![]() |
|
Log-Analyse und Auswertung: Windows 7: Firefox wird von rvzr-a.akamaihd.net , gefolgt von <... mehr> attackiertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() Windows 7: Firefox wird von rvzr-a.akamaihd.net , gefolgt von <... mehr> attackiert ... mehr: fastdailyfind.com, onlinewebfind.com und interyield.jmp9.com Vorbemerkung: In den Programmen, die ich zur Vorbereitung downloaden und ausführen sollte, war jedesmal der download der FreeYouTubeToMP3Converter_3.12.16.1030.exe aufgeführt. Ich denke und hoffe, dass die Störung und auch der Weg zur Beseitigung bekannt sind und ich nur noch Ihren Anweisungen folgen muss und meine Angaben nur noch Bestätigung sind. Dennoch gebe ich Ihnen alle gewünschten Informationen, damit meine Anfrage nicht vorher gelöscht wird. Beschreibung des Fehlers: Gleichgültig wie man eine web--Seite aufruft, besteht der Trojaner (es ist meine Annahme, dass es sich um einen Trojaner handelt) darin, dass ein zweites Firefox Fenster unmittelbar nach dem Öffnen des gewünschten ersten Fensters genau in der gleichen Größe und Position des ersten geöffnet wird und eins, das dass erste vollständig überlagert. Dabei wird meistens die URL h**p://rvzr-a.akamaihd.net (U1), die meistens als erste erscheint, oder auch gar nicht, in eine neue Inkarnation des Firefox (jetzt Version 27.0.1, aber auch 26.0) geladen, während die nachfolgenden URLs h**p://fastdailyfind.com (U2), h**p://onlinewebfind.com (U3) in beliebiger Reihenfolge in neue Reiter geladen werden. Die U1 wird von WOT ![]() Klassifizierung des WOT gestoppt, die anderen warten auf ihre Seite, die aber nicht gefunden wird. Es scheint, dass U1 vorwiegend erscheint, wenn die gewünschte Seite eine login Seite ist. In den seltenen Fällen, in denen keine der URLs sofort gerufen wurden, geschieht das auch nicht nach längerem Warten. Eine weitere Beobachtung, kein weiterer Fehler: Die Windows Minianwendung "CPU-Nutzung" ![]() Bild der Minianwendung CPU-Last zeigt oft hohe Last (manchmal über 100%) und Speichernutzung, der Laptop (Medion Akoya MD 96970, gekauft mit VISTA, dann upgrade) wird vorne links heiß, der Ventilator läuft auf Hochtouren, aber der Task-Manager zeigt nichts Auffälliges an. Nach einer Weile ist der Spuk vorbei, Stille, Kühle, kleine Anzeigen und der Rechner läuft wieder schneller. Historie: Am 24.11.13 trat der Fehler erstmalig auf, ich hatte downloads zu dieser Zeit: ![]() Liste herunter geladener *.exe 24.11.2013 10:04 FreeYouTubeToMP3Converter_3.12.16.1030.exe 24.11.2013 17:07 Setup.exe 24.11.2013 17:07 SecurityTaskManager_Setup.exe 24.11.2013 17:16 SecurityTaskManager_Setup-1.8d ![]() Kommentar zur mbar-1.07.0.1007.exe 26.11.2013 00:35 mbar-1.07.0.1007.exe 26.11.2013 02:22 explorer.exe 27.11.2013 10:26 systemexplorersetup_422.exe 27.11.2013 10:58 vtuploader2.0.exe 29.11.2013 21:43 Anti-Bundestrojaner.zip 29.11.2013 21:45 Passwort-Verschluesselungstool.zip 29.11.2013 22:58 passwordscan_setup.exe 29.11.2013 23:08 passwordscan_german.zip 11.12.2013 15:57 uDoM.exe Letztere wurde von mir so genannt und ist die rkill.exe original Kommentar zur umbenannten rkill.exe ![]() Es waren noch einige Programme mehr, Malwarebytes Anti-Malware , Spybot (der gute), die ich aber in der Zwischenzeit wieder gelöscht habe. Wegen anderer Fehler auf meinem PC konnte ich meine normalen Arbeiten nicht früher fertig stellen und auch nicht mehr aufschieben, weshalb ich mich erst jetzt wieder um die Beseitigung der "Trojaner" kümmern kann. Die Probleme, die mich zurück geworfen haben, waren: ***Fehler im OpenOffice 3.0 , weshalb ich die Grafikkarte erneuern ließ. Es stellte sich heraus, dass der Fehler erst im Apache 4.1 gefixt wurde, der Austausch war unnötig. ***Treiber- und Treiberinstallationsfehler bei NVIDIA Treibern. Der nach dem Austasch neu zu ladende Grafiktreiber von NVIDIA lief nicht mit dem Chip, dass stellte sich aber erst nach langer Zeit heraus. NVIDIA lieferte in 2013 keinen Treiber, der zu der Grafikkarte passte, aber alle wurden klaglos installiert. Erst im November konnte ich dann den letzten der alten Treiber (306.23 Datum: 30.08.2012 Version: 9.18.13.623 ) ermitteln, mit dem die Grafikkarte nun läuft. HW Beschreibung: ![]() Bild Eigenschaften CPU Es folgen noch im Anhang die Tabs des aktiven Programms CPU-Z.0.7.7.exe , sowie der auf Tastendruck erzeugte Report, den ich CPU Report von UDO-PC.txt genannt habe und ebenso die Datei GPU-Z Sensor Log.txt. Ich habe sie ans Ende gestellt, weil ich keine zum Problem gehörige Angaben davon erwarte. Zusammengestellte Informationen Schritt 1: Hier ist mir leider ein Fehler unterlaufen, ich habe den defogger mit linkem Doppelklick gestartet, weil ich erst nur diese eine Zeile gelesen habe und sie ausführen wollte. Prompt bekam ich als Ausgabe die defogger_disable.log. Ob sonst eine *.txt ausgegebenworden wäre, steht nicht in der Beschreibung. Da dort aber auch steht, dass man die defogger_disable.exe nicht mehrmals laufen lassen soll, weil beide Abschlussmöglichkeiten nicht erlaubt sind, habe ich es bei dem einen Mal belassen. Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 15:35 on 21/03/2014 (Udo) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Außerdem möchte ich Sie fragen, ob ich bei der Sie-Form bleiben, oder in die fast ausnahmlose Du-Form des Trojaner-boards wechseln soll. Code:
ATTFilter Rkill 2.6.3 by Lawrence Abrams (Grinler) hxxp://www.bleepingcomputer.com/ Copyright 2008-2014 BleepingComputer.com More Information about Rkill can be found at this link: hxxp://www.bleepingcomputer.com/forums/topic308364.html Program started at: 03/22/2014 07:14:30 AM in x86 mode. Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * Advanced Explorer Setting Removed: HideIcons [HKCU] Backup Registry file created at: C:\Users\Udo\Desktop\rkill\rkill-03-22-2014-07-14-34.reg Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Firewall Disabled [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = dword:00000000 Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 03/22/2014 07:17:27 AM Execution time: 0 hours(s), 2 minute(s), and 57 seconds(s) FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by Udo (administrator) on UDO-PC on 21-03-2014 15:54:03 Running from F:\Downloads Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe (Infowatch) C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (LG Electronics) C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\Dual Package.exe () C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\TestDDCCI.exe () C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\TestDDCCI.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\stpass.exe (Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE (Apache Software Foundation) C:\Program Files\OpenOffice 4\program\swriter.exe (Apache Software Foundation) C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation) C:\Program Files\OpenOffice 4\program\soffice.bin (Microsoft Corporation) C:\Windows\system32\prevhost.exe (Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Microsoft Corporation) C:\Windows\system32\taskmgr.exe (Dominik Reichl) C:\Program Files\KeePass Password Safe 2\KeePass.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe () C:\Program Files\FastStone Capture\FSCapture.exe (Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files\WinZipper\WinZipper.exe (CPUID) C:\Users\Udo\AppData\Local\Temp\WzE2C40.tmp\cpuz_x32.exe (Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files\WinZipper\WinZipper.exe (Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files\WinZipper\WinZipper.exe (techPowerUp (www.techpowerup.com)) C:\Program Files\GPU-Z\GPU-Z.exe (Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files\WinZipper\WinZipper.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [KeePass 2 PreLoad] - C:\Program Files\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1557800 2011-08-10] (Synaptics Incorporated) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM\...\Run: [Ulead AutoDetector v2] - C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [90112 2006-11-29] (Ulead Systems, Inc.) HKU\S-1-5-21-1941973716-3639889936-670227862-1001\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation) HKU\S-1-5-21-1941973716-3639889936-670227862-1001\...\Run: [] - [X] HKU\S-1-5-21-1941973716-3639889936-670227862-1001\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia) HKU\S-1-5-21-1941973716-3639889936-670227862-1001\...\MountPoints2: E - E:\auvisio.exe HKU\S-1-5-21-1941973716-3639889936-670227862-1001\...\MountPoints2: {0d9da974-de3a-11e2-9802-001f160450d2} - E:\AutoRun.exe HKU\S-1-5-21-1941973716-3639889936-670227862-1001\...\MountPoints2: {70550e18-16eb-11e2-aea2-001f160450d2} - P:\AutoRun.exe HKU\S-1-5-21-1941973716-3639889936-670227862-1008\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation) HKU\S-1-5-21-1941973716-3639889936-670227862-1008\...\Run: [] - [X] HKU\S-1-5-21-1941973716-3639889936-670227862-1008\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia) HKU\S-1-5-21-1941973716-3639889936-670227862-1008\...\MountPoints2: E - E:\auvisio.exe HKU\S-1-5-21-1941973716-3639889936-670227862-1008\...\MountPoints2: {0d9da974-de3a-11e2-9802-001f160450d2} - E:\AutoRun.exe HKU\S-1-5-21-1941973716-3639889936-670227862-1008\...\MountPoints2: {70550e18-16eb-11e2-aea2-001f160450d2} - P:\AutoRun.exe ==================== Internet (Whitelisted) ==================== ProxyServer: http=;ftp=;https=; HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA3F7D62C03B5CB01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000BEVT-00A0RT0_WD-WXB1A70N0629N0629&ts=1373034736 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000BEVT-00A0RT0_WD-WXB1A70N0629N0629&ts=1373034736 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000BEVT-00A0RT0_WD-WXB1A70N0629N0629&ts=1373034736 URLSearchHook: HKLM - (No Name) - {b106b661-3e1b-4015-af5c-195e909f35c6} - No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=WDCXWD5000BEVT-00A0RT0_WD-WXB1A70N0629N0629&ts=1370926261 SearchScopes: HKLM - DefaultScope {D837C64E-FD55-4E85-BB04-F12B10DA177D} URL = SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=DE&userid=9a554a25-9491-2cd8-8c3e-add42334deb9&searchtype=ds&q={searchTerms}&installDate=05/11/2013 SearchScopes: HKCU - DefaultScope {E8B33161-42D7-4C9D-935E-0AC9DA5B6DD4} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=ecdb9d5e000000000000001f160450d2&r=34 SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=DE&userid=9a554a25-9491-2cd8-8c3e-add42334deb9&searchtype=ds&q={searchTerms}&installDate=05/11/2013 SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = hxxp://inboxtoolbar.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80760&lng=de SearchScopes: HKCU - {D837C64E-FD55-4E85-BB04-F12B10DA177D} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3317893&CUI=UN16483182471822128&UM=2 SearchScopes: HKCU - {E8B33161-42D7-4C9D-935E-0AC9DA5B6DD4} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=ecdb9d5e000000000000001f160450d2&r=34 BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - No File BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: No Name - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No File BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKCU - No Name - {66BD2442-241B-44CD-8C7A-B51037053CDB} - No File Toolbar: HKCU - No Name - {B106B661-3E1B-4015-AF5C-195E909F35C6} - No File DPF: {15BE8BEE-4105-4A79-B385-25068AA967DB} hxxp://dizun95pzobbc.cloudfront.net/VBIMDPlayer.CAB DPF: {32E7B36C-7960-4A42-B83B-D8AFD0AAEF2B} hxxp://dizun95pzobbc.cloudfront.net/INDBrowser.CAB Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Udo\AppData\Roaming\Mozilla\Firefox\C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-1941973716-3639889936-670227862-1001\FireFox FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @kaspersky.com/Kaspersky PURE - C:\PROGRA~1\KASPER~1\KASPER~1.0\KASPER~2\npkpmAutofill.dll (Kaspersky Lab) FF Plugin HKCU: @kaspersky.com/Password Manager - C:\Program Files\Kaspersky Lab\Kaspersky Password Manager\npkpmAutofill.dll No File FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdjvu.dll (Caminova, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2013-11-16] FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2013-11-16] FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [] FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-06-11] FF HKLM\...\Firefox\Extensions: [{ee8cd9f6-dae3-4889-816b-99fe80dae284}] - C:\Program Files\WinSecurity\winsecurity.xpi FF Extension: WinSecurity - C:\Program Files\WinSecurity\winsecurity.xpi [2013-08-27] FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2013-12-28] FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2013-12-28] FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com FF Extension: Content Blocker - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2013-12-28] FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2013-12-28] FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2013-12-28] FF HKCU\...\Firefox\Extensions: [{72CA2996-F580-47DF-98FF-0B853D09CEC8}] - C:\Users\Udo\AppData\Roaming\Kaspersky Lab\Password Manager\kpmAutofill FF Extension: Password Manager plugin - C:\Users\Udo\AppData\Roaming\Kaspersky Lab\Password Manager\kpmAutofill [2013-12-28] FF HKCU\...\Thunderbird\Extensions: [{72CA2996-F580-47DF-98FF-0B853D09CEC8}] - C:\Users\Udo\AppData\Roaming\Kaspersky Lab\Password Manager\kpmAutofill FF Extension: Password Manager plugin - C:\Users\Udo\AppData\Roaming\Kaspersky Lab\Password Manager\kpmAutofill [2013-12-28] ========================== Services (Whitelisted) ================= R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO) S4 AvrcpService; C:\Program Files\REALTEK\Realtek Bluetooth\AvrcpService.exe [25088 2012-12-26] (Realtek Semiconductor Corporation) R2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.) S4 BTDevManager; C:\Program Files\REALTEK\Realtek Bluetooth\BTDevMgr.exe [31744 2012-12-07] () R2 CSObjectsSrv; C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch) S4 Dyn Updater; C:\Program Files\DynDNS Updater\DynUpSvc.exe [95608 2011-11-15] (Dyn, Inc.) R2 HFGService; C:\Windows\System32\HFGService.dll [413696 2009-12-21] (CSR, plc) S4 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S4 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S4 RtkBleServ; C:\Program Files\REALTEK\Realtek Bluetooth\RtkBleServ.exe [30208 2012-12-07] (Realtek Semiconductor Corporation) S4 RXAPI; C:\Program Files\ooRexx\rxapi.exe [95744 2010-12-05] (Rexx Language Association) S4 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-09-28] (Ulead Systems, Inc.) S4 winzipersvc; C:\Program Files\WinZipper\winzipersvc.exe [424104 2013-06-20] (Taiwan Shui Mu Chih Ching Technology Limited.) S4 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [522040 2013-02-08] (Wacom Technology, Corp.) S4 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] ==================== Drivers (Whitelisted) ==================== R3 BthAudioHF; C:\Windows\System32\drivers\RtkHfp.sys [75920 2012-11-09] (Realtek Semiconductor Corporation) S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (CSR, plc) R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [88632 2011-06-02] (Infowatch) S3 csr_a2dp; C:\Windows\System32\drivers\bthav.sys [61952 2009-12-21] (CSR, plc) R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [39736 2011-06-02] (Infowatch) S3 DCamUSBSTK013; C:\Windows\System32\DRIVERS\STK013W2.sys [99476 2004-08-04] (Syntek Ltd.) S3 emAudio; C:\Windows\System32\drivers\emAudio.sys [25600 2011-10-06] (eMPIA Technology, Inc.) S3 Gigusb; C:\Windows\System32\Drivers\Gigusb.sys [46921 2001-05-31] (Siemens AG) R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [22688 2014-03-21] (REALiX(tm)) R3 i8042HDR; C:\Windows\System32\DRIVERS\i8042HDR.sys [13224 2011-08-10] (Chicony) S3 IUAPIWDM; C:\Windows\System32\DRIVERS\IUAPIWDM.sys [49344 2001-05-16] (SIEMENS AG) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-11-11] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [595552 2013-11-11] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [24408 2012-08-02] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-11-11] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-11-11] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-11-11] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-11-11] (Kaspersky Lab ZAO) S3 LGDDCDevice; C:\Windows\system32\LGI2CDriver.sys [16384 2010-08-04] (LG Soft India) S3 LGII2CDevice; C:\Windows\system32\LGPII2CDriver.sys [19968 2011-02-11] () S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.) R3 RtkA2dp; C:\Windows\System32\drivers\RtkA2dp.sys [148112 2012-11-06] (Realtek Semiconductor Corporation) R3 RtkAvrcp; C:\Windows\System32\DRIVERS\RtkAvrcp.sys [51984 2012-11-06] (Realtek Semiconductor Corporation) R3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [437904 2012-12-06] (Realtek Semiconductor Corporation) R0 Si3531; C:\Windows\System32\DRIVERS\Si3531.sys [212520 2009-02-05] (Silicon Image, Inc) S3 siellif; C:\Windows\System32\Drivers\siellif.sys [98331 2001-06-05] (Siemens AG) R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [17064 2009-02-05] (Silicon Image, Inc.) S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2011-01-27] (Silicon Laboratories) S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [58496 2011-01-27] (Silicon Laboratories) R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12200 2009-02-05] (Silicon Image, Inc.) S3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1521544 2010-04-16] (Syntek) S3 UCharger; C:\Windows\System32\Drivers\UCharger.sys [13765 2007-05-15] () S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [476288 2007-08-08] (eMPIA Technology, Inc.) S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [38656 2007-08-08] (eMPIA Technology, Inc.) R3 wacomrouterfilter; C:\Windows\System32\DRIVERS\wacomrouterfilter.sys [13296 2012-12-20] (Wacom Technology) R3 WFMC_VAD; C:\Windows\System32\DRIVERS\wfmcvad.sys [19456 2010-02-08] (WiFi Media Connect) R3 cpuz136; \??\C:\Users\Udo\AppData\Local\Temp\cpuz136\cpuz136_x32.sys [X] S3 esgiguard; No ImagePath U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [102784 2010-07-27] (Huawei Technologies Co., Ltd.) R3 GPU-Z; \??\C:\Users\Udo\AppData\Local\Temp\GPU-Z.sys [X] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X] U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2013-11-11] (Kaspersky Lab ZAO) S1 MpKsl53637a02; No ImagePath S1 MpKsl543ed90e; No ImagePath S3 Ser2pl; system32\DRIVERS\ser2pl.sys [X] U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-21 15:46 - 2014-03-21 15:54 - 00000000 ____D () C:\FRST 2014-03-21 15:35 - 2014-03-21 15:35 - 00000000 _____ () C:\Users\Udo\defogger_reenable 2014-03-21 10:26 - 2014-03-21 10:26 - 00022688 _____ (REALiX(tm)) C:\Windows\system32\Drivers\HWiNFO32.SYS 2014-03-21 10:07 - 2014-03-21 10:07 - 00000000 ____D () C:\Users\Udo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z 2014-03-21 10:07 - 2014-03-21 10:07 - 00000000 ____D () C:\Program Files\GPU-Z 2014-03-17 05:32 - 2014-03-17 05:32 - 00002068 _____ () C:\Users\Public\Desktop\PhotoImpact 12.lnk 2014-03-17 05:26 - 2006-07-22 19:37 - 00049152 ____N (Blue Sky Software Corporation.) C:\Windows\system32\INETWH32.dll 2014-03-17 05:26 - 1999-10-15 12:50 - 01056768 ____N (Blue Sky Software Corporation.) C:\Windows\system32\ROBOEX32.DLL 2014-03-17 05:13 - 2014-03-17 05:13 - 00000504 _____ () C:\Windows\PFRO.log 2014-03-16 22:40 - 2014-03-16 22:40 - 00000000 ____D () C:\Users\Udo\HDR Projects 2014-03-16 21:25 - 2014-03-16 21:26 - 00001588 _____ () C:\Windows\debugrcfile.ini 2014-03-16 20:44 - 2014-03-16 20:44 - 00001158 _____ () C:\Users\Public\Desktop\HDR Projects elements (32-Bit).lnk 2014-03-16 18:58 - 2014-03-16 18:58 - 00000955 _____ () C:\Users\Public\Desktop\Cutout 3.lnk 2014-03-16 18:58 - 2007-05-25 14:57 - 00061440 _____ () C:\Windows\system32\CIUtils.dll 2014-03-16 18:37 - 2014-03-16 20:44 - 00000000 ____D () C:\Program Files\Franzis 2014-03-13 21:43 - 2014-03-16 12:55 - 00000000 ____D () C:\FBBM 2014-03-12 15:16 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-12 15:16 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-12 15:16 - 2014-03-01 05:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-12 15:16 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-12 15:16 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-12 15:16 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-12 15:16 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-12 15:16 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-12 15:16 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-12 15:16 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-12 15:16 - 2014-03-01 04:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-12 15:16 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-12 15:16 - 2014-03-01 04:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-12 15:16 - 2014-03-01 04:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-12 15:16 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-12 15:16 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-12 15:16 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-12 15:16 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-12 15:16 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-12 15:16 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-12 15:16 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-12 15:16 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-12 15:15 - 2014-02-07 02:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-12 15:15 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-12 15:15 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-12 15:15 - 2014-01-28 03:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-12 15:10 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-03 06:11 - 2014-03-17 07:04 - 00129776 _____ () C:\Users\Udo\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-03 06:07 - 2014-03-17 05:13 - 00000896 _____ () C:\Windows\setupact.log 2014-03-03 06:07 - 2014-03-13 09:50 - 00510328 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-03 06:07 - 2014-03-03 06:07 - 00000000 _____ () C:\Windows\setuperr.log 2014-02-23 22:21 - 2014-02-23 22:28 - 00014745 _____ () C:\Users\Udo\Desktop\A1-Notizen.ods 2014-02-23 18:24 - 2014-02-23 18:24 - 00000656 _____ () C:\Users\Udo\Desktop\Total Commander.lnk 2014-02-22 00:39 - 2014-02-22 00:39 - 00001107 _____ () C:\Users\Public\Desktop\SystemTweaker.lnk 2014-02-21 15:56 - 2014-02-21 15:56 - 00000022 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.zip 2014-02-21 15:18 - 2014-02-22 10:04 - 00000000 ____D () C:\Users\Udo\AppData\Roaming\systweak 2014-02-21 15:18 - 2014-01-03 13:16 - 00018776 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot.exe 2014-02-21 12:31 - 2014-03-13 20:09 - 00001143 _____ () C:\Users\Udo\Desktop\onlineTV 10.lnk 2014-02-21 12:31 - 2014-02-21 12:31 - 00000000 ____D () C:\Users\Udo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\concept design 2014-02-21 12:31 - 2014-02-21 12:31 - 00000000 ____D () C:\Users\Udo\AppData\Roaming\concept design 2014-02-21 12:31 - 2014-02-21 12:31 - 00000000 ____D () C:\Program Files\concept design ==================== One Month Modified Files and Folders ======= 2014-03-21 15:54 - 2014-03-21 15:46 - 00000000 ____D () C:\FRST 2014-03-21 15:35 - 2014-03-21 15:35 - 00000000 _____ () C:\Users\Udo\defogger_reenable 2014-03-21 15:35 - 2011-01-15 21:34 - 00000000 ____D () C:\Users\Udo 2014-03-21 15:31 - 2012-04-12 19:39 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-21 15:30 - 2012-01-23 15:59 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-21 15:30 - 2012-01-23 15:59 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-21 15:28 - 2013-10-10 06:08 - 00153600 ___SH () C:\Users\Udo\Desktop\Thumbs.db 2014-03-21 15:17 - 2013-03-23 14:19 - 01688721 _____ () C:\Windows\WindowsUpdate.log 2014-03-21 10:34 - 2011-12-27 22:21 - 00000000 ____D () C:\Program Files\HWiNFO32 2014-03-21 10:26 - 2014-03-21 10:26 - 00022688 _____ (REALiX(tm)) C:\Windows\system32\Drivers\HWiNFO32.SYS 2014-03-21 10:08 - 2013-12-19 12:43 - 00000000 ____D () C:\Users\Udo\AppData\Roaming\NVIDIA 2014-03-21 10:07 - 2014-03-21 10:07 - 00000000 ____D () C:\Users\Udo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z 2014-03-21 10:07 - 2014-03-21 10:07 - 00000000 ____D () C:\Program Files\GPU-Z 2014-03-21 09:37 - 2009-07-14 05:34 - 00015344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-21 09:37 - 2009-07-14 05:34 - 00015344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-20 14:14 - 2013-08-07 13:26 - 00000000 ____D () C:\Program Files\QuickPCOptimizer 2014-03-20 13:48 - 2013-02-09 12:56 - 00000000 ____D () C:\Users\Udo\AppData\Roaming\KeePass 2014-03-20 08:27 - 2013-12-11 14:14 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-03-19 06:35 - 2013-08-23 16:30 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-19 06:23 - 2011-01-15 21:29 - 01657312 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-19 06:18 - 2011-01-15 22:26 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-17 23:31 - 2011-01-15 23:48 - 00000000 ____D () C:\Bridge Base Online 2014-03-17 22:56 - 2011-01-17 23:56 - 00000000 ____D () C:\Users\Udo\AppData\Roaming\Skype 2014-03-17 07:28 - 2012-04-12 19:39 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-03-17 07:28 - 2011-07-10 14:09 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-03-17 07:28 - 2011-01-16 00:24 - 00000000 ____D () C:\Users\Udo\AppData\Local\Adobe 2014-03-17 07:04 - 2014-03-03 06:11 - 00129776 _____ () C:\Users\Udo\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-17 05:32 - 2014-03-17 05:32 - 00002068 _____ () C:\Users\Public\Desktop\PhotoImpact 12.lnk 2014-03-17 05:26 - 2011-01-20 14:40 - 00000000 ____D () C:\Program Files\Ulead Systems 2014-03-17 05:26 - 2011-01-20 14:40 - 00000000 ____D () C:\Program Files\Common Files\Ulead Systems 2014-03-17 05:26 - 2011-01-17 15:46 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-03-17 05:14 - 2011-11-18 14:42 - 00000328 _____ () C:\Windows\Tasks\RegistryBooster.job 2014-03-17 05:13 - 2014-03-17 05:13 - 00000504 _____ () C:\Windows\PFRO.log 2014-03-17 05:13 - 2014-03-03 06:07 - 00000896 _____ () C:\Windows\setupact.log 2014-03-17 05:13 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-16 22:40 - 2014-03-16 22:40 - 00000000 ____D () C:\Users\Udo\HDR Projects 2014-03-16 21:26 - 2014-03-16 21:25 - 00001588 _____ () C:\Windows\debugrcfile.ini 2014-03-16 20:44 - 2014-03-16 20:44 - 00001158 _____ () C:\Users\Public\Desktop\HDR Projects elements (32-Bit).lnk 2014-03-16 20:44 - 2014-03-16 18:37 - 00000000 ____D () C:\Program Files\Franzis 2014-03-16 18:58 - 2014-03-16 18:58 - 00000955 _____ () C:\Users\Public\Desktop\Cutout 3.lnk 2014-03-16 18:00 - 2011-10-25 22:17 - 00000000 ____D () C:\Users\Udo\AppData\Roaming\XnView 2014-03-16 12:55 - 2014-03-13 21:43 - 00000000 ____D () C:\FBBM 2014-03-13 21:12 - 2012-03-22 14:01 - 00000000 ____D () C:\Users\Udo\AppData\Roaming\vlc 2014-03-13 20:09 - 2014-02-21 12:31 - 00001143 _____ () C:\Users\Udo\Desktop\onlineTV 10.lnk 2014-03-13 09:50 - 2014-03-03 06:07 - 00510328 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-13 09:48 - 2011-09-19 13:03 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-08 00:10 - 2013-11-12 10:10 - 00000000 ____D () C:\Program Files\CCleaner 2014-03-05 17:17 - 2013-11-16 06:42 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-03-03 18:15 - 2012-02-29 21:03 - 00000000 ____D () C:\Users\Udo\AppData\Roaming\dvdcss 2014-03-03 06:07 - 2014-03-03 06:07 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-02 06:52 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles 2014-03-01 05:30 - 2014-03-12 15:16 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-01 05:11 - 2014-03-12 15:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-01 05:10 - 2014-03-12 15:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-01 04:52 - 2014-03-12 15:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-01 04:51 - 2014-03-12 15:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-01 04:47 - 2014-03-12 15:16 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-01 04:43 - 2014-03-12 15:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-01 04:43 - 2014-03-12 15:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-01 04:40 - 2014-03-12 15:16 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-01 04:38 - 2014-03-12 15:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-01 04:38 - 2014-03-12 15:16 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-01 04:37 - 2014-03-12 15:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-01 04:31 - 2014-03-12 15:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-01 04:25 - 2014-03-12 15:16 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-01 04:16 - 2014-03-12 15:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-01 04:14 - 2014-03-12 15:16 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-01 04:03 - 2014-03-12 15:16 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-01 04:00 - 2014-03-12 15:16 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-01 03:57 - 2014-03-12 15:16 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-01 03:32 - 2014-03-12 15:16 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-01 03:27 - 2014-03-12 15:16 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-01 03:25 - 2014-03-12 15:16 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-28 21:06 - 2013-12-28 15:27 - 00002122 _____ () C:\Users\Udo\Desktop\Sicherer Zahlungsverkehr.lnk 2014-02-27 22:35 - 2012-01-01 22:39 - 00000000 ____D () C:\Users\Udo\AppData\Roaming\Applian FLV and Media Player 2014-02-27 09:25 - 2013-01-31 18:33 - 00002221 _____ () C:\Users\Public\Desktop\Dual Package.lnk 2014-02-23 22:28 - 2014-02-23 22:21 - 00014745 _____ () C:\Users\Udo\Desktop\A1-Notizen.ods 2014-02-23 18:24 - 2014-02-23 18:24 - 00000656 _____ () C:\Users\Udo\Desktop\Total Commander.lnk 2014-02-23 07:07 - 2013-04-13 09:19 - 00014674 _____ () C:\Users\Udo\Desktop\OpenDocument Tabellendokument (neu) (2).ods 2014-02-22 10:04 - 2014-02-21 15:18 - 00000000 ____D () C:\Users\Udo\AppData\Roaming\systweak 2014-02-22 10:02 - 2011-10-11 16:48 - 00000000 ____D () C:\Users\Udo\AppData\Local\Google 2014-02-22 10:02 - 2011-10-11 16:48 - 00000000 ____D () C:\Program Files\Google 2014-02-22 00:56 - 2012-11-19 18:19 - 00000000 ____D () C:\Users\Udo\Desktop\QuickTime 2014-02-22 00:39 - 2014-02-22 00:39 - 00001107 _____ () C:\Users\Public\Desktop\SystemTweaker.lnk 2014-02-21 23:44 - 2011-10-16 17:46 - 00000000 ____D () C:\Users\Udo\AppData\Roaming\FileZilla 2014-02-21 23:43 - 2011-01-22 15:38 - 00000000 ____D () C:\Windows\Minidump 2014-02-21 23:43 - 2011-01-15 21:15 - 00000000 ____D () C:\Windows\Panther 2014-02-21 23:33 - 2013-11-12 10:10 - 00000925 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-02-21 16:06 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-02-21 15:56 - 2014-02-21 15:56 - 00000022 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.zip 2014-02-21 12:31 - 2014-02-21 12:31 - 00000000 ____D () C:\Users\Udo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\concept design 2014-02-21 12:31 - 2014-02-21 12:31 - 00000000 ____D () C:\Users\Udo\AppData\Roaming\concept design 2014-02-21 12:31 - 2014-02-21 12:31 - 00000000 ____D () C:\Program Files\concept design 2014-02-21 09:21 - 2012-05-04 08:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-02-19 12:32 - 2012-12-29 23:50 - 00000000 ____D () C:\Users\Udo\.eclipse Files to move or delete: ==================== C:\Users\Udo\AppData\Roaming\CamLayout.ini C:\Users\Udo\AppData\Roaming\CamShapes.ini Some content of TEMP: ==================== C:\Users\Udo\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\Udo\AppData\Local\Temp\install_reader11_de_mssd_aaa_aih.exe C:\Users\Udo\AppData\Local\Temp\NEventMessages.dll C:\Users\Udo\AppData\Local\Temp\NOSEventMessages.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-20 08:28 ==================== End Of Log ============================ --- --- --- Die Ausgabe Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01 Ran by Udo at 2014-03-21 15:56:06 Running from F:\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Kaspersky PURE 3.0 (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} AS: Kaspersky PURE 3.0 (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky PURE 3.0 (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Agent Ransack 2010 (HKLM\...\Agent Ransack_is1) (Version: - ) Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon) Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Applian FLV and Media Player 3.1.1.12 (HKLM\...\Applian FLV and Media Player) (Version: 3.1.1.12 - Applian Technologies) Audio Recorder Pro 3.70 (HKLM\...\Audio Recorder Pro_is1) (Version: - ) AuthenTec Fingerprint Sensor Minimum Install (HKLM\...\{E815FB81-995F-4F33-8E25-F16712123AB7}) (Version: 7.9.2 - AuthenTec) AuthenTec TrueSuite (HKLM\...\{E6C44758-FF49-47D1-8182-65E3818ACE23}) (Version: 2.0.0.57 - AuthenTec, Inc.) AVM FRITZ!Box Dokumentation (HKLM\...\AVMFBox) (Version: - AVM Berlin) AVM FRITZ!Box Druckeranschluss (HKLM\...\AVMFBoxPrinter) (Version: - AVM Berlin) AVM FRITZ!fax für FRITZ!Box (HKLM\...\FRITZ! 2.0) (Version: - AVM Berlin) AVS Audio Converter 7 (HKLM\...\AVS Audio Converter_is1) (Version: - Online Media Technologies Ltd.) AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.) AVS Video Converter 8 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: - Online Media Technologies Ltd.) AVS4YOU Software Navigator 1.4 (HKLM\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.) Bing-Desktop (HKLM\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.171.0 - Microsoft Corporation) Bridge Base Online (HKLM\...\Bridge_Base_Online) (Version: - ) CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM\...\MyCamera Download Plugin) (Version: 3.1.0.1 - Canon Inc.) CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.8.0.1 - Canon Inc.) Canon Internet Library for ZoomBrowser EX (HKLM\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.7.0.1 - Canon Inc.) Canon iP3600 series Benutzerregistrierung (HKLM\...\Canon iP3600 series Benutzerregistrierung) (Version: - ) Canon iP3600 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3600_series) (Version: - ) Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.7.0.6 - Canon Inc.) Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.5.0.3 - Canon Inc.) Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.6.0.5 - Canon Inc.) Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - ) Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version: - ) Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version: - ) Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.6.0.23 - Canon Inc.) Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.4.0.4 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform) Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) concept/design onlineTV 10 (HKLM\...\{DCAB9AAC-1D1C-4B94-99B7-AA7D2617BD64}_is1) (Version: 10.0.0.50 - concept/design GmbH) ConvertHelper 2.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper) Cut Out 3.0 (HKLM\...\Cut Out_is1) (Version: - Franzis.de) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden Daub Ages! 1.53 (HKLM\...\Daub Ages) (Version: - ) Deutsche Post E-Porto (HKLM\...\{71504FB8-F84D-4B63-A97F-D6D5F0F0F410}) (Version: 2.1.0 - Deutsche Post AG) DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC) DriverNavigator 3.3.0 (HKLM\...\DriverNavigator_is1) (Version: 3.3.0.0 - Easeware) Dual Package (HKLM\...\{37365259-9D37-4FBE-9204-08B4034623B6}) (Version: 2.9 - LG Soft India Pvt Ltd) Dyn Updater (HKLM\...\DynUpdater) (Version: 4.1.10 - Dyn, Inc.) Easy Photo Sorter 3 version 3.1 (HKLM\...\{DDF4C374-DD87-493B-9B7A-26DEB4213B7E}_is1) (Version: 3.1 - EasySector) eXPert PDF 4 (HKLM\...\{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02}) (Version: 4.1.670.404 - Visage Software) Express Burn Disc Burning Software (HKLM\...\ExpressBurn) (Version: - NCH Software) Express Zip File Compression Software (HKLM\...\ExpressZip) (Version: - NCH Software) FastStone Capture 5.3 (HKLM\...\FastStone Capture) (Version: 5.3 - FastStone Soft) Feedback Tool (HKLM\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation) Feedback Tool (HKLM\...\{90024193-9F13-4877-89D5-A1CDF0CBBF28}) (Version: 1.1.0 - Microsoft Corporation) ffdshow [rev 3154] [2009-12-09] (HKLM\...\ffdshow_is1) (Version: 1.0 - ) FileZilla Client 3.7.3 (HKLM\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse) FLV Player 2.0 (build 25) (HKLM\...\FLV Player) (Version: 2.0 (build 25) - Martijn de Visser) Formatwandler 5 (HKLM\...\{CC5A25E6-7564-48FF-0001-D4DD055B2886}) (Version: 5.0.13.315 - S.A.D.) Free Hide IP (HKLM\...\FreeHideIP) (Version: 3.7.6.2 - ) Free YouTube to MP3 Converter version 3.12.16.1030 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.16.1030 - DVDVideoSoft Ltd.) FreeUndelete (HKLM\...\FreeUndelete) (Version: - ) GetFoldersize 2.5.24 (HKLM\...\GetFoldersize_is1) (Version: 2.5.24 - Michael Thummerer Software Design) Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden HDR Projects elements (32-Bit) (HKLM\...\HDR Projects elements_is1) (Version: 1.22 - Franzis Verlag GmbH) HoDoKu (HKLM\...\{9034E60F-2880-46CF-A7E8-E901A5A1EB98}) (Version: 2.1.3.1 - hobiwan) HWiNFO32 Version 4.36 (HKLM\...\HWiNFO32_is1) (Version: 4.36 - Martin Malík - REALiX) Inbox Toolbar (HKLM\...\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1) (Version: 1.0.0 - Inbox.com, Inc.) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Kaspersky PURE 3.0 (HKLM\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab) Kaspersky PURE 3.0 (Version: 13.0.2.558 - Kaspersky Lab) Hidden KeePass Password Safe 1.26 (HKLM\...\KeePass Password Safe_is1) (Version: 1.26 - Dominik Reichl) KeePass Password Safe 2.25 (HKLM\...\KeePassPasswordSafe2_is1) (Version: 2.25 - Dominik Reichl) KeyText v3 (HKLM\...\KeyText_is1) (Version: - MJMSoft Design) Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Camera Codec Pack (HKLM\...\{E00A6103-D9B3-4157-B5B3-487BFFA6F0A5}) (Version: 16.4.1734.1104 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Windows SDK for Windows 7 (7.1) (HKLM\...\SDKSetup_7.1.7600.0.30514) (Version: 7.1.7600.0.30514 - Microsoft Corporation) Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.30514 - Microsoft Corporation) Hidden Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1 - Nokia) Hidden Mobile Partner (HKLM\...\Mobile Partner) (Version: 16.002.03.00.706 - Huawei Technologies Co.,Ltd) Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla) Mozilla Thunderbird 24.3.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla) MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Musikalische Gehörbildung am PC 3.1 (HKLM\...\Musikalische Gehörbildung am PC 3.1_is1) (Version: 3.1 - Franzis Verlag) NirSoft Password Security Scanner (HKLM\...\NirSoft Password Security Scanner) (Version: - ) Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia) Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia) Nokia PC Suite (Version: 7.1.180.94 - Nokia) Hidden Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.8.48.0 - Nokia) Nokia Suite (Version: 3.8.48.0 - Nokia) Hidden NVIDIA 3D Vision Controller Driver (Version: 270.61 - NVIDIA Corporation) Hidden NVIDIA 3D Vision Controller-Treiber 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation) NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 1.6 - NVIDIA Corporation) NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden NVIDIA PhysX (Version: 9.13.0604 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation) NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden Open Object Rexx (HKLM\...\ooRexx) (Version: 4.1.0.6441 - Rexx Language Association) OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation) Oracle VM VirtualBox 4.1.8 (HKLM\...\{611E3800-CE31-4953-8AD4-5657B6EE7ACF}) (Version: 4.1.8 - Oracle Corporation) Password Safe and Repository 6 (HKLM\...\{10668AA3-490D-46C1-B606-A621451998EF}) (Version: 6.3.1.2132 - MATESO GmbH) PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia) Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.) Power Packet Utility (HKLM\...\{39C1C701-F81C-4B1D-B0B9-E93A7794BB7B}) (Version: 5.0.2 - Intellon) Prism Videodatei-Konverter (HKLM\...\Prism) (Version: - NCH Software) PSPad editor (HKLM\...\PSPad editor_is1) (Version: - Jan Fiala) Q-plus Bridge 11 (HKLM\...\Q-plus Bridge 11) (Version: - ) QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Readiris Pro 12 (HKLM\...\{B6214EA9-7BE8-4A91-B8B3-45F42F90188F}) (Version: 12.00.6209 - I.R.I.S.) REALTEK Bluetooth Driver (HKLM\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.9691.663.020613 - REALTEK Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6132 - Realtek Semiconductor Corp.) Renamer 1.1 (HKLM\...\Renamer_is1) (Version: - Mediachance.com) Security Task Manager 1.8g (HKLM\...\Security Task Manager) (Version: 1.8g - Neuber Software) Serif PagePlus X4 (HKLM\...\{2DC240EA-51B1-4CC4-A0E5-4E4399CD7302}) (Version: 14.0.0.017 - Serif (Europe) Ltd) Skype Toolbars (HKLM\...\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}) (Version: 5.0.4137 - Skype Technologies S.A.) Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Starry Night Pro (HKLM\...\Starry Night Pro) (Version: - ) Switch Audiodatei-Konverter (HKLM\...\Switch) (Version: - NCH Software) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.4.0 - Synaptics Incorporated) System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - ) SystemTweaker (HKLM\...\{DBB1F4ED-3212-4F58-A427-9C01DE4A24A5}_is1) (Version: 2.0.9.0 - Uniblue Systems Ltd) TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.22298 - TeamViewer) TechPowerUp GPU-Z (HKLM\...\TechPowerUp GPU-Z) (Version: - TechPowerUp) Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 7.56a - Ghisler Software GmbH) TrekStor i.Beat 115 (HKLM\...\{5DB4B051-33AB-45E9-BB3A-4C41784C12D7}) (Version: - ) TuneUp Utilities Language Pack (de-DE) (Version: 13.0.3020.2 - TuneUp Software) Hidden Ulead PhotoImpact 12 (HKLM\...\{11AFE21E-B193-430D-B57A-DFF7815BB962}) (Version: 12.0 - Ulead System) Ulead VideoStudio SE DVD (HKLM\...\{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}) (Version: 10.0 - Ulead Systems) Uniblue DriverScanner (HKLM\...\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1) (Version: 4.0.3.4 - Uniblue Systems Ltd) Uniblue PixelPerfect (HKLM\...\PixelPerfect_4281508C_4DA1_4d4e_81EB_725D55EC30DC_is1) (Version: - Uniblue) Uniblue PowerSuite (HKLM\...\{793A260C-CDBF-499C-ABBA-B51E8E076867}_is1) (Version: - Uniblue Systems Ltd) Uniblue RegistryBooster (HKLM\...\{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1) (Version: - Uniblue Systems Ltd) Uniblue SpeedUpMyPC (HKLM\...\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1) (Version: - Uniblue Systems Ltd) Uninstall (HKLM\...\{BC8751E0-8D6D-43A1-8D72-8B40CA760692}_is1) (Version: 2.2 - Blue Label Soft) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) USB Video Device (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.48200.117 - Sonix) USB2.0 Capture Device (HKLM\...\{E337B156-DF81-48D8-8977-B1574EE87BCF}) (Version: 1.0.3.0 - ) USB2.0 Grabber (HKLM\...\{45518B6D-9DDF-4144-83E4-A56762524F35}) (Version: 7.12.000.002 - Youyan) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden VirusTotal Uploader 2.0 (HKLM\...\VirusTotalUploader2.0) (Version: - ) Visual SlickEdit 8.0 (HKLM\...\Visual SlickEdit 8.0) (Version: - ) VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN) Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.5-3 - Wacom Technology Corp.) WebTablet FB Plugin 32 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.) Wi-Fi MediaConnect (HKLM\...\{AA58346A-A5D7-4659-91D6-38D07345BDCF}) (Version: 1.6.43 - Philips) windata 8 (HKLM\...\{0283DE3A-DC3B-410C-A0B1-504D5DC2C200}) (Version: 08.08.0000 - windata GmbH & Co.KG) Windows 7 Upgrade Advisor (HKLM\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation) Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Windows-Treiberpaket - Intel System (10/05/2012 9.1.9.1002) (HKLM\...\3F1645AB27EF7F0F0326BBA397D9235A669ECAA0) (Version: 10/05/2012 9.1.9.1002 - Intel) Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia) Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia) Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia) WinPcap 4.1.1 (HKLM\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies) WinSecurity (HKLM\...\WinSecurity) (Version: - ) WinZipper (HKLM\...\WinZipper) (Version: 1.4.8 - Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION XnView 1.99.5 (HKLM\...\XnView_is1) (Version: 1.99.5 - Gougelet Pierre-e) XnView Shell Extension 3.3.0 (HKLM\...\XnView Shell Extension_is1) (Version: 3.3.0 - Gougelet Pierre-e) Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation) Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 08-03-2014 05:16:36 Windows Update 11-03-2014 13:59:53 Windows Update 13-03-2014 08:27:39 Windows Update 16-03-2014 19:45:19 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 wurde installiert. 17-03-2014 03:50:23 Windows-Sicherung 17-03-2014 04:05:14 Entfernt Ulead PhotoImpact 17-03-2014 04:26:06 Installiert Ulead PhotoImpact 18-03-2014 06:07:46 Windows Update 19-03-2014 05:17:20 Windows Update ==================== Hosts content: ========================== 2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0602A028-7707-4379-B1B8-69670A2934FB} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation) Task: {082724A0-B165-41BE-BE11-A69C9CF42C7D} - System32\Tasks\RegistryBooster => C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe [2011-11-07] (Uniblue Systems Limited) Task: {08F03F89-7163-4292-9CF2-BEB5550C8ED0} - System32\Tasks\{2ED1B050-4EE0-4920-A54F-3451044283DF} => C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe [2013-11-11] (Kaspersky Lab ZAO) Task: {3254B4A8-DE13-4F59-A86E-CF31831F8103} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-01-23] (Google Inc.) Task: {3364AF97-3154-47DA-96EF-07800144C0C3} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-12-21] (Adobe Systems Incorporated) Task: {36796519-02FC-4FAC-A05C-FAEEA327BE93} - System32\Tasks\{11646AD0-BA62-4614-A0EC-49445D30A576} => Firefox.exe hxxp://ui.skype.com/ui/0/5.3.0.120/en/abandoninstall?page=tsChrome&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-installed;madedefault Task: {4A918B94-D01E-4B7F-AFD4-662E7FA79B4A} - System32\Tasks\NCH Software\prismShakeIcon => C:\Program Files\NCH Software\Prism\Prism.exe [2012-12-05] (NCH Software) Task: {52012F3F-DBF5-4A63-9921-A7DC4619BC72} - System32\Tasks\DriverNavigator Scheduled Scan => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe [2013-03-21] (Easeware) Task: {5E65487E-78AB-40A0-A679-7774DE726C79} - \BackgroundContainer Startup Task No Task File Task: {6D85D31D-D1F2-4CF8-A4F8-8D0A327C9335} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {6E51C17D-F61B-4333-B22C-0981D0F5087D} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files\Desk 365\desk365.exe <==== ATTENTION Task: {8433A3F7-131F-4BD7-8813-ECC1D0719E23} - System32\Tasks\{C865FC89-BA8F-4FEF-98D9-7A81DEE16FC7} => Firefox.exe hxxp://ui.skype.com/ui/0/6.7.0.102/de/go/help.faq.installer?source=lightinstaller&LastError=1618 Task: {8C12E06F-95E4-4A46-9F31-46BAF4DD8333} - System32\Tasks\NCH Software\ExpressBurnShakeIcon => C:\Program Files\NCH Software\ExpressBurn\ExpressBurn.exe [2012-03-23] (NCH Software) Task: {8E49A2A0-5D1A-4C04-941E-6A5AFFC87648} - System32\Tasks\{624A82E2-B3F8-47EA-BC20-9792FB9057AD} => Firefox.exe hxxp://ui.skype.com/ui/0/6.7.0.102/de/go/help.faq.installer?source=lightinstaller&LastError=1618 Task: {A0A8DDDB-774B-467E-B5A9-15CC2D57B02D} - System32\Tasks\InstallShield Software-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2004-04-17] (InstallShield Software Corporation) Task: {B525B6D3-FD89-448F-A52C-73F5B605EB94} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-17] (Adobe Systems Incorporated) Task: {C17535D8-8E0F-4256-BF2A-9B45FC61608B} - System32\Tasks\{95910F76-18AE-40AD-A07F-7B9D06814FF7} => Firefox.exe hxxp://g.msn.com/1ewdede70/SettingsTermUse Task: {C8DF263D-DD96-4C14-A652-D75416AAC95F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-01-23] (Google Inc.) Task: {C9B912A5-BE6B-48C5-A5B4-C591B9AFEE4F} - System32\Tasks\DivX-Online-Aktualisierungsprogramm => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2013-02-13] () Task: {D080128D-110B-432D-8CB7-D9A9EF7027CB} - System32\Tasks\InstallShield Software-Aktualisierungsdienst => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10] (InstallShield Software Corporation) Task: {D7FE66E7-D091-4B4E-A1BB-156AE15E9739} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {E1592539-C99E-4BC5-B7B1-B4DBFF16F23E} - System32\Tasks\NCH Software\expresszipShakeIcon => C:\Program Files\NCH Software\ExpressZip\ExpressZip.exe [2012-03-22] (NCH Software) Task: {E48ACEBF-0B1C-43F0-87A7-DDEC59B9099B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd) Task: {E64793B9-6C10-4A2D-A43A-40C08A74DFA9} - System32\Tasks\Omiga Plus RunAsStdUser => C:\Program Files\Omiga Plus\omigaplus.exe <==== ATTENTION Task: {F135BFCF-EB1D-4511-8FB2-DFA9F2321527} - System32\Tasks\{DE20B9CB-471C-4094-8000-DFABE041CF96} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.) Task: {FDA63626-19DA-407D-9DC4-2FB15147C26E} - System32\Tasks\EPUpdater => C:\Users\Udo\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DriverNavigator Scheduled Scan.job => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\RegistryBooster.job => C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe ==================== Loaded Modules (whitelisted) ============= 2011-01-17 15:51 - 2005-06-02 12:40 - 00014336 _____ () C:\Windows\System32\vsmon1.dll 2012-12-20 18:19 - 2012-12-20 18:19 - 00479752 _____ () C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll 2012-12-20 18:19 - 2012-12-20 18:19 - 01310728 _____ () C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll 2013-12-28 07:28 - 2013-10-23 08:19 - 00092448 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll 2013-08-07 20:25 - 2013-08-07 20:25 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll 2012-03-22 15:56 - 2012-03-22 15:56 - 00081408 _____ () C:\Program Files\NCH Software\ExpressZip\ezcm.dll 2011-01-20 17:29 - 2008-03-30 16:22 - 00070144 _____ () C:\Program Files\PSPad editor\PSPadShell.dll 2012-11-15 06:27 - 2012-10-23 16:39 - 01703936 _____ () C:\Program Files\XnView\ShellEx\XnViewShellExt.dll 2013-10-02 20:29 - 2013-10-02 20:29 - 08507232 _____ () C:\Program Files\Nokia\Nokia Suite\QtGui4.dll 2013-10-02 20:29 - 2013-10-02 20:29 - 02354016 _____ () C:\Program Files\Nokia\Nokia Suite\QtCore4.dll 2013-10-02 20:29 - 2013-10-02 20:29 - 01014624 _____ () C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll 2013-10-02 20:29 - 2013-10-02 20:29 - 00364384 _____ () C:\Program Files\Nokia\Nokia Suite\QtXml4.dll 2013-10-02 20:29 - 2013-10-02 20:29 - 02480992 _____ () C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll 2013-10-02 20:29 - 2013-10-02 20:29 - 01346912 _____ () C:\Program Files\Nokia\Nokia Suite\QtScript4.dll 2013-10-02 20:29 - 2013-10-02 20:29 - 00206176 _____ () C:\Program Files\Nokia\Nokia Suite\QtSql4.dll 2013-10-02 20:29 - 2013-10-02 20:29 - 02653024 _____ () C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll 2013-10-02 20:29 - 2013-10-02 20:29 - 00033120 _____ () C:\Program Files\Nokia\Nokia Suite\imageformats\qgif4.dll 2013-10-02 20:29 - 2013-10-02 20:29 - 00035680 _____ () C:\Program Files\Nokia\Nokia Suite\imageformats\qico4.dll 2013-10-02 20:29 - 2013-10-02 20:29 - 00207200 _____ () C:\Program Files\Nokia\Nokia Suite\imageformats\qjpeg4.dll 2013-10-02 20:29 - 2013-10-02 20:29 - 11166560 _____ () C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll 2013-10-02 20:30 - 2013-10-02 20:30 - 00276832 _____ () C:\Program Files\Nokia\Nokia Suite\phonon4.dll 2013-04-15 13:26 - 2013-04-15 13:26 - 00391600 _____ () C:\Program Files\Nokia\Nokia Suite\ssoengine.dll 2013-04-15 13:26 - 2013-04-15 13:26 - 00059280 _____ () C:\Program Files\Nokia\Nokia Suite\securestorage.dll 2013-10-02 20:28 - 2013-10-02 20:28 - 00438624 _____ () C:\Program Files\Nokia\Nokia Suite\NService.dll 2013-10-02 20:29 - 2013-10-02 20:29 - 00446304 _____ () C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll 2013-10-02 20:29 - 2013-10-02 20:29 - 00520544 _____ () C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll 2013-10-02 20:29 - 2013-10-02 20:29 - 00720736 _____ () C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll 2013-10-02 20:28 - 2013-10-02 20:28 - 00606560 _____ () C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll 2013-10-02 20:30 - 2013-10-02 20:30 - 00093024 _____ () C:\Program Files\Nokia\Nokia Suite\qjson.dll 2013-01-31 22:41 - 2011-06-01 23:49 - 00061952 _____ () C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\MouseHook.dll 2013-01-31 18:32 - 2011-04-01 23:07 - 00003584 _____ () C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\GerRes.dll 2014-02-27 09:25 - 2011-04-20 17:10 - 00024576 _____ () C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\TestDDCCI.exe 2013-01-31 22:41 - 2011-04-16 19:02 - 00049152 _____ () C:\Windows\system32\LGErrorHandler.dll 2012-12-20 18:19 - 2012-12-20 18:19 - 00093192 _____ () C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avpapplication.dll 2013-10-31 17:54 - 2013-10-31 17:54 - 00555832 _____ () C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\sqlite3.dll 2014-03-17 05:26 - 2004-07-26 17:11 - 00028672 ____N () C:\Program Files\Common Files\Ulead Systems\AutoDetector\DetMethod.dll 2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL 2006-05-04 06:58 - 2006-05-04 06:58 - 00622592 _____ () C:\Program Files\Visagesoft\eXPert PDF\eXPertPDFAddIn.dll 2006-05-04 06:58 - 2006-05-04 06:58 - 01330176 _____ () C:\Program Files\Visagesoft\eXPert PDF\vsword2pdf100.bpl 2006-03-02 19:57 - 2006-03-02 19:57 - 00383488 _____ () C:\Program Files\Visagesoft\eXPert PDF\visage100.bpl 2006-05-04 06:58 - 2006-05-04 06:58 - 03014656 _____ () C:\Program Files\Visagesoft\eXPert PDF\vspdfcore100.bpl 2005-12-26 13:20 - 2005-12-26 13:20 - 02098176 _____ () C:\Program Files\Visagesoft\eXPert PDF\PKIECtrl100.bpl 2006-05-04 06:58 - 2006-05-04 06:58 - 01026048 _____ () C:\Program Files\Visagesoft\eXPert PDF\vsvector100.bpl 2006-05-04 06:58 - 2006-05-04 06:58 - 00237056 _____ () C:\Program Files\Visagesoft\eXPert PDF\expertpdf4core.bpl 2006-03-02 19:55 - 2006-03-02 19:55 - 00089088 _____ () C:\Program Files\Visagesoft\eXPert PDF\vsmisc100.bpl 2006-03-02 20:39 - 2006-03-02 20:39 - 01844224 _____ () C:\Program Files\Visagesoft\eXPert PDF\te100.bpl 2006-05-04 06:58 - 2006-05-04 06:58 - 00230912 _____ () C:\Program Files\Visagesoft\eXPert PDF\vspdfeditor100.bpl 2006-03-02 20:33 - 2006-03-02 20:33 - 00444928 _____ () C:\Program Files\Visagesoft\eXPert PDF\VirtualTree100.bpl 2006-05-04 06:58 - 2006-05-04 06:58 - 01239040 _____ () C:\Program Files\Visagesoft\eXPert PDF\vspdfdialogs100.bpl 2006-03-02 20:28 - 2006-03-02 20:28 - 00139776 _____ () C:\Program Files\Visagesoft\eXPert PDF\uoolep100.bpl 2006-04-15 06:34 - 2006-04-15 06:34 - 00568320 _____ () C:\Program Files\Visagesoft\eXPert PDF\TMSlite100.bpl 2006-03-02 20:01 - 2006-03-02 20:01 - 00071168 _____ () C:\Program Files\Visagesoft\eXPert PDF\VSDesktop100.bpl 2013-09-20 12:50 - 2013-09-20 12:50 - 00988160 _____ () C:\Program Files\OpenOffice 4\program\libxml2.dll 2013-09-17 03:54 - 2013-09-17 03:54 - 00170496 _____ () C:\Program Files\OpenOffice 4\program\libxslt.dll 2013-09-17 03:54 - 2013-09-17 03:54 - 00136192 _____ () C:\Program Files\OpenOffice 4\program\libxmlsec-mscrypto.dll 2013-09-17 03:54 - 2013-09-17 03:54 - 00303616 _____ () C:\Program Files\OpenOffice 4\program\libxmlsec.dll 2013-12-11 14:14 - 2014-02-06 20:49 - 03019376 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll 2013-12-11 14:14 - 2014-02-06 20:49 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll 2013-12-11 14:14 - 2014-02-06 20:49 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll 2013-11-16 06:42 - 2014-02-19 01:26 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2007-02-12 20:51 - 2007-02-12 20:51 - 01111552 _____ () C:\Program Files\FastStone Capture\FSCapture.exe 2013-06-17 10:47 - 2013-06-17 10:47 - 00181928 _____ () C:\Program Files\WinZipper\libpng.dll 2014-03-17 07:28 - 2014-03-17 07:28 - 16276872 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\Udo\Desktop\Nachricht zu Petition Besserer Schutz der Bevölkerung des Rhein-Main-Gebietes vor Fluglärmbelastung.eml:OECustomProperty AlternateDataStreams: C:\Users\Udo\Desktop\Vertretung Schiller 11 und Ihre Skizze.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service" ==================== Disabled items from MSCONFIG ============== MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AVP => 2 MSCONFIG\Services: AvrcpService => 2 MSCONFIG\Services: BTDevManager => 2 MSCONFIG\Services: CSObjectsSrv => 2 MSCONFIG\Services: Dyn Updater => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: IDriverT => 3 MSCONFIG\Services: MBAMScheduler => 2 MSCONFIG\Services: MBAMService => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: NVSvc => 2 MSCONFIG\Services: nvUpdatusService => 2 MSCONFIG\Services: rpcapd => 3 MSCONFIG\Services: RtkBleServ => 2 MSCONFIG\Services: RXAPI => 2 MSCONFIG\Services: ServiceLayer => 3 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: Stereo Service => 2 MSCONFIG\Services: TeamViewer8 => 2 MSCONFIG\Services: UleadBurningHelper => 2 MSCONFIG\Services: winzipersvc => 2 MSCONFIG\Services: WTabletServicePro => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dual Package.lnk => C:\Windows\pss\Dual Package.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dyn Updater Tray Icon.lnk => C:\Windows\pss\Dyn Updater Tray Icon.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Wi-Fi MediaConnect.lnk => C:\Windows\pss\Wi-Fi MediaConnect.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^windata 8 Zahlungserinnerung.lnk => C:\Windows\pss\windata 8 Zahlungserinnerung.lnk.CommonStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: AVP => "C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" MSCONFIG\startupreg: BingDesktop => C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe /fromkey MSCONFIG\startupreg: BtServer => "C:\Program Files\REALTEK\Realtek Bluetooth\BTServer.exe" MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe MSCONFIG\startupreg: ISUSScheduler => "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files\KeePass Password Safe 2\KeePass.exe" --preload MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /FORPCEE3 MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun MSCONFIG\startupreg: Spy Protector => C:\Program Files\Security Task Manager\SpyProtector.exe /autostart MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe MSCONFIG\startupreg: tsnp2uvc => C:\Windows\tsnp2uvc.exe MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe" ==================== Faulty Device Manager Devices ============= Name: Microsoft-Teredo-Tunneling-Adapter Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: MpKsl53637a02 Description: MpKsl53637a02 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: MpKsl53637a02 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: MpKsl543ed90e Description: MpKsl543ed90e Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: MpKsl543ed90e Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (03/17/2014 05:54:27 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: Iedit_.exe, Version: 12.0.0.0, Zeitstempel: 0x45825ed8 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x117e2a20 ID des fehlerhaften Prozesses: 0x14a8 Startzeit der fehlerhaften Anwendung: 0xIedit_.exe0 Pfad der fehlerhaften Anwendung: Iedit_.exe1 Pfad des fehlerhaften Moduls: Iedit_.exe2 Berichtskennung: Iedit_.exe3 Error: (03/17/2014 05:26:06 AM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {84d806cf-79d2-4930-8eb4-2854ae593147} Error: (03/17/2014 05:16:04 AM) (Source: Microsoft-Windows-User Profiles Service) (User: NT-AUTORITÄT) Description: Die Klassenregistrierungsdatei kann nicht geladen werden. DETAIL - Das System kann die angegebene Datei nicht finden. Error: (03/17/2014 05:05:12 AM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {cde06a47-a3a8-4580-945d-c529d0198380} Error: (03/16/2014 06:55:59 PM) (Source: Application Hang) (User: ) Description: Programm Start.exe, Version 1.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 173c Startzeit: 01cf4140b13ca796 Endzeit: 37 Anwendungspfad: C:\Users\Udo\AppData\Local\Temp\is-V6R9E.tmp\Start.exe Berichts-ID: 2fe2984d-ad34-11e3-9fe9-001a7dda7109 Error: (03/16/2014 06:41:27 PM) (Source: Application Hang) (User: ) Description: Programm Start.exe, Version 1.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1f38 Startzeit: 01cf413e795c4c2f Endzeit: 27 Anwendungspfad: C:\Users\Udo\AppData\Local\Temp\is-QKRJ4.tmp\Start.exe Berichts-ID: 29c6aea3-ad32-11e3-9fe9-001a7dda7109 Error: (03/16/2014 00:49:52 PM) (Source: Application Hang) (User: ) Description: Programm xnview.exe, Version 1.99.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 18f4 Startzeit: 01cf410cf384e01b Endzeit: 28 Anwendungspfad: C:\Program Files\XnView\xnview.exe Berichts-ID: 073c7bb9-ad01-11e3-9fe9-001a7dda7109 Error: (03/16/2014 07:24:57 AM) (Source: eXPert PDF) (User: ) Description: eXPert PDF Printer driverreported the following error:<<< WriteMailSlot: FAILED SlotName=\\.\mailslot\VSPDFDRV_Udo, Code=6>>> Error: (03/16/2014 07:24:55 AM) (Source: eXPert PDF) (User: ) Description: eXPert PDF Printer driverreported the following error:<<< DrvDocumentEvent: Waitingevent timeout, eventname=expertpdfstartup_Udo>>> Error: (03/14/2014 00:05:34 PM) (Source: Microsoft-Windows-User Profiles Service) (User: NT-AUTORITÄT) Description: Die Klassenregistrierungsdatei kann nicht geladen werden. DETAIL - Das System kann die angegebene Datei nicht finden. System errors: ============= Error: (03/17/2014 09:01:48 AM) (Source: DCOM) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (03/17/2014 00:26:22 AM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (03/14/2014 00:02:58 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 14.03.2014 um 12:01:15 unerwartet heruntergefahren. Error: (03/12/2014 02:57:18 PM) (Source: DCOM) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (03/09/2014 11:33:06 AM) (Source: BTHUSB) (User: ) Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error: (03/08/2014 06:04:27 AM) (Source: DCOM) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (03/05/2014 09:57:43 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: %%-2147014847 Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-03-12 23:43:42.384 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-12 23:43:42.381 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-12 23:43:42.378 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-12 23:43:42.368 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-12 23:43:42.364 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-12 23:43:42.361 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-12 23:43:42.333 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-12 23:43:42.330 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-12 23:43:42.326 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-12 23:43:42.315 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 72% Total physical RAM: 3070.43 MB Available physical RAM: 852.58 MB Total Pagefile: 6138.72 MB Available Pagefile: 2327.72 MB Total Virtual: 2047.88 MB Available Virtual: 1889.14 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:241.11 GB) (Free:172.59 GB) NTFS Drive f: (Daten) (Fixed) (Total:48.83 GB) (Free:25.08 GB) NTFS Drive g: (Recovery) (Fixed) (Total:175.72 GB) (Free:34.33 GB) NTFS Drive i: () (Removable) (Total:1.88 GB) (Free:0.45 GB) FAT Drive k: (INTENSO) (Fixed) (Total:345.57 GB) (Free:130.66 GB) NTFS Drive l: (INTENSO 2) (Fixed) (Total:292.97 GB) (Free:28.5 GB) NTFS Drive o: (INTENSO 3) (Fixed) (Total:195.31 GB) (Free:119.89 GB) NTFS Drive p: (PVRbu) (Fixed) (Total:97.66 GB) (Free:91.82 GB) NTFS Drive z: (FRITZ.NAS) (Network) (Total:7.46 GB) (Free:5.25 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 3B09EC94) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=241 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=49 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=176 GB) - (Type=OF Extended) ======================================================== Disk: 1 (Size: 2 GB) (Disk ID: 69737369) No partition Table on disk 1. ======================================================== Disk: 2 (Size: 932 GB) (Disk ID: 36D1AB79) Partition 1: (Not Active) - (Size=346 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=293 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=195 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=98 GB) - (Type=OF Extended) ==================== End Of Log ============================ Schritt 3: Die Ausführung von der GMER.exe sorgte zwar für Irritationen, aber gelang schlussendlich. *** Die Beschreibung sagt, ich solle GMER starten, aber sie lief sofort los und lies sich auch nicht stoppen, damit ich die Korrekturen der Häkchen machen könnte. Es dauerte aber nicht lange, dann blieb sie doch stehen, ich konnte die Häkchen richtig stellen und jetzt den Scan mit Scan starten. GMER lief ein ein paar Minuten und blieb dann stehen, dachte ich zumindest. Es könnte aber auch lediglich ein Wechsel der Anzeigegeschwindigkeit gewesen sein, der von rasend schnellen Ausgabewechseln in minutenlanges Standbild gewechselt hat. Ich dachte, es könne dann doch der Startablauf gewesen sein und startete GMER noch einmal. Wieder lief es von selber los und blieb nach kurzer Zeit erwartungsgemäß stehen. Haken gesetzt, Scan gedrückt, dann lief GMER weiter. Aber auch dieser Lauf endete, dieses Mal ganz sicher, denn das Ende war der blue screen. (STOP: 0x..0A (0x..00 , 0x..0FF , 0x..00 , 0x84C474B2 ). Noch ein dritter Versuch, ohne Haken vor DEVICES. Dieser Lauf kam zu einem Ende, allerdings lief er Stunden ! Die Nacht hatte ich dabei auch nicht zum Schlafen nutzen können. Ich erwähne das nur, damit sich niemand über die time stamps wundert. Gmer.txt: Leider zu groß, um als CODE angezeigt werden zu können. Bitte geben Sie mir Instruktionen, was ich machen soll, denn ohne Aufforderung soll ich ja keine Anhänge hinzufügen. Schritt 4: Ich habe mit meinem AVP Kaspersky PURE 3.0 den Fehler in einem full trace eingefangen. Die beiden dabei erzeugten Dateien sind encoded und unlesbar. Sie als CODE hier anzugeben ist sinnlos. Bitte auch Instruktionen geben. Ich glaube jedoch, dass es mir gelingen könnte, eine Interpretation vom Kaspersky Lab zu bekommen, sollten wir das benötige. Ich hebe die Dateien auf, falls der Fehler seltener als jetzt auftreten sollte. Die Dateien sind außerdem 67MB groß. Da müsste ich eine Umgehung der Grenzen genannt bekommen. Sonst habe ich keine weiteren Problem relevante Logs. Hier die Ausgaben von CPU Report von UDO-PC.txt : Die Datei ist mit 86KB zu groß, um als CODE gelistet werden zu können. Bitte geben Sie mir die Anweisung, was ich tun soll. .. und GPU-Z Sensor Log.txt : Code:
ATTFilter Date , GPU Core Clock [MHz] , GPU Memory Clock [MHz] , GPU Shader Clock [MHz] , GPU Temperature [°C] , Memory Used [MB] , GPU Load [%] , Memory Controller Load [%] , Video Engine Load [%] , 2014-03-23 22:47:44 , 400.0 , 601.7 , 800.0 , 76.0 , 109 , 0 , 11 , 0 , 2014-03-23 22:47:45 , 400.0 , 601.7 , 800.0 , 76.0 , 107 , 6 , 14 , 0 , 2014-03-23 22:47:46 , 400.0 , 601.7 , 800.0 , 76.0 , 107 , 0 , 11 , 0 , 2014-03-23 22:47:48 , 400.0 , 601.7 , 800.0 , 76.0 , 107 , 0 , 11 , 0 , Auch diese Bilder lasse ich jetzt noch weg, sende sie aber gerne, wenn Sie mir die entsprechenden Anweisungen dazu geben. Ich hoffe, alles richtig gemacht zu haben, bedanke mich, dass Sie mir helfen wollen, die Plagen wieder los zu werden. Mit vielen Grüßen ilamo Geändert von ilamo (24.03.2014 um 09:47 Uhr) Grund: Die IMG wurden nicht angezeigt, ich hatte das http:// gelöscht gehabt. |
Themen zu Windows 7: Firefox wird von rvzr-a.akamaihd.net , gefolgt von <... mehr> attackiert |
100%, 4d36e972-e325-11ce-bfc1-08002be10318, der lokale bluetooth-adapter ist aus einem unbekannten grund fehlgeschlagen, desktop, device driver, dvdvideosoft ltd., ebanking, failed, flash player, frage, iexplore.exe, kaspersky, omiga plus, pup.optional.conduit, pup.optional.crossrider.a, pup.optional.desk365.a, pup.optional.e7, pup.optional.esafe.a, pup.optional.iminent, pup.optional.iminent.a, pup.optional.inbox, pup.optional.inboxtoolbar.a, pup.optional.pcperformer.a, pup.optional.plushd.a, pup.optional.pricegong.a, pup.optional.qvo6.a, realtek, security, svchost.exe, trojaner, virtualbox, windows |