 - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Program Files\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKCU - No Name - {968631B6-4729-440D-9BF4-251F5593EC9A} - No File
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
ShellExecuteHooks: CExecuteHook Object - {7B0E5486-E11D-437f-AC8B-7901C7D3FCCB} - C:\Program Files\SYNCING.NET\bin\ShellUI.dll [1198176 2013-08-20] (ASBYTE)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\..\Interfaces\{5D24B219-8B75-42F7-B0E3-E3BA710ACB43}: [NameServer]192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887
FF Homepage: hxxp://www.ighome.com/?t=336956
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - I:\Program Files\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @photodex.com/PhotodexPresenter - C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
FF Plugin: @reiner-sct.com/OWOK,version=2.0.0.4 - C:\Program Files\REINER SCT\OWOK\NPAPI-20\nprsct_owok_npapi-2004.dll (REINER Kartengeräte GmbH und Co. KG.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\Multimedia\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Joerg\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Joerg\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
FF Extension: Разпознаване на устройство Logitech - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\DeviceDetection@logitech.com
FF Extension: FRITZ!Box AddOn - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\fb_add_on@avm.de
FF Extension: Foxdie - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\Foxdie@tanjihay.com
FF Extension: Foxdie (Graphite) - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\FoxdieGraphite@tanjihay.com
FF Extension: Geolocater - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\geolocater@3liz.com
FF Extension: KeeFox - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\keefox@chris.tomlinson
FF Extension: Youtube MP3 Podcaster - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\youtubemp3podcaster@jeremy.d.gregorio.com
FF Extension: Forecastfox - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF Extension: Garmin Communicator - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF Extension: EPUBReader - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF Extension: Universal Print - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{BE2100B3-1D80-48eb-ACCF-D26750644378}
FF Extension: Bitdefender QuickScan - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: NASA Night Launch - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\nasanightlaunch@example.com.xpi
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\YoutubeDownloader@PeterOlayev.com.xpi
FF Extension: Integrated Inbox for Gmail & Google Apps - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi
FF Extension: X-notifier - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
FF Extension: AddonFox - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4}.xpi
FF Extension: Adblock Plus - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: DownThemAll! - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{4F3D26C8-9907-48ff-BC74-B8C572D317BF}] - C:\Program Files\AusweisApp\mozilla\eCardClientExt_FFxx_Win
FF Extension: AusweisApp - C:\Program Files\AusweisApp\mozilla\eCardClientExt_FFxx_Win
FF HKLM\...\Firefox\Extensions: [{4F0963A3-1658-4fde-9585-23A25CC288BF}] - C:\Program Files\AusweisApp\mozilla\eCardClientPIn_FFxx_Win
FF Extension: AusweisApp - C:\Program Files\AusweisApp\mozilla\eCardClientPIn_FFxx_Win
FF HKCU\...\Firefox\Extensions: [{a3490cb9-8f1a-4bc5-b1a7-6c2bc4b83424}] - C:\Program Files\Show-Password\136.xpi
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Online\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t
CHR DefaultNewTabURL:
CHR Plugin: (Photodex Presenter Plugin) - C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
CHR Extension: (Show-Password) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\logekkkdbdidmmcgkonmmonclldogceg\1.136_0
CHR Extension: (Amazon-Icon) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg\1.0_0
CHR Extension: (Norton Identity Protection) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.1.1.4_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_1
CHR Extension: (Google Wallet) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1
CHR HKLM\...\Chrome\Extension: [logekkkdbdidmmcgkonmmonclldogceg] - C:\Program Files\Show-Password\136.crx
CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Joerg\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Joerg\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
S4 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [427288 2007-08-31] (Acronis)
S3 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)
S4 BotkindSyncService; I:\Program Files\Allway Sync\Bin\SyncService.exe [182784 2013-10-10] ()
R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
S4 CVPND; N:\Program Files\DEG\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3526136 2013-08-27] (devolo AG)
S4 gupdate1c98625899d211c; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-03] (Google Inc.)
S3 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [121360 2009-07-20] (Logitech, Inc.)
R2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151744 2013-11-26] (IObit)
R2 NasPmService; C:\Program Files\BUFFALO\NASNAVI\nassvc.exe [251184 2008-07-11] (BUFFALO INC.)
S4 Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
S4 PMBDeviceInfoProvider; N:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [479840 2012-11-27] (Sony Corporation)
S4 RemoteAccess; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S4 Rohos Disk; C:\Program Files\Rohos\agent.exe [813400 2012-08-24] (Tesline-Service SRL)
S4 SN_Service; C:\Program Files\SYNCING.NET\bin\SN_Service.exe [32768 2013-05-03] (ASBYTE)
S4 StarMoney 8.0 OnlineUpdate; C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S4 TryAndDecideService; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498872 2007-08-31] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1729336 2013-10-11] (TuneUp Software)
S3 TwonkyProxy; C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe [545608 2012-05-03] ()
S3 TwonkyServer; C:\Program Files\Twonky\TwonkyServer\twonkystarter.exe [541512 2012-05-03] (PacketVideo)
S3 TwonkyWebDav; C:\Program Files\Twonky\TwonkyServer\twonkywebdav.exe [271176 2012-05-03] ()
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10)
==================== Drivers (Whitelisted) ====================
R3 3xHybrid; C:\Windows\System32\DRIVERS\3xHybrid.sys [1006816 2009-09-24] (NXP Semiconductors Germany GmbH)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-02-26] ()
R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz)
S3 camvid20; C:\Windows\System32\DRIVERS\camdrv21.sys [253909 2004-05-19] (Philips Components BU Imaging Solutions)
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28144 2011-03-29] (REINER SCT)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc. )
S3 FNETTHJM; C:\Windows\System32\drivers\fnetthjm.sys [23936 2010-09-07] (FNet Co., Ltd.)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
S3 IntelDH; C:\Windows\System32\Drivers\IntelDH.sys [5632 2007-10-15] (Intel Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2009-11-24] ()
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10.sys [50560 2008-05-27] (Generic USB smartcard reader)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [554496 2007-09-21] (Ralink Technology Corp.)
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2013-08-27] (CACE Technologies)
R1 prodrv06; C:\Windows\System32\drivers\prodrv06.sys [77184 2004-03-09] (Protection Technology)
R0 prohlp02; C:\Windows\System32\drivers\prohlp02.sys [65504 2004-03-09] (Protection Technology)
R0 prosync1; C:\Windows\System32\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2013-07-01] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2013-07-01] ()
R2 RHDISK; C:\Program Files\Rohos\RHDISK.SYS [40960 2012-08-23] (Tesline-Service SRL)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [80896 2012-05-10] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [172032 2012-05-10] (Renesas Electronics Corporation)
R0 sfhlp01; C:\Windows\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology)
R0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [83320 2007-02-08] (Protection Technology (StarForce))
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2011-01-27] (Silicon Laboratories)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [58496 2011-01-27] (Silicon Laboratories)
S3 SIUSBXP; C:\Windows\System32\drivers\SiUSBXp.sys [14848 2009-03-09] (Silicon Laboratories)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [7168 2009-09-28] ()
S3 StMp3Rec; C:\Windows\System32\Drivers\StMp3Rec.sys [19840 2007-06-15] (Generic)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [27936 2008-07-15] (RapidSolution Software AG)
R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [368736 2008-03-29] (Acronis)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44416 2008-03-29] (Acronis)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-08-28] (TuneUp Software)
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [122752 2010-07-07] (Texas Instruments)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 GigasetGenericUSB; system32\DRIVERS\GigasetGenericUSB.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PalmUSBD; system32\drivers\PalmUSBD.sys [x]
S3 TSHWMDTCP; \??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-20 03:53 - 2013-12-20 03:54 - 00031908 _____ C:\Users\Joerg\Desktop\FRST.txt
2013-12-20 03:51 - 2013-12-20 03:51 - 00001330 _____ C:\Users\Joerg\Desktop\checkup.txt
2013-12-19 20:27 - 2013-12-19 20:27 - 00000000 ____D C:\ProgramData\WindowsSearch
2013-12-19 13:53 - 2013-12-19 13:49 - 00891200 _____ C:\Users\Joerg\Desktop\SecurityCheck.exe
2013-12-19 13:53 - 2013-12-19 13:48 - 02347384 _____ (ESET) C:\Users\Joerg\Desktop\esetsmartinstaller_enu.exe
2013-12-18 17:51 - 2013-12-20 03:42 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-12-18 17:34 - 2013-12-18 17:48 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-12-18 17:34 - 2013-12-18 17:34 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DESKTOP-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2013-12-18 17:32 - 2013-12-18 17:32 - 00000000 ____D C:\RegBackup
2013-12-18 16:00 - 2013-12-18 16:00 - 00000000 ____D C:\Windows\ERUNT
2013-12-18 15:45 - 2013-12-18 18:11 - 00000000 ____D C:\AdwCleaner
2013-12-18 15:26 - 2013-12-18 15:26 - 00000618 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-18 15:25 - 2013-12-18 15:24 - 01226750 _____ C:\Users\Joerg\Desktop\adwcleaner.exe
2013-12-18 15:25 - 2013-12-18 15:24 - 01034531 _____ (Thisisu) C:\Users\Joerg\Desktop\JRT.exe
2013-12-17 18:14 - 2013-12-17 18:14 - 00027224 _____ C:\ComboFix.txt
2013-12-17 17:49 - 2013-12-17 18:14 - 00000000 ____D C:\ComboFix
2013-12-17 17:34 - 2013-12-17 18:13 - 00000000 ____D C:\Qoobox
2013-12-17 17:30 - 2013-12-17 16:04 - 05155004 ____R (Swearware) C:\Users\Joerg\Desktop\ComboFix.exe
2013-12-17 16:17 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-17 16:17 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-17 16:17 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-17 16:17 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-17 16:17 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-17 16:17 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-17 16:17 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-17 16:17 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-17 16:14 - 2013-12-17 18:11 - 00000000 ____D C:\Windows\erdnt
2013-12-16 16:10 - 2013-12-20 03:53 - 01325762 _____ (Farbar) C:\Users\Joerg\Desktop\FRST.exe
2013-12-16 16:10 - 2013-12-20 03:53 - 00000000 ____D C:\FRST
2013-12-15 19:28 - 2013-12-15 20:15 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\QuickScan
2013-12-15 19:14 - 2013-12-15 19:43 - 3133878462 _____ C:\avenger.txt
2013-12-15 09:58 - 2013-12-15 10:57 - 00001912 _____ C:\Windows\epplauncher.mif
2013-12-15 09:45 - 2013-12-19 13:50 - 00000392 ____H C:\Windows\Tasks\User_Feed_Synchronization-{792C0784-4E0D-417A-B5F3-2D5B5D6A4312}.job
2013-12-12 19:16 - 2013-12-12 19:15 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-12 19:16 - 2013-12-12 19:15 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-12 19:16 - 2013-12-12 19:15 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-12 19:16 - 2013-12-12 19:15 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-12-06 14:54 - 2013-12-06 14:55 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-06 14:54 - 2013-12-06 14:55 - 00000000 ____D C:\Program Files\iTunes
2013-12-06 14:54 - 2013-12-06 14:54 - 00000000 ____D C:\Program Files\iPod
2013-12-03 17:56 - 2013-12-03 17:56 - 00000000 ____D C:\Users\Joerg\Neuer Ordner
2013-11-26 17:32 - 2013-11-26 17:32 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Malwarebytes
2013-11-26 17:31 - 2013-11-26 17:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-26 17:31 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-26 17:25 - 2013-10-31 09:35 - 00001136 _____ C:\Users\Joerg\Documents\indexfile.txt
2013-11-26 16:58 - 2013-12-18 15:49 - 00000000 ____D C:\ProgramData\ProductData
2013-11-26 16:58 - 2013-12-17 16:05 - 00000000 ____D C:\ProgramData\IObit
2013-11-26 16:58 - 2013-12-06 17:24 - 00001166 _____ C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-11-26 16:58 - 2013-11-26 16:59 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\IObit
2013-11-26 16:58 - 2013-11-26 16:59 - 00000000 ____D C:\Program Files\IObit
2013-11-26 16:48 - 2013-11-26 16:48 - 00000953 _____ C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-26 16:28 - 2013-11-26 16:28 - 32823600 _____ (DVDVideoSoft Ltd. ) C:\Users\Joerg\Downloads\FreeAVIVideoConverter (1).exe
2013-11-24 17:11 - 2013-11-24 17:11 - 00000000 ____D C:\Users\Joerg\Documents\StreamTransport
2013-11-24 15:02 - 2013-11-26 18:24 - 00000000 ____D C:\ProgramData\Updater
2013-11-24 15:01 - 2013-11-24 15:02 - 00000000 ____D C:\Users\Joerg\AppData\Local\Mobogenie
2013-11-24 15:01 - 2013-11-24 15:01 - 00000000 ____D C:\Users\Joerg\Documents\Mobogenie
2013-11-24 15:01 - 2013-11-24 15:01 - 00000000 ____D C:\Users\Joerg\AppData\Local\cache
2013-11-24 15:01 - 2013-11-24 15:01 - 00000000 _____ C:\Users\Joerg\daemonprocess.txt
2013-11-24 15:00 - 2013-11-24 15:02 - 00000000 ____D C:\Program Files\Mobogenie
2013-11-24 10:23 - 2013-11-24 10:23 - 28289104 _____ (Any-Video-Converter.com ) C:\Users\Joerg\Downloads\avc-free.exe
2013-11-24 10:21 - 2013-11-24 10:21 - 00000000 ____D C:\Users\Joerg\Documents\Any Video Converter
2013-11-21 12:10 - 2013-11-21 12:10 - 00000000 ____D C:\ProgramData\PCSettings
==================== One Month Modified Files and Folders =======
2013-12-20 03:54 - 2013-12-20 03:53 - 00031908 _____ C:\Users\Joerg\Desktop\FRST.txt
2013-12-20 03:53 - 2013-12-16 16:10 - 01325762 _____ (Farbar) C:\Users\Joerg\Desktop\FRST.exe
2013-12-20 03:53 - 2013-12-16 16:10 - 00000000 ____D C:\FRST
2013-12-20 03:51 - 2013-12-20 03:51 - 00001330 _____ C:\Users\Joerg\Desktop\checkup.txt
2013-12-20 03:49 - 2006-11-02 11:33 - 01579272 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-20 03:45 - 2012-06-11 11:42 - 01316508 _____ C:\Windows\WindowsUpdate.log
2013-12-20 03:44 - 2012-02-21 16:36 - 00000000 ____D C:\Users\Joerg\.ausweisapp
2013-12-20 03:42 - 2013-12-18 17:51 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-12-20 03:42 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-20 03:42 - 2006-11-02 13:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-20 03:42 - 2006-11-02 13:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-19 23:50 - 2006-11-02 14:01 - 00032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-19 20:27 - 2013-12-19 20:27 - 00000000 ____D C:\ProgramData\WindowsSearch
2013-12-19 13:50 - 2013-12-15 09:45 - 00000392 ____H C:\Windows\Tasks\User_Feed_Synchronization-{792C0784-4E0D-417A-B5F3-2D5B5D6A4312}.job
2013-12-19 13:49 - 2013-12-19 13:53 - 00891200 _____ C:\Users\Joerg\Desktop\SecurityCheck.exe
2013-12-19 13:48 - 2013-12-19 13:53 - 02347384 _____ (ESET) C:\Users\Joerg\Desktop\esetsmartinstaller_enu.exe
2013-12-18 18:11 - 2013-12-18 15:45 - 00000000 ____D C:\AdwCleaner
2013-12-18 18:10 - 2012-06-10 09:36 - 00142992 _____ C:\Users\Joerg\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-18 17:51 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Public
2013-12-18 17:50 - 2012-06-11 11:39 - 02438576 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-18 17:48 - 2013-12-18 17:34 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-12-18 17:34 - 2013-12-18 17:34 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DESKTOP-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2013-12-18 17:32 - 2013-12-18 17:32 - 00000000 ____D C:\RegBackup
2013-12-18 16:00 - 2013-12-18 16:00 - 00000000 ____D C:\Windows\ERUNT
2013-12-18 15:49 - 2013-11-26 16:58 - 00000000 ____D C:\ProgramData\ProductData
2013-12-18 15:26 - 2013-12-18 15:26 - 00000618 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-18 15:24 - 2013-12-18 15:25 - 01226750 _____ C:\Users\Joerg\Desktop\adwcleaner.exe
2013-12-18 15:24 - 2013-12-18 15:25 - 01034531 _____ (Thisisu) C:\Users\Joerg\Desktop\JRT.exe
2013-12-17 18:14 - 2013-12-17 18:14 - 00027224 _____ C:\ComboFix.txt
2013-12-17 18:14 - 2013-12-17 17:49 - 00000000 ____D C:\ComboFix
2013-12-17 18:13 - 2013-12-17 17:34 - 00000000 ____D C:\Qoobox
2013-12-17 18:11 - 2013-12-17 16:14 - 00000000 ____D C:\Windows\erdnt
2013-12-17 18:07 - 2006-11-02 11:23 - 00000215 _____ C:\Windows\system.ini
2013-12-17 18:07 - 2006-11-02 11:23 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts_bak_663
2013-12-17 18:04 - 2008-03-11 18:55 - 00000000 ____D C:\Users\Joerg
2013-12-17 18:04 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system
2013-12-17 17:28 - 2012-12-29 20:47 - 00000000 ____D C:\Users\Joerg\AppData\Local\CrashDumps
2013-12-17 16:26 - 2012-11-25 09:38 - 00000000 ____D C:\ProgramData\Norton
2013-12-17 16:05 - 2013-11-26 16:58 - 00000000 ____D C:\ProgramData\IObit
2013-12-17 16:04 - 2013-12-17 17:30 - 05155004 ____R (Swearware) C:\Users\Joerg\Desktop\ComboFix.exe
2013-12-15 20:15 - 2013-12-15 19:28 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\QuickScan
2013-12-15 20:13 - 2008-03-11 19:17 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Adobe
2013-12-15 19:43 - 2013-12-15 19:14 - 3133878462 _____ C:\avenger.txt
2013-12-15 19:14 - 2011-01-26 19:37 - 00000000 ____D C:\Windows\Sun
2013-12-15 18:05 - 2012-09-20 13:27 - 00000000 ____D C:\Program Files\TuneUp Utilities 2013
2013-12-15 17:22 - 2012-06-17 18:09 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-15 17:22 - 2011-06-23 09:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-15 17:22 - 2008-04-05 17:05 - 00000000 ____D C:\Program Files\Google
2013-12-15 16:32 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\LogFiles
2013-12-15 10:57 - 2013-12-15 09:58 - 00001912 _____ C:\Windows\epplauncher.mif
2013-12-15 09:32 - 2010-05-28 19:30 - 01056768 _____ C:\Windows\system32\defltbase.sdb
2013-12-13 20:20 - 2009-09-06 21:26 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Media Player Classic
2013-12-13 19:22 - 2008-04-23 18:40 - 00050688 _____ C:\Users\Joerg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-12 19:32 - 2008-03-12 20:38 - 00000000 ____D C:\Users\Joerg\AppData\Local\Adobe
2013-12-12 19:23 - 2010-10-29 20:10 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-12-12 19:23 - 2007-10-10 12:05 - 00000000 ____D C:\Program Files\Adobe
2013-12-12 19:22 - 2007-10-10 12:06 - 00000000 ____D C:\ProgramData\Adobe
2013-12-12 19:17 - 2013-10-04 19:25 - 00000000 ____D C:\ProgramData\Oracle
2013-12-12 19:15 - 2013-12-12 19:16 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-12 19:15 - 2013-12-12 19:16 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-12 19:15 - 2013-12-12 19:16 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-12 19:15 - 2013-12-12 19:16 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-12-12 18:01 - 2012-07-10 08:41 - 00000000 ____D C:\Program Files\StarMoney 8.0 S-Edition
2013-12-12 17:49 - 2012-10-10 17:57 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-11 17:47 - 2007-10-10 11:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 17:44 - 2013-07-23 19:59 - 00000000 ____D C:\Windows\system32\MRT
2013-12-11 17:40 - 2006-11-02 11:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-12-11 15:02 - 2013-10-09 09:49 - 00000000 ____D C:\Users\Carmen\AppData\Roaming\JFritz
2013-12-08 15:24 - 2012-11-18 18:24 - 00000000 ____D C:\Users\Joerg\AppData\Local\Rohos
2013-12-08 10:07 - 2008-03-12 18:52 - 00000000 ____D C:\Program Files\Astronomie
2013-12-08 10:00 - 2008-03-11 19:23 - 00000000 ___RD C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Online
2013-12-08 09:56 - 2008-05-01 10:20 - 00000000 ____D C:\ProgramData\Skype
2013-12-08 09:54 - 2008-05-01 10:21 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Skype
2013-12-08 09:54 - 2008-03-11 19:22 - 00000000 ___RD C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Util
2013-12-08 09:25 - 2009-05-31 16:17 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\KeePass
2013-12-07 09:40 - 2006-11-02 11:22 - 83361792 _____ C:\Windows\system32\config\SOFTWARE_tureg_old
2013-12-07 09:40 - 2006-11-02 11:22 - 53215232 _____ C:\Windows\system32\config\SYSTEM_tureg_old
2013-12-07 09:40 - 2006-11-02 11:22 - 36069376 _____ C:\Windows\system32\config\COMPONENTS_tureg_old
2013-12-07 09:40 - 2006-11-02 11:22 - 00524288 _____ C:\Windows\system32\config\DEFAULT_tureg_old
2013-12-07 09:40 - 2006-11-02 11:22 - 00028672 _____ C:\Windows\system32\config\SECURITY_tureg_old
2013-12-06 18:13 - 2006-11-02 11:22 - 00204800 _____ C:\Windows\system32\config\SAM_tureg_old
2013-12-06 17:29 - 2011-12-05 19:51 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\MediaMonkey
2013-12-06 17:24 - 2013-11-26 16:58 - 00001166 _____ C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-12-06 14:55 - 2013-12-06 14:54 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-06 14:55 - 2013-12-06 14:54 - 00000000 ____D C:\Program Files\iTunes
2013-12-06 14:54 - 2013-12-06 14:54 - 00000000 ____D C:\Program Files\iPod
2013-12-06 14:54 - 2011-03-15 19:14 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-06 14:54 - 2011-03-15 19:09 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-05 19:23 - 2011-08-23 17:37 - 00002629 _____ C:\Users\Joerg\BT747SettingsJ2SE.pdb
2013-12-05 17:31 - 2011-08-22 12:27 - 00000000 ____D C:\Users\Joerg\Documents\ezTour_Workspace
2013-12-05 17:00 - 2007-10-09 15:23 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-12-04 18:23 - 2011-10-03 14:52 - 00000000 ____D C:\Users\Joerg\AppData\Local\Eye-Fi
2013-12-04 18:10 - 2011-10-03 14:52 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Eye-Fi
2013-12-03 17:56 - 2013-12-03 17:56 - 00000000 ____D C:\Users\Joerg\Neuer Ordner
2013-12-01 20:17 - 2008-03-14 17:45 - 00000000 ____D C:\Users\Joerg\Documents\Navigation
2013-11-27 15:54 - 2008-04-20 15:17 - 00000000 ____D C:\Users\Carmen\Documents\Eigene Dokumente
2013-11-26 19:49 - 2009-09-05 19:15 - 00000000 ____D C:\Windows\pss
2013-11-26 18:24 - 2013-11-24 15:02 - 00000000 ____D C:\ProgramData\Updater
2013-11-26 17:32 - 2013-11-26 17:32 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Malwarebytes
2013-11-26 17:31 - 2013-11-26 17:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-26 17:16 - 2011-04-25 08:44 - 00002078 _____ C:\Windows\system32\OSSService.log
2013-11-26 17:08 - 2008-03-11 19:33 - 00000000 ____D C:\Program Files\Online
2013-11-26 16:59 - 2013-11-26 16:58 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\IObit
2013-11-26 16:59 - 2013-11-26 16:58 - 00000000 ____D C:\Program Files\IObit
2013-11-26 16:48 - 2013-11-26 16:48 - 00000953 _____ C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-26 16:48 - 2013-11-12 16:57 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Opera Software
2013-11-26 16:48 - 2013-11-12 16:57 - 00000000 ____D C:\Users\Joerg\AppData\Local\Opera Software
2013-11-26 16:41 - 2010-10-29 21:53 - 00000000 ____D C:\ProgramData\FLEXnet
2013-11-26 16:41 - 2010-05-19 17:19 - 00000000 ____D C:\Program Files\Garmin
2013-11-26 16:41 - 2009-08-03 08:56 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\vlc
2013-11-26 16:41 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\spool
2013-11-26 16:41 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\registration
2013-11-26 16:28 - 2013-11-26 16:28 - 32823600 _____ (DVDVideoSoft Ltd. ) C:\Users\Joerg\Downloads\FreeAVIVideoConverter (1).exe
2013-11-24 17:11 - 2013-11-24 17:11 - 00000000 ____D C:\Users\Joerg\Documents\StreamTransport
2013-11-24 15:02 - 2013-11-24 15:01 - 00000000 ____D C:\Users\Joerg\AppData\Local\Mobogenie
2013-11-24 15:02 - 2013-11-24 15:00 - 00000000 ____D C:\Program Files\Mobogenie
2013-11-24 15:01 - 2013-11-24 15:01 - 00000000 ____D C:\Users\Joerg\Documents\Mobogenie
2013-11-24 15:01 - 2013-11-24 15:01 - 00000000 ____D C:\Users\Joerg\AppData\Local\cache
2013-11-24 15:01 - 2013-11-24 15:01 - 00000000 _____ C:\Users\Joerg\daemonprocess.txt
2013-11-24 10:23 - 2013-11-24 10:23 - 28289104 _____ (Any-Video-Converter.com ) C:\Users\Joerg\Downloads\avc-free.exe
2013-11-24 10:21 - 2013-11-24 10:21 - 00000000 ____D C:\Users\Joerg\Documents\Any Video Converter
2013-11-22 12:12 - 2011-04-17 10:39 - 00000000 ___HD C:\Users\Joerg\Documents\_SYNCAPP
2013-11-21 12:10 - 2013-11-21 12:10 - 00000000 ____D C:\ProgramData\PCSettings
ZeroAccess:
C:\Users\Joerg\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install
Some content of TEMP:
====================
C:\Users\Joerg\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-20 03:50
==================== End Of Log ============================
Danke und bis bald. Jörg |
|
20.12.2013, 17:52
| #10 |
| /// the machine /// TB-Ausbilder | Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden? Adobe, Firefox und Windows updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ZeroAccess:
C:\Users\Joerg\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.12.2013, 19:28
| #11 |
| | Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden? Hallo Schrauber, jetzt blick' ich nichts mehr. Ich wollte Deine Anweisung abarbeiten, bekam aber ein paar Meldungen, die mir "Angst" machen: Mein Adobe sagt, daß mein Key ungültig wäre. Neu eingegeben - nichts passiert. Okay, deinstalliere ich das Paket, um es später wieder aufzuspielen. Beim Windows Update passiert folgendes: laut Systemauskunft habe ich Vista SP1 installiert (leider weiß ich nicht, wie ich hier im Forum Screenshots posten kann). Ich wollte Vista updaten, bekomme aber von Windows Update eine Meldung: Zitat: "Es konnte nicht nach Updates gesucht werden. Fehler bei der Suche nach neuen Updates für Ihren Computer. Fehler: Code 80096001 - Unbekannter Fehler bei Windows Update" Zitat Ende. Ich habe das SP2 bei Microsoft heruntergeladen, um es manuell zu installieren. Das Ergebnis ist die Meldung, daß ich erst das SP1 installieren muß damit SP2 aufgespielt werden kann. Wie gesagt: laut Systeminfo habe ich SP1. Auch hier habe ich versucht, das SP1 (trotzdem) manuell nachzuinstallieren. Hier kommt die Meldung, daß SP1 bereits installiert ist. Hilft hier eine Reparatur mit der Windows DVD? Mein Firefox war aktuell. Meinen Norton habe ich (vorübergehend) deinstalliert. Hier trotzdem eine aktuelle FRST FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-12-2013 02
Ran by Joerg (administrator) on DESKTOP on 20-12-2013 19:38:13
Running from C:\Users\Joerg\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(B.H.A Corporation) C:\Windows\System32\bgsvcgen.exe
(REINER SCT) C:\Windows\System32\cjpcsc.exe
(devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(IObit) C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
(BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
(OpenLimit SignCubes AG) C:\Program Files\AusweisApp\siqBootLoader.exe
() I:\Program Files\JFritz\jfritz.exe
(Oracle Corporation) C:\Program Files\Java\jre7\launch4j-tmp\jfritz.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11430504 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [NUSB3MON] - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM\...\Run: [RUSB3MON] - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - KHALMNPR.EXE
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Policies\Explorer: [ShowDriveLettersFirst] 4
HKCU\...\Run: [SyncService] - C:\Program Files\SYNCING.NET\bin\SyncService.exe [1730144 2013-08-20] (ASBYTE)
HKCU\...\Run: [AusweisApp] - C:\Program Files\AusweisApp\siqBootLoader.exe [2514560 2013-05-27] (OpenLimit SignCubes AG)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\Explorer: [TaskbarNoNotification] 1
HKCU\...\Policies\Explorer: [CDRAutoRun] 0
HKU\Carmen\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\Carmen\...\Run: [SyncService] - I:\Program Files\SYNCING.NET\SYNCING.NET\bin\SyncService.exe [ 2009-07-20] (SYNCING.NET Technologies GmbH)
HKU\Carmen\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe
HKU\Carmen\...\Policies\system: [LogonHoursAction] 2
HKU\Carmen\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Catherine-Sophie\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Catherine-Sophie\...\Run: [SyncService] - "C:\Program Files\SYNCING.NET Technologies\SYNCING.NET\bin\SyncService.exe" /silent
HKU\Catherine-Sophie\...\Run: [AusweisApp] - I:\Program Files\AusweisApp\siqBootLoader.exe
HKU\Catherine-Sophie\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)
HKU\Catherine-Sophie\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe
HKU\Catherine-Sophie\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\Catherine-Sophie\...\Policies\system: [LogonHoursAction] 2
HKU\Catherine-Sophie\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\DEG\...\Run: [SyncService] - "C:\Program Files\SYNCING.NET Technologies\SYNCING.NET\bin\SyncService.exe" /silent
HKU\DEG\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe
HKU\DEG\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\DEG\...\Policies\system: [LogonHoursAction] 2
HKU\DEG\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Dominik\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\Dominik\...\Run: [SyncService] - I:\Program Files\SYNCING.NET\SYNCING.NET\bin\SyncService.exe [ 2009-07-20] (SYNCING.NET Technologies GmbH)
HKU\Dominik\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKU\Dominik\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)
HKU\Dominik\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe
HKU\Dominik\...\RunOnce: [Shockwave Updater] - C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_de;_rv:1.9.1.2)_Gecko/20090729_Firefox/3.5.2_(.NET_CLR_3.5.30729)" -"hxxp://www.nordsee-club24.de/blog/urlaub/kinder-und-jugendreisen/campus-nordsee-gaestehaus.html"
HKU\Dominik\...\Policies\system: [LogonHoursAction] 2
HKU\Dominik\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Gast\...\Run: [BullGuard] - "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
HKU\Gast\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\Gast\...\Run: [SyncService] - I:\Program Files\SYNCING.NET\SYNCING.NET\bin\SyncService.exe [ 2009-07-20] (SYNCING.NET Technologies GmbH)
HKU\Gast\...\Run: [AusweisApp] - I:\Program Files\AusweisApp\siqBootLoader.exe
HKU\Gast\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)
HKU\Gast\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe
HKU\Gast\...\RunOnce: [Shockwave Updater] - C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_de;_rv:1.9.1.2)_Gecko/20090729_Firefox/3.5.2_(.NET_CLR_3.5.30729)" -"hxxp://www.nordsee-club24.de/blog/urlaub/kinder-und-jugendreisen/campus-nordsee-gaestehaus.html"
HKU\Gast\...\Policies\system: [LogonHoursAction] 2
HKU\Gast\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\UpdatusUser\...\Run: [SyncService] - "C:\Program Files\SYNCING.NET Technologies\SYNCING.NET\bin\SyncService.exe" /silent
HKU\UpdatusUser\...\Run: [AusweisApp] - I:\Program Files\AusweisApp\siqBootLoader.exe
HKU\UpdatusUser\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)
HKU\UpdatusUser\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe
HKU\UpdatusUser\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\UpdatusUser\...\Policies\system: [LogonHoursAction] 2
HKU\UpdatusUser\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
SearchScopes: HKLM - DefaultScope value is missing.
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: AusweisApp 1.8.0.0 - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Program Files\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {968631B6-4729-440D-9BF4-251F5593EC9A} - No File
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
ShellExecuteHooks: CExecuteHook Object - {7B0E5486-E11D-437f-AC8B-7901C7D3FCCB} - C:\Program Files\SYNCING.NET\bin\ShellUI.dll [1198176 2013-08-20] (ASBYTE)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\..\Interfaces\{5D24B219-8B75-42F7-B0E3-E3BA710ACB43}: [NameServer]192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887
FF Homepage: hxxp://www.ighome.com/?t=336956
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - I:\Program Files\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @photodex.com/PhotodexPresenter - C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
FF Plugin: @reiner-sct.com/OWOK,version=2.0.0.4 - C:\Program Files\REINER SCT\OWOK\NPAPI-20\nprsct_owok_npapi-2004.dll (REINER Kartengeräte GmbH und Co. KG.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\Multimedia\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Joerg\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Joerg\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
FF Extension: Разпознаване на устройство Logitech - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\DeviceDetection@logitech.com
FF Extension: FRITZ!Box AddOn - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\fb_add_on@avm.de
FF Extension: Foxdie - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\Foxdie@tanjihay.com
FF Extension: Foxdie (Graphite) - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\FoxdieGraphite@tanjihay.com
FF Extension: Geolocater - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\geolocater@3liz.com
FF Extension: KeeFox - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\keefox@chris.tomlinson
FF Extension: Youtube MP3 Podcaster - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\youtubemp3podcaster@jeremy.d.gregorio.com
FF Extension: Forecastfox - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF Extension: Garmin Communicator - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF Extension: EPUBReader - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF Extension: Universal Print - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{BE2100B3-1D80-48eb-ACCF-D26750644378}
FF Extension: Bitdefender QuickScan - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: NASA Night Launch - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\nasanightlaunch@example.com.xpi
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\YoutubeDownloader@PeterOlayev.com.xpi
FF Extension: TweakTube - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{15e67a59-bd3d-49ae-90dd-b3d3fd14c2ed}.xpi
FF Extension: Integrated Inbox for Gmail & Google Apps - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi
FF Extension: X-notifier - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
FF Extension: AddonFox - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4}.xpi
FF Extension: Adblock Plus - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: DownThemAll! - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{4F3D26C8-9907-48ff-BC74-B8C572D317BF}] - C:\Program Files\AusweisApp\mozilla\eCardClientExt_FFxx_Win
FF Extension: AusweisApp - C:\Program Files\AusweisApp\mozilla\eCardClientExt_FFxx_Win
FF HKLM\...\Firefox\Extensions: [{4F0963A3-1658-4fde-9585-23A25CC288BF}] - C:\Program Files\AusweisApp\mozilla\eCardClientPIn_FFxx_Win
FF Extension: AusweisApp - C:\Program Files\AusweisApp\mozilla\eCardClientPIn_FFxx_Win
FF HKCU\...\Firefox\Extensions: [{a3490cb9-8f1a-4bc5-b1a7-6c2bc4b83424}] - C:\Program Files\Show-Password\136.xpi
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Online\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t
CHR DefaultNewTabURL:
CHR Plugin: (Photodex Presenter Plugin) - C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
CHR Extension: (Show-Password) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\logekkkdbdidmmcgkonmmonclldogceg\1.136_0
CHR Extension: (Amazon-Icon) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg\1.0_0
CHR Extension: (Norton Identity Protection) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.1.1.4_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_1
CHR Extension: (Google Wallet) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1
CHR HKLM\...\Chrome\Extension: [logekkkdbdidmmcgkonmmonclldogceg] - C:\Program Files\Show-Password\136.crx
CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Joerg\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Joerg\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
S4 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [427288 2007-08-31] (Acronis)
R2 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)
S4 BotkindSyncService; I:\Program Files\Allway Sync\Bin\SyncService.exe [182784 2013-10-10] ()
R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
S4 CVPND; N:\Program Files\DEG\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3526136 2013-08-27] (devolo AG)
S4 gupdate1c98625899d211c; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-03] (Google Inc.)
S3 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [121360 2009-07-20] (Logitech, Inc.)
R2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151744 2013-11-26] (IObit)
R2 NasPmService; C:\Program Files\BUFFALO\NASNAVI\nassvc.exe [251184 2008-07-11] (BUFFALO INC.)
S4 Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
S4 PMBDeviceInfoProvider; N:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [479840 2012-11-27] (Sony Corporation)
S4 RemoteAccess; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S4 Rohos Disk; C:\Program Files\Rohos\agent.exe [813400 2012-08-24] (Tesline-Service SRL)
S4 SN_Service; C:\Program Files\SYNCING.NET\bin\SN_Service.exe [32768 2013-05-03] (ASBYTE)
S4 StarMoney 8.0 OnlineUpdate; C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S4 TryAndDecideService; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498872 2007-08-31] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1729336 2013-10-11] (TuneUp Software)
S3 TwonkyProxy; C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe [545608 2012-05-03] ()
S3 TwonkyServer; C:\Program Files\Twonky\TwonkyServer\twonkystarter.exe [541512 2012-05-03] (PacketVideo)
S3 TwonkyWebDav; C:\Program Files\Twonky\TwonkyServer\twonkywebdav.exe [271176 2012-05-03] ()
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10)
==================== Drivers (Whitelisted) ====================
R3 3xHybrid; C:\Windows\System32\DRIVERS\3xHybrid.sys [1006816 2009-09-24] (NXP Semiconductors Germany GmbH)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-02-26] ()
R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz)
S3 camvid20; C:\Windows\System32\DRIVERS\camdrv21.sys [253909 2004-05-19] (Philips Components BU Imaging Solutions)
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28144 2011-03-29] (REINER SCT)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc. )
S3 FNETTHJM; C:\Windows\System32\drivers\fnetthjm.sys [23936 2010-09-07] (FNet Co., Ltd.)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
S3 IntelDH; C:\Windows\System32\Drivers\IntelDH.sys [5632 2007-10-15] (Intel Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2009-11-24] ()
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10.sys [50560 2008-05-27] (Generic USB smartcard reader)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [554496 2007-09-21] (Ralink Technology Corp.)
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2013-08-27] (CACE Technologies)
R1 prodrv06; C:\Windows\System32\drivers\prodrv06.sys [77184 2004-03-09] (Protection Technology)
R0 prohlp02; C:\Windows\System32\drivers\prohlp02.sys [65504 2004-03-09] (Protection Technology)
R0 prosync1; C:\Windows\System32\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2013-07-01] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2013-07-01] ()
R2 RHDISK; C:\Program Files\Rohos\RHDISK.SYS [40960 2012-08-23] (Tesline-Service SRL)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [80896 2012-05-10] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [172032 2012-05-10] (Renesas Electronics Corporation)
R0 sfhlp01; C:\Windows\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology)
R0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [83320 2007-02-08] (Protection Technology (StarForce))
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2011-01-27] (Silicon Laboratories)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [58496 2011-01-27] (Silicon Laboratories)
S3 SIUSBXP; C:\Windows\System32\drivers\SiUSBXp.sys [14848 2009-03-09] (Silicon Laboratories)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [7168 2009-09-28] ()
S3 StMp3Rec; C:\Windows\System32\Drivers\StMp3Rec.sys [19840 2007-06-15] (Generic)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [27936 2008-07-15] (RapidSolution Software AG)
R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [368736 2008-03-29] (Acronis)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44416 2008-03-29] (Acronis)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-08-28] (TuneUp Software)
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [122752 2010-07-07] (Texas Instruments)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
S2 adfs; No ImagePath
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 GigasetGenericUSB; system32\DRIVERS\GigasetGenericUSB.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PalmUSBD; system32\drivers\PalmUSBD.sys [x]
S3 TSHWMDTCP; \??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-20 19:38 - 2013-12-20 19:38 - 00031360 _____ C:\Users\Joerg\Desktop\FRST.txt
2013-12-20 18:16 - 2009-08-19 22:50 - 00022872 _____ (Adobe Systems Inc.) C:\Windows\system32\AdobePDFUI.dll
2013-12-20 18:05 - 2013-12-20 18:05 - 00000118 _____ C:\Users\Joerg\Desktop\Fixlist.txt
2013-12-20 15:27 - 2013-12-20 15:27 - 00000798 _____ C:\Windows\PFRO.log
2013-12-19 20:27 - 2013-12-19 20:27 - 00000000 ____D C:\ProgramData\WindowsSearch
2013-12-19 13:53 - 2013-12-19 13:49 - 00891200 _____ C:\Users\Joerg\Desktop\SecurityCheck.exe
2013-12-19 13:53 - 2013-12-19 13:48 - 02347384 _____ (ESET) C:\Users\Joerg\Desktop\esetsmartinstaller_enu.exe
2013-12-18 17:51 - 2013-12-20 19:36 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-12-18 17:34 - 2013-12-18 17:48 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-12-18 17:34 - 2013-12-18 17:34 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DESKTOP-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2013-12-18 17:32 - 2013-12-18 17:32 - 00000000 ____D C:\RegBackup
2013-12-18 16:00 - 2013-12-18 16:00 - 00000000 ____D C:\Windows\ERUNT
2013-12-18 15:45 - 2013-12-18 18:11 - 00000000 ____D C:\AdwCleaner
2013-12-18 15:26 - 2013-12-18 15:26 - 00000618 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-18 15:25 - 2013-12-18 15:24 - 01226750 _____ C:\Users\Joerg\Desktop\adwcleaner.exe
2013-12-18 15:25 - 2013-12-18 15:24 - 01034531 _____ (Thisisu) C:\Users\Joerg\Desktop\JRT.exe
2013-12-17 18:14 - 2013-12-17 18:14 - 00027224 _____ C:\ComboFix.txt
2013-12-17 17:49 - 2013-12-17 18:14 - 00000000 ____D C:\ComboFix
2013-12-17 17:34 - 2013-12-17 18:13 - 00000000 ____D C:\Qoobox
2013-12-17 17:30 - 2013-12-17 16:04 - 05155004 ____R (Swearware) C:\Users\Joerg\Desktop\ComboFix.exe
2013-12-17 16:17 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-17 16:17 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-17 16:17 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-17 16:17 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-17 16:17 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-17 16:17 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-17 16:17 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-17 16:17 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-17 16:14 - 2013-12-17 18:11 - 00000000 ____D C:\Windows\erdnt
2013-12-16 16:10 - 2013-12-20 18:06 - 01325858 _____ (Farbar) C:\Users\Joerg\Desktop\FRST.exe
2013-12-16 16:10 - 2013-12-20 18:06 - 00000000 ____D C:\FRST
2013-12-15 19:28 - 2013-12-15 20:15 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\QuickScan
2013-12-15 19:14 - 2013-12-15 19:43 - 3133878462 _____ C:\avenger.txt
2013-12-15 09:58 - 2013-12-15 10:57 - 00001912 _____ C:\Windows\epplauncher.mif
2013-12-15 09:45 - 2013-12-20 18:03 - 00000392 ____H C:\Windows\Tasks\User_Feed_Synchronization-{792C0784-4E0D-417A-B5F3-2D5B5D6A4312}.job
2013-12-12 19:16 - 2013-12-12 19:15 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-12 19:16 - 2013-12-12 19:15 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-12 19:16 - 2013-12-12 19:15 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-12 19:16 - 2013-12-12 19:15 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-12-06 14:54 - 2013-12-06 14:55 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-06 14:54 - 2013-12-06 14:55 - 00000000 ____D C:\Program Files\iTunes
2013-12-06 14:54 - 2013-12-06 14:54 - 00000000 ____D C:\Program Files\iPod
2013-12-03 17:56 - 2013-12-03 17:56 - 00000000 ____D C:\Users\Joerg\Neuer Ordner
2013-11-26 17:32 - 2013-11-26 17:32 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Malwarebytes
2013-11-26 17:31 - 2013-11-26 17:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-26 17:31 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-26 17:25 - 2013-10-31 09:35 - 00001136 _____ C:\Users\Joerg\Documents\indexfile.txt
2013-11-26 16:58 - 2013-12-18 15:49 - 00000000 ____D C:\ProgramData\ProductData
2013-11-26 16:58 - 2013-12-17 16:05 - 00000000 ____D C:\ProgramData\IObit
2013-11-26 16:58 - 2013-12-06 17:24 - 00001166 _____ C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-11-26 16:58 - 2013-11-26 16:59 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\IObit
2013-11-26 16:58 - 2013-11-26 16:59 - 00000000 ____D C:\Program Files\IObit
2013-11-26 16:48 - 2013-11-26 16:48 - 00000953 _____ C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-26 16:28 - 2013-11-26 16:28 - 32823600 _____ (DVDVideoSoft Ltd. ) C:\Users\Joerg\Downloads\FreeAVIVideoConverter (1).exe
2013-11-24 17:11 - 2013-11-24 17:11 - 00000000 ____D C:\Users\Joerg\Documents\StreamTransport
2013-11-24 15:02 - 2013-11-26 18:24 - 00000000 ____D C:\ProgramData\Updater
2013-11-24 15:01 - 2013-11-24 15:02 - 00000000 ____D C:\Users\Joerg\AppData\Local\Mobogenie
2013-11-24 15:01 - 2013-11-24 15:01 - 00000000 ____D C:\Users\Joerg\Documents\Mobogenie
2013-11-24 15:01 - 2013-11-24 15:01 - 00000000 ____D C:\Users\Joerg\AppData\Local\cache
2013-11-24 15:01 - 2013-11-24 15:01 - 00000000 _____ C:\Users\Joerg\daemonprocess.txt
2013-11-24 15:00 - 2013-11-24 15:02 - 00000000 ____D C:\Program Files\Mobogenie
2013-11-24 10:23 - 2013-11-24 10:23 - 28289104 _____ (Any-Video-Converter.com ) C:\Users\Joerg\Downloads\avc-free.exe
2013-11-24 10:21 - 2013-11-24 10:21 - 00000000 ____D C:\Users\Joerg\Documents\Any Video Converter
2013-11-21 12:10 - 2013-11-21 12:10 - 00000000 ____D C:\ProgramData\PCSettings
==================== One Month Modified Files and Folders =======
2013-12-20 19:39 - 2013-12-20 19:38 - 00031360 _____ C:\Users\Joerg\Desktop\FRST.txt
2013-12-20 19:39 - 2012-02-21 16:36 - 00000000 ____D C:\Users\Joerg\.ausweisapp
2013-12-20 19:36 - 2013-12-18 17:51 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-12-20 19:36 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-20 19:36 - 2006-11-02 13:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-20 19:36 - 2006-11-02 13:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-20 19:34 - 2012-06-11 11:42 - 01366565 _____ C:\Windows\WindowsUpdate.log
2013-12-20 19:34 - 2006-11-02 14:01 - 00032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-20 19:33 - 2008-03-11 19:17 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Adobe
2013-12-20 18:55 - 2006-11-02 11:33 - 01579272 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-20 18:47 - 2010-10-29 20:10 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-12-20 18:46 - 2007-10-10 12:05 - 00000000 ____D C:\Program Files\Adobe
2013-12-20 18:43 - 2007-10-10 12:06 - 00000000 ____D C:\ProgramData\Adobe
2013-12-20 18:36 - 2012-12-29 20:47 - 00000000 ____D C:\Users\Joerg\AppData\Local\CrashDumps
2013-12-20 18:32 - 2009-08-30 09:41 - 00000000 ____D C:\Program Files\Common Files\PX Storage Engine
2013-12-20 18:06 - 2013-12-16 16:10 - 01325858 _____ (Farbar) C:\Users\Joerg\Desktop\FRST.exe
2013-12-20 18:06 - 2013-12-16 16:10 - 00000000 ____D C:\FRST
2013-12-20 18:05 - 2013-12-20 18:05 - 00000118 _____ C:\Users\Joerg\Desktop\Fixlist.txt
2013-12-20 18:03 - 2013-12-15 09:45 - 00000392 ____H C:\Windows\Tasks\User_Feed_Synchronization-{792C0784-4E0D-417A-B5F3-2D5B5D6A4312}.job
2013-12-20 15:27 - 2013-12-20 15:27 - 00000798 _____ C:\Windows\PFRO.log
2013-12-19 20:27 - 2013-12-19 20:27 - 00000000 ____D C:\ProgramData\WindowsSearch
2013-12-19 13:49 - 2013-12-19 13:53 - 00891200 _____ C:\Users\Joerg\Desktop\SecurityCheck.exe
2013-12-19 13:48 - 2013-12-19 13:53 - 02347384 _____ (ESET) C:\Users\Joerg\Desktop\esetsmartinstaller_enu.exe
2013-12-18 18:11 - 2013-12-18 15:45 - 00000000 ____D C:\AdwCleaner
2013-12-18 18:10 - 2012-06-10 09:36 - 00142992 _____ C:\Users\Joerg\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-18 17:51 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Public
2013-12-18 17:50 - 2012-06-11 11:39 - 02438576 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-18 17:48 - 2013-12-18 17:34 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-12-18 17:34 - 2013-12-18 17:34 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DESKTOP-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2013-12-18 17:32 - 2013-12-18 17:32 - 00000000 ____D C:\RegBackup
2013-12-18 16:00 - 2013-12-18 16:00 - 00000000 ____D C:\Windows\ERUNT
2013-12-18 15:49 - 2013-11-26 16:58 - 00000000 ____D C:\ProgramData\ProductData
2013-12-18 15:26 - 2013-12-18 15:26 - 00000618 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-18 15:24 - 2013-12-18 15:25 - 01226750 _____ C:\Users\Joerg\Desktop\adwcleaner.exe
2013-12-18 15:24 - 2013-12-18 15:25 - 01034531 _____ (Thisisu) C:\Users\Joerg\Desktop\JRT.exe
2013-12-17 18:14 - 2013-12-17 18:14 - 00027224 _____ C:\ComboFix.txt
2013-12-17 18:14 - 2013-12-17 17:49 - 00000000 ____D C:\ComboFix
2013-12-17 18:13 - 2013-12-17 17:34 - 00000000 ____D C:\Qoobox
2013-12-17 18:11 - 2013-12-17 16:14 - 00000000 ____D C:\Windows\erdnt
2013-12-17 18:07 - 2006-11-02 11:23 - 00000215 _____ C:\Windows\system.ini
2013-12-17 18:07 - 2006-11-02 11:23 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts_bak_663
2013-12-17 18:04 - 2008-03-11 18:55 - 00000000 ____D C:\Users\Joerg
2013-12-17 18:04 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system
2013-12-17 16:26 - 2012-11-25 09:38 - 00000000 ____D C:\ProgramData\Norton
2013-12-17 16:05 - 2013-11-26 16:58 - 00000000 ____D C:\ProgramData\IObit
2013-12-17 16:04 - 2013-12-17 17:30 - 05155004 ____R (Swearware) C:\Users\Joerg\Desktop\ComboFix.exe
2013-12-15 20:15 - 2013-12-15 19:28 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\QuickScan
2013-12-15 19:43 - 2013-12-15 19:14 - 3133878462 _____ C:\avenger.txt
2013-12-15 19:14 - 2011-01-26 19:37 - 00000000 ____D C:\Windows\Sun
2013-12-15 18:05 - 2012-09-20 13:27 - 00000000 ____D C:\Program Files\TuneUp Utilities 2013
2013-12-15 17:22 - 2012-06-17 18:09 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-15 17:22 - 2011-06-23 09:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-15 17:22 - 2008-04-05 17:05 - 00000000 ____D C:\Program Files\Google
2013-12-15 16:32 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\LogFiles
2013-12-15 10:57 - 2013-12-15 09:58 - 00001912 _____ C:\Windows\epplauncher.mif
2013-12-15 09:32 - 2010-05-28 19:30 - 01056768 _____ C:\Windows\system32\defltbase.sdb
2013-12-13 20:20 - 2009-09-06 21:26 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Media Player Classic
2013-12-13 19:22 - 2008-04-23 18:40 - 00050688 _____ C:\Users\Joerg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-12 19:32 - 2008-03-12 20:38 - 00000000 ____D C:\Users\Joerg\AppData\Local\Adobe
2013-12-12 19:17 - 2013-10-04 19:25 - 00000000 ____D C:\ProgramData\Oracle
2013-12-12 19:15 - 2013-12-12 19:16 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-12 19:15 - 2013-12-12 19:16 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-12 19:15 - 2013-12-12 19:16 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-12 19:15 - 2013-12-12 19:16 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-12-12 18:01 - 2012-07-10 08:41 - 00000000 ____D C:\Program Files\StarMoney 8.0 S-Edition
2013-12-12 17:49 - 2012-10-10 17:57 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-11 17:47 - 2007-10-10 11:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 17:44 - 2013-07-23 19:59 - 00000000 ____D C:\Windows\system32\MRT
2013-12-11 17:40 - 2006-11-02 11:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-12-11 15:02 - 2013-10-09 09:49 - 00000000 ____D C:\Users\Carmen\AppData\Roaming\JFritz
2013-12-08 15:24 - 2012-11-18 18:24 - 00000000 ____D C:\Users\Joerg\AppData\Local\Rohos
2013-12-08 10:07 - 2008-03-12 18:52 - 00000000 ____D C:\Program Files\Astronomie
2013-12-08 10:00 - 2008-03-11 19:23 - 00000000 ___RD C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Online
2013-12-08 09:56 - 2008-05-01 10:20 - 00000000 ____D C:\ProgramData\Skype
2013-12-08 09:54 - 2008-05-01 10:21 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Skype
2013-12-08 09:54 - 2008-03-11 19:22 - 00000000 ___RD C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Util
2013-12-08 09:25 - 2009-05-31 16:17 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\KeePass
2013-12-07 09:40 - 2006-11-02 11:22 - 83361792 _____ C:\Windows\system32\config\SOFTWARE_tureg_old
2013-12-07 09:40 - 2006-11-02 11:22 - 53215232 _____ C:\Windows\system32\config\SYSTEM_tureg_old
2013-12-07 09:40 - 2006-11-02 11:22 - 36069376 _____ C:\Windows\system32\config\COMPONENTS_tureg_old
2013-12-07 09:40 - 2006-11-02 11:22 - 00524288 _____ C:\Windows\system32\config\DEFAULT_tureg_old
2013-12-07 09:40 - 2006-11-02 11:22 - 00028672 _____ C:\Windows\system32\config\SECURITY_tureg_old
2013-12-06 18:13 - 2006-11-02 11:22 - 00204800 _____ C:\Windows\system32\config\SAM_tureg_old
2013-12-06 17:29 - 2011-12-05 19:51 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\MediaMonkey
2013-12-06 17:24 - 2013-11-26 16:58 - 00001166 _____ C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-12-06 14:55 - 2013-12-06 14:54 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-06 14:55 - 2013-12-06 14:54 - 00000000 ____D C:\Program Files\iTunes
2013-12-06 14:54 - 2013-12-06 14:54 - 00000000 ____D C:\Program Files\iPod
2013-12-06 14:54 - 2011-03-15 19:14 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-06 14:54 - 2011-03-15 19:09 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-05 19:23 - 2011-08-23 17:37 - 00002629 _____ C:\Users\Joerg\BT747SettingsJ2SE.pdb
2013-12-05 17:31 - 2011-08-22 12:27 - 00000000 ____D C:\Users\Joerg\Documents\ezTour_Workspace
2013-12-05 17:00 - 2007-10-09 15:23 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-12-04 18:23 - 2011-10-03 14:52 - 00000000 ____D C:\Users\Joerg\AppData\Local\Eye-Fi
2013-12-04 18:10 - 2011-10-03 14:52 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Eye-Fi
2013-12-03 17:56 - 2013-12-03 17:56 - 00000000 ____D C:\Users\Joerg\Neuer Ordner
2013-12-01 20:17 - 2008-03-14 17:45 - 00000000 ____D C:\Users\Joerg\Documents\Navigation
2013-11-27 15:54 - 2008-04-20 15:17 - 00000000 ____D C:\Users\Carmen\Documents\Eigene Dokumente
2013-11-26 19:49 - 2009-09-05 19:15 - 00000000 ____D C:\Windows\pss
2013-11-26 18:24 - 2013-11-24 15:02 - 00000000 ____D C:\ProgramData\Updater
2013-11-26 17:32 - 2013-11-26 17:32 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Malwarebytes
2013-11-26 17:31 - 2013-11-26 17:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-26 17:16 - 2011-04-25 08:44 - 00002078 _____ C:\Windows\system32\OSSService.log
2013-11-26 17:08 - 2008-03-11 19:33 - 00000000 ____D C:\Program Files\Online
2013-11-26 16:59 - 2013-11-26 16:58 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\IObit
2013-11-26 16:59 - 2013-11-26 16:58 - 00000000 ____D C:\Program Files\IObit
2013-11-26 16:48 - 2013-11-26 16:48 - 00000953 _____ C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-26 16:48 - 2013-11-12 16:57 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Opera Software
2013-11-26 16:48 - 2013-11-12 16:57 - 00000000 ____D C:\Users\Joerg\AppData\Local\Opera Software
2013-11-26 16:41 - 2010-10-29 21:53 - 00000000 ____D C:\ProgramData\FLEXnet
2013-11-26 16:41 - 2010-05-19 17:19 - 00000000 ____D C:\Program Files\Garmin
2013-11-26 16:41 - 2009-08-03 08:56 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\vlc
2013-11-26 16:41 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\spool
2013-11-26 16:41 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\registration
2013-11-26 16:28 - 2013-11-26 16:28 - 32823600 _____ (DVDVideoSoft Ltd. ) C:\Users\Joerg\Downloads\FreeAVIVideoConverter (1).exe
2013-11-24 17:11 - 2013-11-24 17:11 - 00000000 ____D C:\Users\Joerg\Documents\StreamTransport
2013-11-24 15:02 - 2013-11-24 15:01 - 00000000 ____D C:\Users\Joerg\AppData\Local\Mobogenie
2013-11-24 15:02 - 2013-11-24 15:00 - 00000000 ____D C:\Program Files\Mobogenie
2013-11-24 15:01 - 2013-11-24 15:01 - 00000000 ____D C:\Users\Joerg\Documents\Mobogenie
2013-11-24 15:01 - 2013-11-24 15:01 - 00000000 ____D C:\Users\Joerg\AppData\Local\cache
2013-11-24 15:01 - 2013-11-24 15:01 - 00000000 _____ C:\Users\Joerg\daemonprocess.txt
2013-11-24 10:23 - 2013-11-24 10:23 - 28289104 _____ (Any-Video-Converter.com ) C:\Users\Joerg\Downloads\avc-free.exe
2013-11-24 10:21 - 2013-11-24 10:21 - 00000000 ____D C:\Users\Joerg\Documents\Any Video Converter
2013-11-22 12:12 - 2011-04-17 10:39 - 00000000 ___HD C:\Users\Joerg\Documents\_SYNCAPP
2013-11-21 12:10 - 2013-11-21 12:10 - 00000000 ____D C:\ProgramData\PCSettings
ZeroAccess:
C:\Users\Joerg\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install
Some content of TEMP:
====================
C:\Users\Joerg\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-20 18:56
==================== End Of Log ============================
--- --- --- --- --- --- Kannst Du mir weiterhelfen? Ein Riesen Danke im voraus an Dich. Viele Grüße Jörg Geändert von Joetra (20.12.2013 um 19:46 Uhr) |
|
21.12.2013, 16:21
| #12 | |
| /// the machine /// TB-Ausbilder | Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden?Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.12.2013, 16:44
| #13 |
| | Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden? Hi, die Reparatur (Systemwiederherstellung) funktioniert leider nicht. Hast Du vielleicht noch eine Idee? (wenn irgend möglich ohne Neuinstallation). Aber ich fürchte .... die Weihnachten werden anders verbracht als geplant :-( Bis bald Jörg |
|
22.12.2013, 07:15
| #14 | |
| /// the machine /// TB-Ausbilder | Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden?Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.12.2013, 08:24
| #15 |
| | Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden? Guten morgen Schrauber, Mmh, eine gute Frage. Wenn ich die Recovery DVD starte wird mir unter Reparaturoptionen die Systemwiederherstellung angeboten. Gibt es noch eine andere Möglichkeit der Reparatur? danke. Jörg |
|
| Themen zu Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden? |
| 32 bit, bitdefender, brauch, cs4/contributeieplugin.dll, dateien, defender, frage, meldung, mobogenie, mobogenie entfernen, passwörter, problem, schutzsoftware, software, speicher, system, verschwunden, vista, win32/adware.addlyrics.x, win32/adware.addlyrics.y, windows, windows vista, wirklich, zero.access; vista, ändern |
WARNUNG an die MITLESER: 
Linear-Darstellung
