| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Rechner verschickt emailsWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.04.2014, 07:37
| #1 |
 |  Rechner verschickt emails Hallo, mein Rechner verschickt ohne meine Zutun emails. Das merke ich, wenn ich Rückläufer auf mein emailkonto erhalte mit dem Absender "Systemadministrator" und dem Betreff "Unzustellbar". In dieser email finde ich dann email-Adressen die ich nicht kenne und denen ich auch keine email geschickt habe. Im Absender der ursprünglichen email ist dann ein mir unbekannter Name, in Klammern folgt dann aber mein email-konto. Das ganze muss wohl jetzt auch schon in gewissen Umfang stattfinden. Die zugestellten emails an reale Adressen kann ich nicht feststellen. Auf meiner Rechner (Vista) nutze ich outlook 2007. Versende ich hier eine email an eine mir bekannte Adresse erhalte ich auch die Fehlermeldung unzustellbar. Wenn ich über den Web-Zugang von T-online gehe, bei denen ich den account habe, erhalte ich den Hinweis, dass ich nicht mehr als 100 emails pro Tag versenden darf. Mit diesen Problemen habe ich keine Erfahrung. Ist das nun ein Trojaner oder ein anderer Schädling? und vor allem wie kann ich ihn erkennen und beseitigen. VG Georg Walk |
|
07.04.2014, 09:00
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Rechner verschickt emails Hallo und
__________________ 1. dein Rechner muss nicht befallen sein, es ist gut möglich, dass Spammer einfach nur ihre Absendeadresse fälschen und einfach deine Mailadresse als Absender nehmen 2. welchen Mailclient du auf deinem Rechner nutzt ist völlig latte, falls dein Rechner verseucht ist, wird kein Spammer als Voraussetzung Outlook oder so nehmen, Schädlinge haben ihre eigene SMTP-Engine 3. falls keine Absendeadressfälschung vorliegt kann es einfach nur sein, dass dein Mailacc gehackt wurde. Einfach mal das Passwort ändern. Und nimm ein sicheres, lass dir zB mit KeePass eins generieren mit min. zehn Zeichen und verwende dieses neue Passwort nicht für andere Dienste! 4. falls dein Rechner verseucht ist: Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
 Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
07.04.2014, 18:13
| #3 |
| | Rechner verschickt emails Hallo,
__________________wie angefordert die Infos: das Tool Adware habe ich auch laufen lassen und einige Dateien und Ordner die gefunden wurden entfernen lassen. Nur bei dem File "roboot.exe" war ich unsicher. Dann die anderen Infos, zunächst das Ergebnis von Winzip/Malware Protector (war ein XML-File): Nico Mak Computing WinZip Malware Protector Datum der Überprüfung Montag, 7. April 2014 Datenbankversion 1743 Gefundene Elemente insgesamt 12 Überprüfte Objekte: 293103 Abgelaufene Zeit: 00:27:42 Name Gefundene Elemente Name der Infektion trojan.dropper Kategorie Trojan Bedrohungsstufe Severe Durchgeführte Aktion NoActionTaken Elemente gefunden 1 Gefundener Bereich FileSystem Details Dateiname c:\users\admin\appdata\local\temp\quarantine.exe MD5 0 Signatur 1590103777681049339 Md5hash: b1fb2c3bdfc20f840b9908d37896b313 Name der Infektion adware.lollipop Kategorie Adware Bedrohungsstufe High Durchgeführte Aktion NoActionTaken Elemente gefunden 1 Gefundener Bereich FileSystem Details Dateiname c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\soil3u0u\wajam_update[2].004 MD5 14741027010649956244 Signatur 0 Md5hash: 8d24a9fe522447db2da1f7d6ad3aa932 Name der Infektion malware.agent Kategorie Generic Malware Bedrohungsstufe High Durchgeführte Aktion NoActionTaken Elemente gefunden 4 Gefundener Bereich FileSystem Details Dateiname c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\tff4iy21\wajam_update[1].001 MD5 2302078761100121658 Signatur 0 Md5hash: 192fa674fb0e105304158f660bf7629f Gefundener Bereich FileSystem Details Dateiname c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\tff4iy21\wajam_update[1].exe MD5 2302078761100121658 Signatur 0 Md5hash: 192fa674fb0e105304158f660bf7629f Gefundener Bereich FileSystem Details Dateiname c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\utsda3ys\wajam_update[1].001 MD5 2302078761100121658 Signatur 0 Md5hash: 192fa674fb0e105304158f660bf7629f Gefundener Bereich FileSystem Details Dateiname c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\znaewxxp\wajam_update[2].exe MD5 2302078761100121658 Signatur 0 Md5hash: 192fa674fb0e105304158f660bf7629f Name der Infektion pup.optional Kategorie Potentially Unwanted Application Bedrohungsstufe High Durchgeführte Aktion NoActionTaken Elemente gefunden 4 Gefundener Bereich FileSystem Details Dateiname c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\tff4iy21\wajam_update[1].003 MD5 6595243456089637493 Signatur 0 Md5hash: 3068b52cd395860cab92b368f4a0bcca Gefundener Bereich FileSystem Details Dateiname c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\utsda3ys\wajam_update[1].003 MD5 6595243456089637493 Signatur 0 Md5hash: 3068b52cd395860cab92b368f4a0bcca Gefundener Bereich FileSystem Details Dateiname c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\znaewxxp\wajam_update[1].003 MD5 6595243456089637493 Signatur 0 Md5hash: 3068b52cd395860cab92b368f4a0bcca Gefundener Bereich FileSystem Details Dateiname c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\znaewxxp\wajam_update[1].007 MD5 17961425248907406177 Signatur 0 Md5hash: b822def105b586f117746ad7bfd43a69 Name der Infektion malware.gen Kategorie Generic Malware Bedrohungsstufe High Durchgeführte Aktion NoActionTaken Elemente gefunden 1 Gefundener Bereich FileSystem Details Dateiname c:\windows\system32\driverstore\filerepository\snpstd2.inf_5cbb4ec7\vsnpstd2.exe MD5 0 Signatur 3509407310154451024 Md5hash: 1e61596140ec9cca62e3a7a6ab51159a Name der Infektion exploit.renos Kategorie Security Exploit Bedrohungsstufe Medium Durchgeführte Aktion NoActionTaken Elemente gefunden 1 Gefundener Bereich RegistryValueData Details Registrierungsschlüssel hkey_local_machine software\microsoft\internet explorer\main start page © 2013 WinZip International LLC. All rights reserved. dann der Inhalt der beiden Files FRST-txt dann Addition.txt von FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by Admin (administrator) on DELL-DIM-E520 on 07-04-2014 18:54:13
Running from C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VOA24NC5
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
() C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\sqlservr.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
() C:\Windows\system32\PSIService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(SigmaTel, Inc.) C:\Windows\system32\STacSV.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
() C:\Windows\FixCamera.exe
() C:\Windows\vsnpstd3.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Dell) C:\Users\Admin\AppData\Local\Apps\2.0\GH3DTNQ5.DB9\7RW983T5.A4G\dell..tion_0f612f649c4a10af_0005.0006_f9e15713f5aac8ac\DellSystemDetect.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe
(Dropbox, Inc.) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Deutsche Telekom AG) C:\Program Files\Telekom\Sync-Plus\Sync-PlusTool.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Nico Mak Computing) C:\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [151552 2006-09-29] (Intel Corporation)
HKLM\...\Run: [ATICCC] - C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [90112 2006-07-11] ()
HKLM\...\Run: [RoxWatchTray] - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [221184 2006-11-05] (Sonic Solutions)
HKLM\...\Run: [FaxCenterServer] - C:\Program Files\Dell PC Fax\fm3032.exe [312200 2006-11-03] ()
HKLM\...\Run: [FixCamera] - C:\Windows\FixCamera.exe [20480 2007-07-11] ()
HKLM\...\Run: [snpstd3] - C:\Windows\vsnpstd3.exe [835584 2007-05-10] ()
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1983816 2009-07-27] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (CANON INC.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-05-06] (SigmaTel, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1690639883-1602079938-3287190603-1000\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1690639883-1602079938-3287190603-1000\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-1690639883-1602079938-3287190603-1000\...\Run: [DellSystemDetect] - C:\Users\Admin\AppData\Local\Apps\2.0\GH3DTNQ5.DB9\7RW983T5.A4G\dell..tion_0f612f649c4a10af_0005.0006_f9e15713f5aac8ac\DellSystemDetect.exe [258160 2014-04-06] (Dell)
HKU\S-1-5-21-1690639883-1602079938-3287190603-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1690639883-1602079938-3287190603-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1690639883-1602079938-3287190603-1000\...\MountPoints2: ##Dell-dim-e520#e - Z:\setup.EXE /AUTORUN
HKU\S-1-5-21-1690639883-1602079938-3287190603-1000\...\MountPoints2: {04f8bfec-03d0-11dc-9d63-806e6f6e6963} - E:\syngo_fV.exe /autorun
HKU\S-1-5-21-1690639883-1602079938-3287190603-1000\...\MountPoints2: {04f8bfed-03d0-11dc-9d63-806e6f6e6963} - F:\start.exe /auto
HKU\S-1-5-21-1690639883-1602079938-3287190603-1000\...\MountPoints2: {67046b03-f793-11df-b82e-8000600fe800} - L:\DPFMate.exe
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sync-Plus.lnk
ShortcutTarget: Sync-Plus.lnk -> C:\Program Files\Telekom\Sync-Plus\Start.exe (Deutsche Telekom AG)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {565515EB-44B6-7C1D-1738-38655AB28CA5} URL = hxxp://search.myheritage.com?orig=ds&q={searchTerms}
SearchScopes: HKLM - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtCyCtAyC0DyC0CyB0AtDtDtN0D0Tzu0CyDyEyBtN1L2XzutBtFtBtFtCtFyDyByEtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2126551190&ir=
SearchScopes: HKCU - {565515EB-44B6-7C1D-1738-38655AB28CA5} URL =
SearchScopes: HKCU - {9DCECDAF-EC28-4DA6-BBB7-36722F047A47} URL = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
SearchScopes: HKCU - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: No Name - {78875F5C-A685-4405-8DC5-D48DC65452B0} - No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Germany GmbH)
BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Germany GmbH)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Germany GmbH)
Toolbar: HKCU - No Name - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxp://support.euro.dell.com/systemprofiler/SysProExe.CAB
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44d23gv6.default
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=1.6.0_33 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.652 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.652 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44d23gv6.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-06-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-20]
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
Chrome:
=======
CHR HomePage: hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=4AE60019D1636D6C&affID=128492&tt=300314_16&tsp=5204
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\gcswf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files\real\realplayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-26]
CHR Extension: (Google-Suche) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-26]
CHR Extension: (RealDownloader) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-01-06]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-19]
CHR Extension: (Google Mail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-26]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
========================== Services (Whitelisted) =================
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S2 gupdate1c9b35cc6bdf230; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-04-02] (Google Inc.)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
R2 MSSQL$SERVEREXP2008; c:\Program Files\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\sqlservr.exe [43028328 2011-09-22] (Microsoft Corporation)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG)
U2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [174656 2006-11-02] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S4 SQLAgent$SERVEREXP2008; c:\Program Files\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\SQLAGENT.EXE [370024 2011-09-22] (Microsoft Corporation)
R2 STacSV; C:\Windows\system32\STacSV.exe [94208 2007-05-06] (SigmaTel, Inc.)
R2 StarMoney 7.0 OnlineUpdate; C:\Program Files\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [663184 2014-01-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
==================== Drivers (Whitelisted) ====================
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 APL531; C:\Windows\System32\Drivers\ov550i.sys [580992 2012-01-05] (Omnivision Technologies, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-05-11] ()
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [24216 2010-03-10] (Initio Corporation)
S3 KMWDFilter; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [23944 2007-04-29] (Windows (R) Codename Longhorn DDK provider)
R3 mf; C:\Windows\System32\DRIVERS\mf.sys [109056 2008-01-18] (Microsoft Corporation)
R3 NmPar; C:\Windows\System32\DRIVERS\NmPar.sys [81408 2006-12-19] (Windows (R) Codename Longhorn DDK provider)
S4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10498688 2009-06-22] (Sonix Co. Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-05-06] (SigmaTel, Inc.)
R3 TelekomNM3; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R1 tStLibG; C:\Windows\System32\drivers\tStLibG.sys [55224 2014-03-26] (StdLib)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S2 DETEWECP; \SystemRoot\System32\drivers\detewecp.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 ulisa; System32\Drivers\ulisa.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-07 18:54 - 2014-04-07 18:54 - 00000000 ____D () C:\FRST
2014-04-07 08:44 - 2014-04-07 08:44 - 00000988 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-04-07 08:44 - 2014-04-07 08:44 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Nico Mak Computing
2014-04-07 08:44 - 2014-04-07 08:44 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-04-07 08:44 - 2014-04-07 08:44 - 00000000 ____D () C:\Program Files\WinZip Malware Protector
2014-04-07 08:44 - 2013-03-15 17:01 - 00016384 _____ () C:\Windows\system32\wsusnative32.exe
2014-04-06 20:12 - 2014-04-06 20:13 - 00000000 __HDC () C:\ProgramData\{BA58D0EE-89D1-4191-9F19-B6AD920B04F7}
2014-04-06 20:12 - 2014-04-06 20:12 - 00000916 _____ () C:\Users\Public\Desktop\Netzmanager.lnk
2014-04-04 21:23 - 2014-04-06 20:58 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-04-04 21:23 - 2014-04-06 20:02 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-04-04 21:23 - 2014-04-06 20:02 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-04-04 21:22 - 2014-04-04 21:31 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-04 21:22 - 2014-04-04 21:22 - 00001960 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-04 21:22 - 2014-04-04 21:22 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-04-04 21:22 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2014-04-01 21:03 - 2014-04-06 21:00 - 00000000 ___RD () C:\Users\Admin\Dropbox
2014-04-01 21:03 - 2014-04-01 21:03 - 00000988 _____ () C:\Users\Admin\Desktop\Dropbox.lnk
2014-04-01 21:02 - 2014-04-01 21:03 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DropboxMaster
2014-04-01 21:02 - 2014-04-01 21:02 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-01 21:02 - 2014-04-01 21:02 - 00000000 ____D () C:\Program Files\Dropbox
2014-04-01 21:01 - 2014-04-06 21:00 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Dropbox
2014-04-01 20:49 - 2014-04-01 20:49 - 00527256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-01 19:57 - 2014-04-05 09:24 - 00000110 ___RH () C:\Users\Admin\Desktop\Stinger.opt
2014-04-01 18:50 - 2014-04-05 10:43 - 00000000 ____D () C:\Program Files\stinger
2014-04-01 18:49 - 2014-04-01 18:50 - 10640232 _____ (McAfee Inc) C:\Users\Admin\Desktop\stinger32.exe
2014-04-01 15:42 - 2014-04-01 15:42 - 00002961 _____ () C:\Users\Admin\Desktop\Mindjet MindManager Basic 6.lnk
2014-04-01 07:44 - 2014-04-01 07:44 - 00163648 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-31 21:34 - 2014-03-31 21:34 - 00013566 _____ () C:\Users\Admin\Desktop\log.xml
2014-03-31 21:12 - 2014-04-06 20:53 - 00000000 ____D () C:\AdwCleaner
2014-03-31 20:48 - 2014-03-31 20:48 - 00001059 _____ () C:\Users\Admin\Desktop\Revo Uninstaller.lnk
2014-03-31 20:48 - 2014-03-31 20:48 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-03-31 20:10 - 2014-03-31 20:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ChicaLogic
2014-03-31 20:10 - 2014-03-31 20:10 - 00000000 ____D () C:\ProgramData\ChicaLogic
2014-03-31 18:58 - 2014-03-31 19:28 - 00000000 ____D () C:\ProgramData\clp
2014-03-31 18:57 - 2014-03-31 20:47 - 00000000 ____D () C:\Users\Admin\AppData\Local\LogMeIn Rescue Applet
2014-03-31 18:57 - 2014-03-31 18:58 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Fighters
2014-03-31 18:56 - 2014-03-31 18:56 - 00000000 ____D () C:\Program Files\Common Files\Common Toolkit Suite
2014-03-31 18:54 - 2014-03-31 20:47 - 00000000 ____D () C:\ProgramData\Fighters
2014-03-31 18:54 - 2014-03-31 18:54 - 00000000 ____D () C:\ProgramData\Common Toolkit Suite
2014-03-26 08:05 - 2014-03-26 08:05 - 00055224 _____ (StdLib) C:\Windows\system32\Drivers\tStLibG.sys
2014-03-23 18:11 - 2014-03-23 18:11 - 00000000 ____D () C:\Users\Admin\AppData\Local\Downloaded Installations
2014-03-23 17:34 - 2014-03-23 17:35 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\WiseUpdate
2014-03-16 13:21 - 2014-03-16 13:21 - 00003120 _____ () C:\Windows\system32\ALLFSAF14a.ocx
2014-03-16 13:20 - 2014-03-16 13:20 - 00002063 _____ () C:\Users\Public\Desktop\Style Builder 2014.lnk
2014-03-16 13:20 - 2014-03-16 13:20 - 00001977 _____ () C:\Users\Public\Desktop\LayOut 2014.lnk
2014-03-16 13:20 - 2014-03-16 13:20 - 00001896 _____ () C:\Users\Public\Desktop\SketchUp 2014.lnk
2014-03-12 07:56 - 2014-02-23 07:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 07:56 - 2014-02-23 07:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 07:56 - 2014-02-23 07:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 07:56 - 2014-02-23 07:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 07:56 - 2014-02-23 07:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 07:56 - 2014-02-23 07:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 07:56 - 2014-02-23 07:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-12 07:56 - 2014-02-23 07:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 07:56 - 2014-02-23 07:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 07:56 - 2014-02-23 07:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 07:56 - 2014-02-23 07:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-12 07:56 - 2014-02-23 07:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 07:56 - 2014-02-23 07:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-12 07:56 - 2014-02-23 07:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 07:56 - 2014-02-23 07:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-12 07:56 - 2014-02-23 07:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 07:38 - 2014-02-07 12:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 07:38 - 2014-02-03 12:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 07:38 - 2014-01-30 09:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 07:38 - 2013-11-13 02:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-10 19:12 - 2014-03-10 19:22 - 138607664 _____ () C:\Users\Admin\Downloads\avira_free_antivirus_de (1).exe
==================== One Month Modified Files and Folders =======
2014-04-07 18:54 - 2014-04-07 18:54 - 00000000 ____D () C:\FRST
2014-04-07 18:46 - 2012-12-02 20:06 - 00000000 ____D () C:\Users\Admin\AppData\Local\3B218449-4347-465D-89AA-CA0941C55E5A.aplzod
2014-04-07 18:45 - 2014-02-23 18:23 - 01545303 _____ () C:\Windows\WindowsUpdate.log
2014-04-07 08:53 - 2013-10-09 23:34 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec5375ce863d0.job
2014-04-07 08:44 - 2014-04-07 08:44 - 00000988 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-04-07 08:44 - 2014-04-07 08:44 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Nico Mak Computing
2014-04-07 08:44 - 2014-04-07 08:44 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-04-07 08:44 - 2014-04-07 08:44 - 00000000 ____D () C:\Program Files\WinZip Malware Protector
2014-04-07 08:10 - 2006-11-02 14:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-07 08:10 - 2006-11-02 14:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-06 21:01 - 2006-11-02 12:33 - 01790286 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-06 21:00 - 2014-04-01 21:03 - 00000000 ___RD () C:\Users\Admin\Dropbox
2014-04-06 21:00 - 2014-04-01 21:01 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Dropbox
2014-04-06 20:58 - 2014-04-04 21:23 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-04-06 20:58 - 2013-08-18 18:25 - 00000398 _____ () C:\Windows\Tasks\Wise Care 365.job
2014-04-06 20:54 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-06 20:53 - 2014-03-31 21:12 - 00000000 ____D () C:\AdwCleaner
2014-04-06 20:53 - 2007-12-18 22:28 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-04-06 20:53 - 2006-11-02 15:01 - 00032610 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-06 20:21 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Help
2014-04-06 20:13 - 2014-04-06 20:12 - 00000000 __HDC () C:\ProgramData\{BA58D0EE-89D1-4191-9F19-B6AD920B04F7}
2014-04-06 20:12 - 2014-04-06 20:12 - 00000916 _____ () C:\Users\Public\Desktop\Netzmanager.lnk
2014-04-06 20:12 - 2013-11-05 20:17 - 00000000 ____D () C:\ProgramData\Netzmanager
2014-04-06 20:12 - 2013-11-05 20:17 - 00000000 ____D () C:\Program Files\Netzmanager
2014-04-06 20:12 - 2013-11-05 20:16 - 00000000 __HDC () C:\ProgramData\{87B61FE8-334F-4066-B7AA-68DC81782D4D}
2014-04-06 20:11 - 2011-09-08 19:08 - 00000000 ____D () C:\Users\Admin\AppData\Local\Deployment
2014-04-06 20:02 - 2014-04-04 21:23 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-04-06 20:02 - 2014-04-04 21:23 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-04-06 18:00 - 2013-08-18 18:25 - 00000378 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-04-05 22:15 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-04-05 10:43 - 2014-04-01 18:50 - 00000000 ____D () C:\Program Files\stinger
2014-04-05 09:24 - 2014-04-01 19:57 - 00000110 ___RH () C:\Users\Admin\Desktop\Stinger.opt
2014-04-04 21:31 - 2014-04-04 21:22 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-04 21:22 - 2014-04-04 21:22 - 00001960 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-04 21:22 - 2014-04-04 21:22 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-04-03 21:20 - 2012-05-08 23:08 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-03 20:53 - 2009-06-30 18:40 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-03 17:18 - 2009-07-10 20:04 - 00001052 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-04-03 07:28 - 2013-04-05 21:17 - 00000000 ____D () C:\Program Files\StarMoney 9.0 S-Edition
2014-04-01 21:03 - 2014-04-01 21:03 - 00000988 _____ () C:\Users\Admin\Desktop\Dropbox.lnk
2014-04-01 21:03 - 2014-04-01 21:02 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DropboxMaster
2014-04-01 21:03 - 2007-05-22 09:15 - 00000000 ____D () C:\Users\Admin
2014-04-01 21:02 - 2014-04-01 21:02 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-01 21:02 - 2014-04-01 21:02 - 00000000 ____D () C:\Program Files\Dropbox
2014-04-01 20:52 - 2010-12-03 19:38 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-04-01 20:49 - 2014-04-01 20:49 - 00527256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-01 18:50 - 2014-04-01 18:49 - 10640232 _____ (McAfee Inc) C:\Users\Admin\Desktop\stinger32.exe
2014-04-01 15:42 - 2014-04-01 15:42 - 00002961 _____ () C:\Users\Admin\Desktop\Mindjet MindManager Basic 6.lnk
2014-04-01 07:44 - 2014-04-01 07:44 - 00163648 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-01 07:42 - 2013-06-30 19:34 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Wise Disk Cleaner
2014-03-31 21:39 - 2013-06-23 11:15 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Wise Registry Cleaner
2014-03-31 21:34 - 2014-03-31 21:34 - 00013566 _____ () C:\Users\Admin\Desktop\log.xml
2014-03-31 20:48 - 2014-03-31 20:48 - 00001059 _____ () C:\Users\Admin\Desktop\Revo Uninstaller.lnk
2014-03-31 20:48 - 2014-03-31 20:48 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-03-31 20:47 - 2014-03-31 18:57 - 00000000 ____D () C:\Users\Admin\AppData\Local\LogMeIn Rescue Applet
2014-03-31 20:47 - 2014-03-31 18:54 - 00000000 ____D () C:\ProgramData\Fighters
2014-03-31 20:32 - 2014-03-04 19:49 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-03-31 20:10 - 2014-03-31 20:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ChicaLogic
2014-03-31 20:10 - 2014-03-31 20:10 - 00000000 ____D () C:\ProgramData\ChicaLogic
2014-03-31 20:00 - 2009-08-21 18:25 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2014-03-31 19:28 - 2014-03-31 18:58 - 00000000 ____D () C:\ProgramData\clp
2014-03-31 18:58 - 2014-03-31 18:57 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Fighters
2014-03-31 18:56 - 2014-03-31 18:56 - 00000000 ____D () C:\Program Files\Common Files\Common Toolkit Suite
2014-03-31 18:54 - 2014-03-31 18:54 - 00000000 ____D () C:\ProgramData\Common Toolkit Suite
2014-03-30 19:50 - 2006-11-02 12:23 - 00000379 _____ () C:\Windows\win.ini
2014-03-30 19:35 - 2010-12-05 09:27 - 00000000 ____D () C:\ProgramData\CanonIJ
2014-03-26 08:05 - 2014-03-26 08:05 - 00055224 _____ (StdLib) C:\Windows\system32\Drivers\tStLibG.sys
2014-03-23 18:12 - 2013-11-17 13:39 - 00002044 _____ () C:\Users\Admin\Desktop\SEPA Account Converter.lnk
2014-03-23 18:12 - 2013-11-17 13:39 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Finanz
2014-03-23 18:12 - 2013-11-17 13:39 - 00000000 ____D () C:\Program Files\SEPA Account Converter
2014-03-23 18:11 - 2014-03-23 18:11 - 00000000 ____D () C:\Users\Admin\AppData\Local\Downloaded Installations
2014-03-23 17:35 - 2014-03-23 17:34 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\WiseUpdate
2014-03-18 19:48 - 2013-07-21 16:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 19:44 - 2006-11-02 12:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-03-16 20:44 - 2013-05-31 17:45 - 00000000 ____D () C:\ProgramData\SketchUp
2014-03-16 20:44 - 2013-05-31 17:45 - 00000000 ____D () C:\Program Files\SketchUp
2014-03-16 13:21 - 2014-03-16 13:21 - 00003120 _____ () C:\Windows\system32\ALLFSAF14a.ocx
2014-03-16 13:20 - 2014-03-16 13:20 - 00002063 _____ () C:\Users\Public\Desktop\Style Builder 2014.lnk
2014-03-16 13:20 - 2014-03-16 13:20 - 00001977 _____ () C:\Users\Public\Desktop\LayOut 2014.lnk
2014-03-16 13:20 - 2014-03-16 13:20 - 00001896 _____ () C:\Users\Public\Desktop\SketchUp 2014.lnk
2014-03-15 23:11 - 2009-04-02 08:32 - 00001965 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-12 21:21 - 2012-05-08 23:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-12 21:21 - 2011-06-15 19:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 20:06 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-03-12 19:38 - 2008-03-29 17:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 07:58 - 2007-05-24 21:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 07:54 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-03-10 19:24 - 2012-11-03 11:43 - 00001849 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-03-10 19:22 - 2014-03-10 19:12 - 138607664 _____ () C:\Users\Admin\Downloads\avira_free_antivirus_de (1).exe
Files to move or delete:
====================
C:\Users\Admin\AppData\Roaming\desktop.ini
C:\Users\Admin\CitrixOnlinePluginWeb.exe
C:\Users\Admin\IKEA_Home_Planner_FY10.exe
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\avgnt.exe
C:\Users\Admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphps2oe.dll
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-07 09:08
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by Admin at 2014-04-07 18:55:05
Running from C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VOA24NC5
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
7-Zip 9.22beta (HKLM\...\7-Zip) (Version: - )
ABBYY PDF Transformer 2.0 (HKLM\...\{FA200000-0001-0000-0000-074957833700}) (Version: 2.0.1147.4912 - ABBYY Software Ltd.)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoImpression 6 (HKLM\...\{063E409E-3D7C-4A4A-95AB-2F124B9224B3}) (Version: 6.1.8.135 - ArcSoft)
Assistant zum Anpassen des Dell-Systems (HKLM\...\{FD023F61-65E9-465C-B558-7C64EB2B97E6}) (Version: 1.00.0000 - Dell Inc.)
ATI Catalyst Control Center Ex (HKLM\...\{F08F36A8-7EEA-DB4D-00D1-2CA68C2DD445}) (Version: 2.0.2488.36465 - Ihr Firmenname)
ATI Catalyst Install Manager (HKLM\...\{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}) (Version: 3.0.641.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Benutzerhandbuch (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version: - )
Bing Bar (HKLM\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: - )
Canon MP Navigator EX 3.0 (HKLM\...\MP Navigator EX 3.0) (Version: - )
Canon MP550 series Benutzerregistrierung (HKLM\...\Canon MP550 series Benutzerregistrierung) (Version: - )
Canon MP550 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)
Citrix Online Plug-in (DV) (Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
Citrix Online Plug-in (HDX) (Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
Citrix Online Plug-in (USB) (Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
Citrix Online Plug-in (Web) (Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
Corel Graphics Suite 11 (HKLM\...\InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}) (Version: 11 - Corel Corporation)
Corel Graphics Suite 11 (Version: 11 - Corel Corporation) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.6.0.4 - Dell)
Dell System Detect Bootstrapper (HKCU\...\8e3135b376bd523e) (Version: 1.1.0.15 - Dell)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.27 - Dropbox, Inc.)
Fax-Lösungen (HKLM\...\Dell Fax Solutions) (Version: - Dell, Inc.)
Free Video Flip and Rotate version 1.6 (HKLM\...\Free Video Flip and Rotate_is1) (Version: - DVDVideoSoft Limited.)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google SketchUp 8 (HKLM\...\{4BA6784F-3B10-473A-B9F5-33A36AC354D5}) (Version: 3.0.14358 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - )
Google Toolbar for Internet Explorer (Version: 4.0.0.002 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
IncrediMail (HKLM\...\IncrediMail) (Version: 5.8.5.3849 - IncrediMail Ltd.)
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
Intel(R) PRO Network Connections Drivers (HKLM\...\PROSet) (Version: - )
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
iPhone-Konfigurationsprogramm (HKLM\...\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}) (Version: 2.1.0.163 - Apple Inc.)
iPod for Windows 2006-06-28 (HKLM\...\InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}) (Version: 4.7.0 - Apple Computer, Inc.)
iPod for Windows 2006-06-28 (Version: 4.7.0 - Apple Computer, Inc.) Hidden
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
kicker Manager (HKLM\...\{FA71F299-A761-422E-80AE-3748F3ED1BCF}) (Version: - )
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Configuration Analyzer Tool 2.0 (HKLM\...\{2488B526-0B60-4DE1-A736-C3B5D64ACDEB}) (Version: 2.0.3 - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 (Version: - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Browser (HKLM\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Common Files (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Native Client (HKLM\...\{539A0EAA-E1BB-4163-9C1E-6C8BF4A17FA2}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server VSS Writer (HKLM\...\{D074DC76-F6C9-440E-A1D0-1DE958417FDB}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 (x86) (HKLM\...\{A8BD5A60-E843-46DC-8271-ABF20756BE0F}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 (x86) (HKLM\...\{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 SP1 CRT Redistributable (HKLM\...\{CC038D57-788A-4544-BF8F-179E5CF50D2F}) (Version: 1.00.0000 - Buhl Data Service GmbH)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XML Parser und SDK (HKLM\...\{35343FF7-939B-401A-87B3-FF90A5123D88}) (Version: 4.10.9404.0 - Microsoft Corporation)
Mindjet MindManager Basic 6 (HKLM\...\{716EE3B2-3256-453C-91FC-AEDD1CE6B77F}) (Version: 6.2.399 - Mindjet LLC)
MosChip Multi-IO Controller (HKLM\...\MosChip Technology) (Version: - )
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Netzmanager (HKLM\...\Netzmanager) (Version: 1.081 - Deutsche Telekom AG)
Netzmanager (Version: 1.081 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden
Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version: - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OLYMPUS CAMEDIA Master 4.1 (HKLM\...\{30BB4D60-81DB-11D5-BB77-00400536ABAC}) (Version: - )
OLYMPUS Master 2 (HKLM\...\{9FA93155-472F-4778-87A8-95244FD1535D}) (Version: 1.0.11 - OLYMPUS IMAGING CORP.)
OVT Scanner X86 (HKLM\...\{6B566EFE-DC1D-471F-93DD-84832663F140}) (Version: 1.00.0000 - OVT)
PC Camera-168 (HKLM\...\{ECD03DA7-5952-406A-8156-5F0C93618D1F}) (Version: 5.18.1209.106 - Sonix)
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: - )
PrintFit Visitenkarten-Druckerei (HKLM\...\Visitenkarten-Druckerei_is1) (Version: - )
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
QuickVerein 2013 V10 (HKLM\...\{70FB667D-C26A-4CEC-8668-D24B92036300}) (Version: 10.0 - Lexware)
RealDownloader (Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.0 - Roxio)
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD DE (HKLM\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.116 - Roxio, Inc.)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
Segeln 2007 (HKLM\...\Segeln 2007_is1) (Version: - Contendo Media Ltd.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SEPA Account Converter (HKLM\...\{BE109F11-6E2C-43F4-B105-AC646809915D}) (Version: 1.25.2 - Star Finanz GmbH)
Service Pack 3 für SQL Server 2008 (KB2546951) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5102.0 - SigmaTel)
SketchUp 2014 (HKLM\...\{A608A8D3-E77C-4BEE-8F2A-F8124F5F0FE2}) (Version: 14.0.4900 - Trimble Navigation Limited)
Skype Toolbars (HKLM\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
StarMoney (Version: 2.0 - StarFinanz) Hidden
StarMoney (Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney (Version: 5.0 - StarFinanz) Hidden
StarMoney 7.0 S-Edition (HKLM\...\{3980E70D-0F4E-4496-A0B4-8A78F0BDEF1B}) (Version: 7.0 - StarFinanz GmbH)
StarMoney 9.0 S-Edition (HKLM\...\{B7A27DA3-BAFD-4B81-BFF6-64ADE37A82C3}) (Version: 9.0 - Star Finanz GmbH)
Sweet Home 3D version 4.1 (HKLM\...\Sweet Home 3D_is1) (Version: - eTeks)
Sync-Plus (HKLM\...\Sync-Plus) (Version: 1.0.0.4 - Deutsche Telekom AG)
SyncToy 2.0 (x86) (HKLM\...\{AFDFC350-C142-4790-BE12-8357AECD028F}) (Version: 2.0.100.0 - Microsoft)
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version: - )
Uninstall OVT Scanner (HKLM\...\OVT Scanner) (Version: - )
Unterstützungsdateien für Microsoft SQL Server 2008-Setup (HKLM\...\{2A231800-A7CF-4223-B8A3-1FD9057BAE96}) (Version: 10.3.5500.0 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
URL Assistant (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version: - )
VBA (2701.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
Windows 7 Upgrade Advisor Beta (HKLM\...\{4394DC3A-5DAC-4C80-A86E-FF462D0AD653}) (Version: 2.0.1125.0 - Microsoft Corporation)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0) (HKLM\...\E24870CB6AA1C3511635FF9020A3E9471287FBE7) (Version: 01/26/2008 2.6.0.0 - MobileTop)
WinZip Malware Protector (HKLM\...\WinZip Malware Protector_is1) (Version: 2.1.1000.10798 - WinZip International LLC)
Wise Disk Cleaner 8.03 (HKLM\...\Wise Disk Cleaner_is1) (Version: 8.03 - WiseCleaner.com, Inc.)
Wise Registry Cleaner 7.94 (HKLM\...\Wise Registry Cleaner_is1) (Version: 7.94 - WiseCleaner.com, Inc.)
WISO Mein Geld 2012 Professional (HKLM\...\WISO Mein Geld 2012 Professional) (Version: - Buhl Data Service GmbH)
WISO Mein Geld 2012 Professional (Version: 14.0.1.18 - Buhl Data Service GmbH) Hidden
WISO Steuer-Sparbuch 2011 (HKLM\...\{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}) (Version: 18.00.6928 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2012 (HKLM\...\{0CC1DAFB-40C8-4903-953D-471E541477C7}) (Version: 19.00.7303 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2013 (HKLM\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM\...\{58207B7A-46E8-4DFA-B3DE-7EA4A1F1A692}) (Version: 21.00.8480 - Buhl Data Service GmbH)
==================== Restore Points =========================
24-03-2014 17:47:57 Geplanter Prüfpunkt
24-03-2014 21:09:52 Windows-Sicherung
26-03-2014 05:45:47 Windows Update
27-03-2014 15:57:42 Geplanter Prüfpunkt
28-03-2014 06:20:30 Geplanter Prüfpunkt
29-03-2014 09:13:10 Geplanter Prüfpunkt
30-03-2014 07:48:21 Windows Update
31-03-2014 16:55:03 Installed Fighters.
31-03-2014 18:00:15 Windows-Sicherung
31-03-2014 18:57:53 Revo Uninstaller's restore point - Jotzey
01-04-2014 18:40:16 Revo Uninstaller's restore point - buenosearch toolbar
02-04-2014 15:19:55 Geplanter Prüfpunkt
03-04-2014 16:14:05 Geplanter Prüfpunkt
04-04-2014 13:00:59 Geplanter Prüfpunkt
04-04-2014 19:27:40 Windows Update
05-04-2014 08:20:38 Geplanter Prüfpunkt
06-04-2014 15:56:28 Geplanter Prüfpunkt
06-04-2014 18:16:34 Revo Uninstaller's restore point - DDBAC
06-04-2014 18:17:14 DDBAC wird entfernt
==================== Hosts content: ==========================
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0482066B-E54D-4CBD-AEE2-6A59F6BB3CAF} - System32\Tasks\{8566B205-96AB-4F05-8AF0-086CF6B765E9} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {0AD036C4-1879-4961-BEFE-B5AE765DA1F7} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe [2013-07-15] (Nico Mak Computing)
Task: {124C2ABD-4491-4C0F-910A-FFF4E2E10F50} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {151F5F5C-6942-4884-ADA5-5BA22FF5C124} - System32\Tasks\{66D3BFE2-9DDE-4102-A410-C639D65306F8} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1F7CFA07-C790-4BD0-A58B-82E510A72A29} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {20BD77BF-3C98-4F58-9228-28E6F93B6B7A} - System32\Tasks\Wise Turbo Checker => C:\Program Files\Wise\Wise Care 365\WiseTurbo.exe
Task: {21133EF4-87E0-4B54-9019-996FD3817108} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1690639883-1602079938-3287190603-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {2683F8B4-21E8-4CB9-A09C-0FA009ADE909} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2013-10-31] (Apple Inc.)
Task: {32BF206A-558D-4446-BAF8-89E72E64110F} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {3515DE1B-33DC-4580-B4C4-5F275A81504F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-02] (Google Inc.)
Task: {35C5B832-A116-4A02-A801-F99877DBC4F9} - System32\Tasks\Microsoft\Windows\RestartManager\{DC0CBD35-4755-453c-B4E5-B2891243C6F8} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {36DAC59F-AC6F-4504-8AD0-9C6DEE521026} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1690639883-1602079938-3287190603-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {431F60EA-5D7A-4B29-8DAD-C1F1E195660F} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {4891337E-0024-42F3-966C-531C1BF91316} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {4D091618-9150-4BD5-99FA-F504E8AE53C0} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {5799EE4E-29B7-4EE7-A243-53E3E7E32C53} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {76934A16-976F-498B-8E30-3F1E36E9E625} - System32\Tasks\GoogleUpdateTaskMachineCore1cec5375ce863d0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-02] (Google Inc.)
Task: {920E4647-01F3-4EE5-9D63-CB4492D53B38} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-02] (Google Inc.)
Task: {9285DEDC-EE50-4037-971E-5079CF6244F4} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {9F0E877B-F62F-4711-985D-2BE8EB50F587} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1690639883-1602079938-3287190603-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {AE9C730F-872D-4112-B8A5-E22AC40654AD} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {B4F3F4BF-5B45-4738-9902-EBEA64FF49DF} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Admin => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {B84069D5-9CBE-4012-919D-61482842EC64} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: {BD92F8EF-5154-4AA2-88A0-F1A97205323E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {C8F9D847-60FC-492B-A435-AA4FF05249B2} - System32\Tasks\Microsoft\Windows\RestartManager\{0326B6CE-8078-4e19-B70D-597A68259D8B} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {D16D7F7E-2166-44BF-B44B-A95FA91C75FB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {D5B2BB23-86FD-439D-B98F-F8B1D1F69AC3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {DE0D8016-3604-41EF-8DF0-0A665908424D} - System32\Tasks\Wise Care 365 => C:\Program Files\Wise\Wise Care 365\WiseTray.exe
Task: {E1D16F3D-EE4D-4A33-AED8-B10292A044CB} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1690639883-1602079938-3287190603-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec5375ce863d0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\Windows\Tasks\Wise Care 365.job => C:\Program Files\Wise\Wise Care 365\WiseTray.exe
Task: C:\Windows\Tasks\Wise Turbo Checker.job => C:\Program Files\Wise\Wise Care 365\WiseTurbo.exe
==================== Loaded Modules (whitelisted) =============
2007-05-28 00:32 - 2006-10-06 07:06 - 00045056 _____ () C:\Windows\System32\DLPRMON.DLL
2007-05-28 00:32 - 2006-10-06 07:24 - 00016384 _____ () C:\Program Files\Dell PC Fax\DlCtrStr.dll
2007-05-28 00:32 - 2006-10-06 07:04 - 00032768 _____ () C:\Program Files\Dell PC Fax\ipcmt.dll
2012-11-03 11:42 - 2012-09-19 20:17 - 00397088 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-12-03 19:38 - 2009-02-10 17:01 - 00116104 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2010-10-19 09:31 - 2010-10-19 09:31 - 00159744 _____ () C:\Program Files\Netzmanager\NMInfraIS2\driver\SoftplugLib.dll
2006-11-02 20:40 - 2006-11-02 20:40 - 00174656 _____ () C:\Windows\system32\PSIService.exe
2013-04-16 03:07 - 2013-04-16 03:07 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-04-04 21:22 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-04-04 21:22 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-04-04 21:22 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-04-04 21:22 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-04-04 21:22 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2011-11-11 07:43 - 2009-10-06 15:36 - 00205312 _____ () C:\Program Files\StarMoney 7.0 S-Edition\ouservice\PATCHW32.dll
2014-02-01 16:54 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files\StarMoney 9.0 S-Edition\ouservice\PATCHW32.dll
2007-12-02 15:43 - 2006-10-26 17:21 - 00056056 _____ () C:\Windows\system32\DLAAPI_W.DLL
2009-09-30 18:21 - 2007-07-11 16:09 - 00020480 _____ () C:\Windows\FixCamera.exe
2009-09-30 18:21 - 2007-05-10 13:18 - 00835584 _____ () C:\Windows\vsnpstd3.exe
2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2013-12-01 14:59 - 2013-12-19 15:44 - 01427760 _____ () C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe
2013-12-01 14:52 - 2013-12-19 15:45 - 09618736 _____ () C:\Program Files\WISO\Steuersoftware 2014\wgui14.dll
2013-12-01 14:52 - 2013-12-19 15:44 - 00035120 _____ () C:\Program Files\WISO\Steuersoftware 2014\rsdcom48.dll
2013-12-01 14:52 - 2013-12-19 15:44 - 00309040 _____ () C:\Program Files\WISO\Steuersoftware 2014\rscorewinapi48.dll
2013-12-01 14:52 - 2013-12-19 15:44 - 00321840 _____ () C:\Program Files\WISO\Steuersoftware 2014\rsguiwinapi48.dll
2013-12-01 14:52 - 2013-12-19 15:45 - 03698992 _____ () C:\Program Files\WISO\Steuersoftware 2014\wcore14.dll
2013-12-01 14:52 - 2013-12-19 15:44 - 00136496 _____ () C:\Program Files\WISO\Steuersoftware 2014\rsodbc48.dll
2013-12-01 14:52 - 2013-12-19 15:44 - 02573104 _____ () C:\Program Files\WISO\Steuersoftware 2014\wfvie14.dll
2013-12-01 14:52 - 2013-12-19 15:44 - 01886000 _____ () C:\Program Files\WISO\Steuersoftware 2014\wsteu14.dll
2013-12-01 14:52 - 2013-12-19 15:44 - 01905456 _____ () C:\Program Files\WISO\Steuersoftware 2014\wreli14.dll
2013-12-01 14:52 - 2013-12-19 15:44 - 04274992 _____ () C:\Program Files\WISO\Steuersoftware 2014\wauff14.dll
2013-12-01 14:52 - 2013-10-30 18:37 - 01043456 ____N () C:\Program Files\WISO\Steuersoftware 2014\clucene-core.dll
2013-12-01 14:52 - 2013-10-30 18:37 - 00094720 ____N () C:\Program Files\WISO\Steuersoftware 2014\clucene-shared.dll
2013-12-01 14:52 - 2013-10-30 18:37 - 00250368 ____N () C:\Program Files\WISO\Steuersoftware 2014\clucene-contribs-lib.dll
2013-12-01 14:52 - 2013-12-19 15:44 - 01468208 _____ () C:\Program Files\WISO\Steuersoftware 2014\wmain14.dll
2013-12-01 14:52 - 2013-12-19 15:45 - 05055792 _____ () C:\Program Files\WISO\Steuersoftware 2014\wbae114.dll
2013-12-01 14:52 - 2013-12-19 15:44 - 01678640 _____ () C:\Program Files\WISO\Steuersoftware 2014\wbae214.dll
2013-12-01 14:52 - 2013-12-19 15:44 - 01804080 _____ () C:\Program Files\WISO\Steuersoftware 2014\wbae314.dll
2013-12-01 14:52 - 2013-12-19 15:44 - 01626416 _____ () C:\Program Files\WISO\Steuersoftware 2014\wbae414.dll
2013-12-01 14:52 - 2013-12-19 15:44 - 01126704 _____ () C:\Program Files\WISO\Steuersoftware 2014\whau114.dll
2013-12-01 14:52 - 2013-12-19 15:45 - 01313072 _____ () C:\Program Files\WISO\Steuersoftware 2014\whau214.dll
2013-12-01 14:52 - 2013-12-19 15:44 - 01281840 _____ () C:\Program Files\WISO\Steuersoftware 2014\wwerb14.dll
2013-12-01 14:52 - 2013-12-19 15:45 - 07274288 _____ () C:\Program Files\WISO\Steuersoftware 2014\wkont14.dll
2013-12-01 14:52 - 2013-12-19 15:44 - 01274672 _____ () C:\Program Files\WISO\Steuersoftware 2014\wimp14.dll
2013-12-01 14:52 - 2013-12-19 15:44 - 01330480 _____ () C:\Program Files\WISO\Steuersoftware 2014\wfabu14.dll
2014-04-06 21:00 - 2014-04-06 21:00 - 00041984 _____ () c:\users\admin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphps2oe.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\libcef.dll
2014-04-07 08:44 - 2013-02-28 16:53 - 00886272 _____ () C:\Program Files\WinZip Malware Protector\System.Data.SQLite.dll
2014-04-07 08:44 - 2013-07-15 16:53 - 01717936 _____ () C:\Program Files\WinZip Malware Protector\aspsys.dll
2014-04-07 08:44 - 2013-02-28 16:53 - 00168448 _____ () C:\Program Files\WinZip Malware Protector\UNRAR.DLL
2009-02-26 14:46 - 2009-02-26 14:46 - 00064344 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 12:46 - 2011-06-22 12:46 - 00434016 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: ECenter => c:\dell\E-Center\EULALauncher.exe
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: MMReminderService => C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
MSCONFIG\startupreg: OM2_Monitor => "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
MSCONFIG\startupreg: TkBellExe => "c:\program files\real\realplayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: tsnpstd3 => C:\Windows\tsnpstd3.exe
MSCONFIG\startupreg: Windows Mobile Device Center => C:\Windows\WindowsMobile\wmdc.exe
==================== Faulty Device Manager Devices =============
Name: isatap.{7B145558-9FC0-4CCF-B3EB-2A8214441AD8}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (04/07/2014 09:17:04 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4103
Error: (04/07/2014 09:17:04 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4103
Error: (04/07/2014 09:17:04 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/07/2014 09:17:03 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3089
Error: (04/07/2014 09:17:03 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3089
Error: (04/07/2014 09:17:03 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/07/2014 09:17:02 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2075
Error: (04/07/2014 09:17:02 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2075
Error: (04/07/2014 09:17:02 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/07/2014 09:17:01 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1061
System errors:
=============
Error: (04/07/2014 06:45:47 PM) (Source: Service Control Manager) (User: )
Description: 30000ShellHWDetection
Error: (04/06/2014 08:54:57 PM) (Source: Microsoft-Windows-TaskScheduler) (User: NT-AUTORITÄT)
Description: 2147942402
Error: (04/06/2014 08:04:55 PM) (Source: Service Control Manager) (User: )
Description: Spybot-S&D 2 Scanner Service%%1053
Error: (04/06/2014 08:04:54 PM) (Source: Service Control Manager) (User: )
Description: 30000Spybot-S&D 2 Scanner Service
Error: (04/06/2014 08:03:40 PM) (Source: Service Control Manager) (User: )
Description: Spybot-S&D 2 Scanner Service%%1053
Error: (04/06/2014 08:03:40 PM) (Source: Service Control Manager) (User: )
Description: 30000Spybot-S&D 2 Scanner Service
Error: (04/06/2014 08:02:15 PM) (Source: Microsoft-Windows-TaskScheduler) (User: NT-AUTORITÄT)
Description: 2147942402
Error: (04/06/2014 08:00:09 PM) (Source: Service Control Manager) (User: )
Description: 30000LanmanWorkstation
Error: (04/06/2014 00:24:45 PM) (Source: Service Control Manager) (User: )
Description: 30000Apple Mobile Device
Error: (04/05/2014 10:23:08 PM) (Source: cdrom) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom1.
Microsoft Office Sessions:
=========================
Error: (01/25/2014 01:40:01 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.
Error: (11/29/2013 02:08:21 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 21006 seconds with 60 seconds of active time. This session ended with a crash.
Error: (10/17/2013 11:54:44 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3114 seconds with 1620 seconds of active time. This session ended with a crash.
Error: (01/14/2012 09:34:17 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 36 seconds with 0 seconds of active time. This session ended with a crash.
Error: (08/23/2011 07:24:15 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 29 seconds with 0 seconds of active time. This session ended with a crash.
Error: (07/12/2011 06:54:04 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 812 seconds with 360 seconds of active time. This session ended with a crash.
Error: (04/03/2011 01:00:15 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 465 seconds with 300 seconds of active time. This session ended with a crash.
Error: (01/13/2011 10:03:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 9151 seconds with 660 seconds of active time. This session ended with a crash.
Error: (09/05/2010 04:12:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 366 seconds with 240 seconds of active time. This session ended with a crash.
Error: (12/04/2009 07:31:34 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8918 seconds with 360 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2013-11-22 21:22:52.974
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\verifier.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-06-20 19:45:57.621
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-06-20 19:45:57.224
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-03-28 06:37:33.668
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-03-28 06:37:33.314
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-03-23 16:42:34.076
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-03-23 16:42:33.732
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-03-23 16:42:18.687
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-03-23 16:42:18.269
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-03-23 16:36:39.124
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 70%
Total physical RAM: 3069.21 MB
Available physical RAM: 894.59 MB
Total Pagefile: 6368.68 MB
Available Pagefile: 3454.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1884.11 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:222.78 GB) (Free:111.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:3.57 GB) NTFS
Drive f: (ST2014) (CDROM) (Total:0.56 GB) (Free:0 GB) CDFS
Drive h: (USB-Festplatte) (Fixed) (Total:232.88 GB) (Free:22.54 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 50000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=223 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: 561C78FD)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
07.04.2014, 22:41
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner verschickt emails Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
08.04.2014, 20:56
| #5 |
| | Rechner verschickt emails habe jetzt combofix gemäß Vorgaben durchgeführt. Hier das Ergebnis: Code:
ATTFilter ComboFix 14-04-08.01 - Admin 08.04.2014 21:27:03.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3069.1433 [GMT 2:00]
ausgeführt von:: c:\users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VOA24NC5\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6426\AddOnDownloaded\9a23b885-84bf-4844-bc8c-e1f4c568d95a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\9a4d2a9e-ce47-421d-bbd6-98fd72255fed.dll
c:\programdata\PCDr\6426\AddOnDownloaded\b1cd2350-1a70-4fd2-9b75-98208aace99a.dll
c:\programdata\SPL3902.tmp
c:\programdata\SPLB462.tmp
c:\windows\IsUn0407.exe
c:\windows\system32\tmpCCD1.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-03-08 bis 2014-04-08 ))))))))))))))))))))))))))))))
.
.
2014-04-08 19:37 . 2014-04-08 19:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-08 12:36 . 2014-03-07 04:35 7969936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{88144093-972F-4CA9-A33B-12E3F171233B}\mpengine.dll
2014-04-07 16:54 . 2014-04-07 17:00 -------- d-----w- C:\FRST
2014-04-07 06:44 . 2014-04-07 06:44 -------- d-----w- c:\users\Admin\AppData\Roaming\Nico Mak Computing
2014-04-07 06:44 . 2014-04-07 06:44 -------- d-----w- c:\programdata\Nico Mak Computing
2014-04-07 06:44 . 2014-04-07 06:44 -------- d-----w- c:\program files\WinZip Malware Protector
2014-04-07 06:44 . 2013-03-15 15:01 16384 ----a-w- c:\windows\system32\wsusnative32.exe
2014-04-06 18:12 . 2014-04-06 18:13 -------- dc-h--w- c:\programdata\{BA58D0EE-89D1-4191-9F19-B6AD920B04F7}
2014-04-04 19:22 . 2013-09-20 08:49 18968 ----a-w- c:\windows\system32\sdnclean.exe
2014-04-04 19:22 . 2014-04-08 19:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-04-04 19:22 . 2014-04-04 19:22 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-04-01 19:03 . 2014-04-08 05:22 -------- d-----r- c:\users\Admin\Dropbox
2014-04-01 19:02 . 2014-04-01 19:02 -------- d-----w- c:\program files\Dropbox
2014-04-01 19:01 . 2014-04-08 05:22 -------- d-----w- c:\users\Admin\AppData\Roaming\Dropbox
2014-04-01 16:50 . 2014-04-05 08:43 -------- d-----w- c:\program files\stinger
2014-03-31 19:12 . 2014-04-06 18:53 -------- d-----w- C:\AdwCleaner
2014-03-31 18:48 . 2014-03-31 18:48 -------- d-----w- c:\program files\VS Revo Group
2014-03-31 18:10 . 2014-03-31 18:10 -------- d-----w- c:\users\Admin\AppData\Roaming\ChicaLogic
2014-03-31 18:10 . 2014-03-31 18:10 -------- d-----w- c:\programdata\ChicaLogic
2014-03-31 16:58 . 2014-03-31 17:28 -------- d-----w- c:\programdata\clp
2014-03-31 16:57 . 2014-03-31 16:58 -------- d-----w- c:\users\Admin\AppData\Roaming\Fighters
2014-03-31 16:57 . 2014-03-31 18:47 -------- d-----w- c:\users\Admin\AppData\Local\LogMeIn Rescue Applet
2014-03-31 16:56 . 2014-03-31 16:56 -------- d-----w- c:\program files\Common Files\Common Toolkit Suite
2014-03-31 16:54 . 2014-03-31 16:54 -------- d-----w- c:\programdata\Common Toolkit Suite
2014-03-31 16:54 . 2014-03-31 18:47 -------- d-----w- c:\programdata\Fighters
2014-03-26 06:05 . 2014-03-26 06:05 55224 ----a-w- c:\windows\system32\drivers\tStLibG.sys
2014-03-23 16:12 . 2014-03-23 16:12 45056 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{BE109F11-6E2C-43F4-B105-AC646809915D}\NewShortcut2_7024F073510147169F4B28E8B73F2DCF.exe
2014-03-23 16:12 . 2014-03-23 16:12 45056 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{BE109F11-6E2C-43F4-B105-AC646809915D}\NewShortcut1_9B3D64ED28EC4E27B62740E65B802B3A.exe
2014-03-23 16:12 . 2014-03-23 16:12 45056 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{BE109F11-6E2C-43F4-B105-AC646809915D}\ARPPRODUCTICON.exe
2014-03-23 16:11 . 2014-03-23 16:11 -------- d-----w- c:\users\Admin\AppData\Local\Downloaded Installations
2014-03-23 15:34 . 2014-03-23 15:35 -------- d-----w- c:\users\Admin\AppData\Roaming\WiseUpdate
2014-03-12 05:38 . 2014-02-07 10:38 2050560 ----a-w- c:\windows\system32\win32k.sys
2014-03-12 05:38 . 2014-02-03 10:37 505344 ----a-w- c:\windows\system32\qedit.dll
2014-03-12 05:38 . 2014-01-30 07:46 876032 ----a-w- c:\windows\system32\wer.dll
2014-03-12 05:38 . 2013-11-13 00:30 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 19:21 . 2012-05-08 21:08 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-12 19:21 . 2011-06-15 17:45 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-04 06:33 . 2014-02-04 06:42 626688 ----a-w- c:\windows\system32\msvcr80.dll
2014-01-17 15:24 . 2014-01-17 15:24 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2014-01-17 15:24 . 2014-01-17 15:24 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-10-31 59720]
"DellSystemDetect"="c:\users\Admin\AppData\Local\Apps\2.0\GH3DTNQ5.DB9\7RW983T5.A4G\dell..tion_0f612f649c4a10af_0005.0006_f9e15713f5aac8ac\DellSystemDetect.exe" [2014-04-06 258160]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]
"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-02-20 689744]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-05-06 405504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-3-26 32667896]
Netzmanager.lnk - c:\program files\Netzmanager\netzmanager.exe /Autostart [2014-1-24 14140416]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
Sync-Plus.lnk - c:\program files\Telekom\Sync-Plus\Start.exe /Autostart [2013-11-6 1370256]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files\WISO\Steuersoftware 2014\mshaktuell.exe [2013-12-1 1427760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2010-10-12 16:24 304568 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2006-11-17 21:13 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMReminderService]
2006-12-13 23:16 31232 ----a-r- c:\program files\Mindjet\MindManager 6\MmReminderService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2009-11-25 19:42 54672 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-06-20 17:57 295512 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
2009-04-24 09:21 360448 ----a-w- c:\windows\tsnpstd3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 08:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - TELEKOMNM3
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 21:05 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 19:21]
.
2014-04-06 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-04-04 08:57]
.
2014-04-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-10 15:56]
.
2014-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cec5375ce863d0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 06:32]
.
2014-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 06:32]
.
2014-04-06 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-04-04 08:49]
.
2014-04-06 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2014-04-04 08:51]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: cltnet.de
Trusted Zone: dell.com
Trusted Zone: neues-lernen.de\www.ba-lms
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-OVT Scanner - c:\windows\omniuns.exe USB\Vid_05a9&PID_1550 OVT Scanner
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-04-08 21:38
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\windows\TEMP\TMP00000056E5B25BCBAC440263 524288 bytes
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-04-08 21:40:02
ComboFix-quarantined-files.txt 2014-04-08 19:40
.
Vor Suchlauf: 30 Verzeichnis(se), 118.995.128.320 Bytes frei
Nach Suchlauf: 34 Verzeichnis(se), 118.969.389.056 Bytes frei
.
- - End Of File - - 219AB0F566215EFA5B893473008F6E02
5C616939100B85E558DA92B899A0FC36
|
|
08.04.2014, 23:07
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner verschickt emails Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ --> Rechner verschickt emails |
|
09.04.2014, 18:06
| #7 |
| | Rechner verschickt emails Hier die angeforderten Ergebnisse aus den drei Schritten 1. Schritt adwcleaner AdwCleaner[S2].txt: Code:
ATTFilter # AdwCleaner v3.023 - Bericht erstellt am 09/04/2014 um 18:27:50
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Admin - DELL-DIM-E520
# Gestartet von : C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FGXODH1P\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gelöscht : C:\Windows\system32\roboot.exe
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16540
-\\ Mozilla Firefox v
[ Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44d23gv6.default\prefs.js ]
-\\ Google Chrome v33.0.1750.154
[ Datei : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [20912 octets] - [03/04/2014 20:22:23]
AdwCleaner[R1].txt - [1656 octets] - [06/04/2014 20:40:19]
AdwCleaner[R2].txt - [1296 octets] - [09/04/2014 18:25:48]
AdwCleaner[S0].txt - [20807 octets] - [03/04/2014 21:26:16]
AdwCleaner[S1].txt - [1723 octets] - [06/04/2014 20:53:13]
AdwCleaner[S2].txt - [1217 octets] - [09/04/2014 18:27:50]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1277 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Admin on 09.04.2014 at 18:40:02,10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1690639883-1602079938-3287190603-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9DCECDAF-EC28-4DA6-BBB7-36722F047A47}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\fighters"
Successfully deleted: [Folder] "C:\Program Files\delicious add-on for internet explorer"
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{027C9E4F-E1C1-4A81-9766-9F49BD2F34BF}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{0A3FFD3C-D0E6-4F68-890A-4895FB11496D}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{0B27CE08-A9CA-4ADF-ACC6-216D73BE2901}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{0CC07A29-CBD3-45C1-839C-3A39C072DFA4}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{199814B8-9A93-4981-859A-FC7B7BA5FAB0}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{1AD3FB1D-D54E-4FD5-A7B0-0733D684E4A8}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{23C8A19A-BE53-4C20-9059-8803D5A598B4}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{2635CD58-ABB0-4190-B95B-CE605DF2D2F9}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{297585C4-7731-4A83-AB76-78B482BBD548}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{2DC65FA9-D744-41B2-AD46-1BF403D9B6DC}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{2E10DD96-DE7A-411A-9495-30FBB0B51E2D}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{304D748E-B617-4ECF-A823-984FD1D6A1F6}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{3311E03B-CFDF-4072-9D6F-EAE9D1D4B449}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{34A6A7F1-DA0E-4C3F-B711-9E515D92035B}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{39BED970-C7FB-4026-BAB5-9EB45B1143DA}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{4080DFB4-9263-42B4-B430-C03D81723D6A}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{43E5020F-811F-4AC4-8115-9BF849D0AA1B}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{4F89DA39-0AA3-45C0-AE7C-EEA6821693F3}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{520C3A6C-C4E3-4078-AB5B-B6EC8B93129A}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{55A28247-0AF1-4E4B-85C6-203E2FE15DD2}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{59CDBDA4-A5EF-417E-ABE4-D63F9EA14676}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{5A9B26F2-E7C0-4F44-8180-B59088991801}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{5DEA1EC4-FE54-4D1E-B110-A1DE6829FE3E}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{64C65982-AE49-4C2E-82CF-13B5599F9822}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{65246CAB-A556-44C7-A7BF-767E39A3EB4D}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{680F4ED6-506E-4E09-ACC4-0F5C636573D0}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{742732B4-543C-4C0F-83C4-562EA4E42543}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{7838AD73-EE11-4FFD-8114-BAFB5EE93F5C}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{7A968539-CF80-45E7-907D-6BE4961001D8}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{8C5DB1A7-EFC0-430C-ABDD-AAD4D2169194}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{906CC141-F789-470C-AFD0-2B36307DC458}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{A8DEDB03-2457-44CD-A078-7377F22F0C60}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{B2CFEB4A-00D7-413C-8F44-D65FC4FC80E2}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{BA351A13-0E6A-45E9-9D78-0D26F86A6162}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{BA856442-48F3-4D32-A9BB-7871B60A97E6}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{C9D487F9-68EB-4291-B830-87790BB1688C}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{CE18DE1E-FA17-4825-8047-CC11F03EAAA1}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{D4AC83FF-7E94-4045-950D-B7639BEF8513}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{E102ECB8-0063-4A58-A6C6-A3A16F885FE8}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{E394E891-6770-43BE-AF60-833347C4F0D9}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{F4895D8A-39EC-47EE-A947-C2A9E8B2540C}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{F5026515-A4C2-4918-8255-8D1DCE8E6001}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{F65FD618-43B0-40E7-B34C-A2EE92D4E339}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{F7BEA129-571E-4CD3-B15C-DDD4390962F2}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{F8D3D78F-1F6D-4CA0-8649-24112DB5CE67}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{FB8DD95E-5518-4B7C-992E-9D71B9DD6AE4}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{FCD58EFC-771C-4A5C-AC9A-00C31FDF6C2E}
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.04.2014 at 18:43:13,36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 (ATTENTION: ====> FRST version is 27 days old and could be outdated)
Ran by Admin (administrator) on DELL-DIM-E520 on 09-04-2014 18:53:53
Running from C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FGXODH1P
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
() C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\sqlservr.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
() C:\Windows\system32\PSIService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
() C:\Windows\FixCamera.exe
() C:\Windows\vsnpstd3.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Dell) C:\Users\Admin\AppData\Local\Apps\2.0\GH3DTNQ5.DB9\7RW983T5.A4G\dell..tion_0f612f649c4a10af_0005.0006_f9e15713f5aac8ac\DellSystemDetect.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe
(Dropbox, Inc.) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(SigmaTel, Inc.) C:\Windows\system32\STacSV.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
(Deutsche Telekom AG) C:\Program Files\Telekom\Sync-Plus\Sync-PlusTool.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [151552 2006-09-29] (Intel Corporation)
HKLM\...\Run: [ATICCC] - C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [90112 2006-07-11] ()
HKLM\...\Run: [RoxWatchTray] - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [221184 2006-11-05] (Sonic Solutions)
HKLM\...\Run: [FaxCenterServer] - C:\Program Files\Dell PC Fax\fm3032.exe [312200 2006-11-03] ()
HKLM\...\Run: [FixCamera] - C:\Windows\FixCamera.exe [20480 2007-07-11] ()
HKLM\...\Run: [snpstd3] - C:\Windows\vsnpstd3.exe [835584 2007-05-10] ()
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1983816 2009-07-27] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (CANON INC.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-05-06] (SigmaTel, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-1690639883-1602079938-3287190603-1000\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1690639883-1602079938-3287190603-1000\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-1690639883-1602079938-3287190603-1000\...\Run: [DellSystemDetect] - C:\Users\Admin\AppData\Local\Apps\2.0\GH3DTNQ5.DB9\7RW983T5.A4G\dell..tion_0f612f649c4a10af_0005.0006_f9e15713f5aac8ac\DellSystemDetect.exe [258160 2014-04-06] (Dell)
HKU\S-1-5-21-1690639883-1602079938-3287190603-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1690639883-1602079938-3287190603-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sync-Plus.lnk
ShortcutTarget: Sync-Plus.lnk -> C:\Program Files\Telekom\Sync-Plus\Start.exe (Deutsche Telekom AG)
==================== Internet (Whitelisted) ====================
ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {565515EB-44B6-7C1D-1738-38655AB28CA5} URL = hxxp://search.myheritage.com?orig=ds&q={searchTerms}
SearchScopes: HKCU - {565515EB-44B6-7C1D-1738-38655AB28CA5} URL =
SearchScopes: HKCU - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: No Name - {78875F5C-A685-4405-8DC5-D48DC65452B0} - No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Germany GmbH)
BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Germany GmbH)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Germany GmbH)
Toolbar: HKCU - No Name - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxp://support.euro.dell.com/systemprofiler/SysProExe.CAB
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44d23gv6.default
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=1.6.0_33 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.652 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.652 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44d23gv6.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-06-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-20]
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
Chrome:
=======
CHR HomePage: hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=4AE60019D1636D6C&affID=128492&tt=300314_16&tsp=5204
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\gcswf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files\real\realplayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-26]
CHR Extension: (Google-Suche) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-26]
CHR Extension: (RealDownloader) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-01-06]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-19]
CHR Extension: (Google Mail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-26]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
========================== Services (Whitelisted) =================
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S2 gupdate1c9b35cc6bdf230; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-04-02] (Google Inc.)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
R2 MSSQL$SERVEREXP2008; c:\Program Files\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\sqlservr.exe [43028328 2011-09-22] (Microsoft Corporation)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG)
U2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [174656 2006-11-02] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S4 SQLAgent$SERVEREXP2008; c:\Program Files\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\SQLAGENT.EXE [370024 2011-09-22] (Microsoft Corporation)
R2 STacSV; C:\Windows\system32\STacSV.exe [94208 2007-05-06] (SigmaTel, Inc.)
S2 StarMoney 7.0 OnlineUpdate; C:\Program Files\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S2 StarMoney 9.0 OnlineUpdate; C:\Program Files\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [663184 2014-01-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
==================== Drivers (Whitelisted) ====================
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 APL531; C:\Windows\System32\Drivers\ov550i.sys [580992 2012-01-05] (Omnivision Technologies, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-05-11] ()
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [24216 2010-03-10] (Initio Corporation)
S3 KMWDFilter; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [23944 2007-04-29] (Windows (R) Codename Longhorn DDK provider)
R3 mf; C:\Windows\System32\DRIVERS\mf.sys [109056 2008-01-18] (Microsoft Corporation)
R3 NmPar; C:\Windows\System32\DRIVERS\NmPar.sys [81408 2006-12-19] (Windows (R) Codename Longhorn DDK provider)
S4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10498688 2009-06-22] (Sonix Co. Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-05-06] (SigmaTel, Inc.)
R3 TelekomNM3; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R1 tStLibG; C:\Windows\System32\drivers\tStLibG.sys [55224 2014-03-26] (StdLib)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [X]
S2 DETEWECP; \SystemRoot\System32\drivers\detewecp.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 ulisa; System32\Drivers\ulisa.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-09 18:43 - 2014-04-09 18:43 - 00006321 _____ () C:\Users\Admin\Desktop\JRT.txt
2014-04-09 18:39 - 2014-04-09 18:39 - 00000000 ____D () C:\Windows\ERUNT
2014-04-09 18:38 - 2014-04-09 18:38 - 01016261 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe
2014-04-09 18:31 - 2014-04-09 18:31 - 00001357 _____ () C:\Users\Admin\Desktop\AdwCleaner[S2].txt
2014-04-08 21:59 - 2014-04-08 21:59 - 00000546 _____ () C:\Windows\PFRO.log
2014-04-08 21:50 - 2014-04-08 21:50 - 00014136 _____ () C:\Users\Admin\Desktop\combofix.txt
2014-04-08 21:40 - 2014-04-08 21:40 - 00014136 _____ () C:\ComboFix.txt
2014-04-08 21:23 - 2014-04-08 21:40 - 00000000 ____D () C:\ComboFix
2014-04-08 21:23 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-08 21:23 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-08 21:23 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-08 21:23 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-08 21:23 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-08 21:23 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-08 21:23 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-08 21:23 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-08 21:09 - 2014-04-08 21:40 - 00000000 ____D () C:\Qoobox
2014-04-08 21:08 - 2014-04-08 21:38 - 00000000 ____D () C:\Windows\erdnt
2014-04-07 18:54 - 2014-04-09 18:53 - 00000000 ____D () C:\FRST
2014-04-07 08:44 - 2014-04-07 08:44 - 00000988 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-04-07 08:44 - 2014-04-07 08:44 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Nico Mak Computing
2014-04-07 08:44 - 2014-04-07 08:44 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-04-07 08:44 - 2014-04-07 08:44 - 00000000 ____D () C:\Program Files\WinZip Malware Protector
2014-04-07 08:44 - 2013-03-15 17:01 - 00016384 _____ () C:\Windows\system32\wsusnative32.exe
2014-04-06 20:12 - 2014-04-06 20:13 - 00000000 __HDC () C:\ProgramData\{BA58D0EE-89D1-4191-9F19-B6AD920B04F7}
2014-04-06 20:12 - 2014-04-06 20:12 - 00000916 _____ () C:\Users\Public\Desktop\Netzmanager.lnk
2014-04-04 21:23 - 2014-04-09 18:33 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-04-04 21:23 - 2014-04-06 20:02 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-04-04 21:23 - 2014-04-06 20:02 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-04-04 21:22 - 2014-04-08 21:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-04 21:22 - 2014-04-04 21:22 - 00001960 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-04 21:22 - 2014-04-04 21:22 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-04-04 21:22 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2014-04-01 21:03 - 2014-04-09 18:32 - 00000000 ___RD () C:\Users\Admin\Dropbox
2014-04-01 21:03 - 2014-04-01 21:03 - 00000988 _____ () C:\Users\Admin\Desktop\Dropbox.lnk
2014-04-01 21:02 - 2014-04-01 21:03 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DropboxMaster
2014-04-01 21:02 - 2014-04-01 21:02 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-01 21:02 - 2014-04-01 21:02 - 00000000 ____D () C:\Program Files\Dropbox
2014-04-01 21:01 - 2014-04-09 18:32 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Dropbox
2014-04-01 20:49 - 2014-04-01 20:49 - 00527256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-01 19:57 - 2014-04-05 09:24 - 00000110 ___RH () C:\Users\Admin\Desktop\Stinger.opt
2014-04-01 18:50 - 2014-04-05 10:43 - 00000000 ____D () C:\Program Files\stinger
2014-04-01 18:49 - 2014-04-01 18:50 - 10640232 _____ (McAfee Inc) C:\Users\Admin\Desktop\stinger32.exe
2014-04-01 15:42 - 2014-04-01 15:42 - 00002961 _____ () C:\Users\Admin\Desktop\Mindjet MindManager Basic 6.lnk
2014-04-01 07:44 - 2014-04-01 07:44 - 00163648 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-31 21:12 - 2014-04-09 18:27 - 00000000 ____D () C:\AdwCleaner
2014-03-31 20:48 - 2014-03-31 20:48 - 00001059 _____ () C:\Users\Admin\Desktop\Revo Uninstaller.lnk
2014-03-31 20:48 - 2014-03-31 20:48 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-03-31 20:10 - 2014-03-31 20:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ChicaLogic
2014-03-31 20:10 - 2014-03-31 20:10 - 00000000 ____D () C:\ProgramData\ChicaLogic
2014-03-31 18:58 - 2014-03-31 19:28 - 00000000 ____D () C:\ProgramData\clp
2014-03-31 18:57 - 2014-03-31 20:47 - 00000000 ____D () C:\Users\Admin\AppData\Local\LogMeIn Rescue Applet
2014-03-31 18:56 - 2014-03-31 18:56 - 00000000 ____D () C:\Program Files\Common Files\Common Toolkit Suite
2014-03-31 18:54 - 2014-03-31 18:54 - 00000000 ____D () C:\ProgramData\Common Toolkit Suite
2014-03-26 08:05 - 2014-03-26 08:05 - 00055224 _____ (StdLib) C:\Windows\system32\Drivers\tStLibG.sys
2014-03-23 18:11 - 2014-03-23 18:11 - 00000000 ____D () C:\Users\Admin\AppData\Local\Downloaded Installations
2014-03-23 17:34 - 2014-03-23 17:35 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\WiseUpdate
2014-03-16 13:21 - 2014-03-16 13:21 - 00003120 _____ () C:\Windows\system32\ALLFSAF14a.ocx
2014-03-16 13:20 - 2014-03-16 13:20 - 00002063 _____ () C:\Users\Public\Desktop\Style Builder 2014.lnk
2014-03-16 13:20 - 2014-03-16 13:20 - 00001977 _____ () C:\Users\Public\Desktop\LayOut 2014.lnk
2014-03-16 13:20 - 2014-03-16 13:20 - 00001896 _____ () C:\Users\Public\Desktop\SketchUp 2014.lnk
2014-03-12 07:56 - 2014-02-23 07:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 07:56 - 2014-02-23 07:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 07:56 - 2014-02-23 07:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 07:56 - 2014-02-23 07:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 07:56 - 2014-02-23 07:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 07:56 - 2014-02-23 07:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 07:56 - 2014-02-23 07:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-12 07:56 - 2014-02-23 07:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 07:56 - 2014-02-23 07:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 07:56 - 2014-02-23 07:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 07:56 - 2014-02-23 07:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-12 07:56 - 2014-02-23 07:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 07:56 - 2014-02-23 07:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-12 07:56 - 2014-02-23 07:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 07:56 - 2014-02-23 07:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-12 07:56 - 2014-02-23 07:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 07:38 - 2014-02-07 12:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 07:38 - 2014-02-03 12:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 07:38 - 2014-01-30 09:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 07:38 - 2013-11-13 02:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-10 19:12 - 2014-03-10 19:22 - 138607664 _____ () C:\Users\Admin\Downloads\avira_free_antivirus_de (1).exe
==================== One Month Modified Files and Folders =======
2014-04-09 18:53 - 2014-04-07 18:54 - 00000000 ____D () C:\FRST
2014-04-09 18:43 - 2014-04-09 18:43 - 00006321 _____ () C:\Users\Admin\Desktop\JRT.txt
2014-04-09 18:39 - 2014-04-09 18:39 - 00000000 ____D () C:\Windows\ERUNT
2014-04-09 18:38 - 2014-04-09 18:38 - 01016261 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe
2014-04-09 18:37 - 2006-11-02 12:33 - 01790286 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-09 18:36 - 2014-02-23 18:23 - 01647592 _____ () C:\Windows\WindowsUpdate.log
2014-04-09 18:33 - 2014-04-04 21:23 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-04-09 18:32 - 2014-04-01 21:03 - 00000000 ___RD () C:\Users\Admin\Dropbox
2014-04-09 18:32 - 2014-04-01 21:01 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Dropbox
2014-04-09 18:31 - 2014-04-09 18:31 - 00001357 _____ () C:\Users\Admin\Desktop\AdwCleaner[S2].txt
2014-04-09 18:29 - 2013-10-09 23:34 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec5375ce863d0.job
2014-04-09 18:29 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-09 18:29 - 2006-11-02 14:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-09 18:29 - 2006-11-02 14:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-09 18:28 - 2007-12-18 22:28 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-04-09 18:28 - 2006-11-02 15:01 - 00032610 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-09 18:27 - 2014-03-31 21:12 - 00000000 ____D () C:\AdwCleaner
2014-04-09 18:24 - 2012-12-02 20:06 - 00000000 ____D () C:\Users\Admin\AppData\Local\3B218449-4347-465D-89AA-CA0941C55E5A.aplzod
2014-04-08 21:59 - 2014-04-08 21:59 - 00000546 _____ () C:\Windows\PFRO.log
2014-04-08 21:50 - 2014-04-08 21:50 - 00014136 _____ () C:\Users\Admin\Desktop\combofix.txt
2014-04-08 21:40 - 2014-04-08 21:40 - 00014136 _____ () C:\ComboFix.txt
2014-04-08 21:40 - 2014-04-08 21:23 - 00000000 ____D () C:\ComboFix
2014-04-08 21:40 - 2014-04-08 21:09 - 00000000 ____D () C:\Qoobox
2014-04-08 21:40 - 2008-03-31 18:14 - 00000000 ____D () C:\Users\Admin\AppData\Local\Apps\2.0
2014-04-08 21:40 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-04-08 21:40 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-04-08 21:38 - 2014-04-08 21:08 - 00000000 ____D () C:\Windows\erdnt
2014-04-08 21:38 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2014-04-08 21:17 - 2014-04-04 21:22 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-08 06:32 - 2013-04-05 21:17 - 00000000 ____D () C:\Program Files\StarMoney 9.0 S-Edition
2014-04-07 08:44 - 2014-04-07 08:44 - 00000988 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-04-07 08:44 - 2014-04-07 08:44 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Nico Mak Computing
2014-04-07 08:44 - 2014-04-07 08:44 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-04-07 08:44 - 2014-04-07 08:44 - 00000000 ____D () C:\Program Files\WinZip Malware Protector
2014-04-06 20:21 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Help
2014-04-06 20:13 - 2014-04-06 20:12 - 00000000 __HDC () C:\ProgramData\{BA58D0EE-89D1-4191-9F19-B6AD920B04F7}
2014-04-06 20:12 - 2014-04-06 20:12 - 00000916 _____ () C:\Users\Public\Desktop\Netzmanager.lnk
2014-04-06 20:12 - 2013-11-05 20:17 - 00000000 ____D () C:\ProgramData\Netzmanager
2014-04-06 20:12 - 2013-11-05 20:17 - 00000000 ____D () C:\Program Files\Netzmanager
2014-04-06 20:12 - 2013-11-05 20:16 - 00000000 __HDC () C:\ProgramData\{87B61FE8-334F-4066-B7AA-68DC81782D4D}
2014-04-06 20:11 - 2011-09-08 19:08 - 00000000 ____D () C:\Users\Admin\AppData\Local\Deployment
2014-04-06 20:02 - 2014-04-04 21:23 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-04-06 20:02 - 2014-04-04 21:23 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-04-05 10:43 - 2014-04-01 18:50 - 00000000 ____D () C:\Program Files\stinger
2014-04-05 09:24 - 2014-04-01 19:57 - 00000110 ___RH () C:\Users\Admin\Desktop\Stinger.opt
2014-04-04 21:22 - 2014-04-04 21:22 - 00001960 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-04 21:22 - 2014-04-04 21:22 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-04-03 21:20 - 2012-05-08 23:08 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-03 20:53 - 2009-06-30 18:40 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-03 17:18 - 2009-07-10 20:04 - 00001052 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-04-01 21:03 - 2014-04-01 21:03 - 00000988 _____ () C:\Users\Admin\Desktop\Dropbox.lnk
2014-04-01 21:03 - 2014-04-01 21:02 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DropboxMaster
2014-04-01 21:03 - 2007-05-22 09:15 - 00000000 ____D () C:\Users\Admin
2014-04-01 21:02 - 2014-04-01 21:02 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-01 21:02 - 2014-04-01 21:02 - 00000000 ____D () C:\Program Files\Dropbox
2014-04-01 20:52 - 2010-12-03 19:38 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-04-01 20:49 - 2014-04-01 20:49 - 00527256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-01 18:50 - 2014-04-01 18:49 - 10640232 _____ (McAfee Inc) C:\Users\Admin\Desktop\stinger32.exe
2014-04-01 15:42 - 2014-04-01 15:42 - 00002961 _____ () C:\Users\Admin\Desktop\Mindjet MindManager Basic 6.lnk
2014-04-01 07:44 - 2014-04-01 07:44 - 00163648 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-01 07:42 - 2013-06-30 19:34 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Wise Disk Cleaner
2014-03-31 21:39 - 2013-06-23 11:15 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Wise Registry Cleaner
2014-03-31 20:48 - 2014-03-31 20:48 - 00001059 _____ () C:\Users\Admin\Desktop\Revo Uninstaller.lnk
2014-03-31 20:48 - 2014-03-31 20:48 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-03-31 20:47 - 2014-03-31 18:57 - 00000000 ____D () C:\Users\Admin\AppData\Local\LogMeIn Rescue Applet
2014-03-31 20:32 - 2014-03-04 19:49 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-03-31 20:10 - 2014-03-31 20:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ChicaLogic
2014-03-31 20:10 - 2014-03-31 20:10 - 00000000 ____D () C:\ProgramData\ChicaLogic
2014-03-31 20:00 - 2009-08-21 18:25 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2014-03-31 19:28 - 2014-03-31 18:58 - 00000000 ____D () C:\ProgramData\clp
2014-03-31 18:56 - 2014-03-31 18:56 - 00000000 ____D () C:\Program Files\Common Files\Common Toolkit Suite
2014-03-31 18:54 - 2014-03-31 18:54 - 00000000 ____D () C:\ProgramData\Common Toolkit Suite
2014-03-30 19:50 - 2006-11-02 12:23 - 00000379 _____ () C:\Windows\win.ini
2014-03-30 19:35 - 2010-12-05 09:27 - 00000000 ____D () C:\ProgramData\CanonIJ
2014-03-26 08:05 - 2014-03-26 08:05 - 00055224 _____ (StdLib) C:\Windows\system32\Drivers\tStLibG.sys
2014-03-23 18:12 - 2013-11-17 13:39 - 00002044 _____ () C:\Users\Admin\Desktop\SEPA Account Converter.lnk
2014-03-23 18:12 - 2013-11-17 13:39 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Finanz
2014-03-23 18:12 - 2013-11-17 13:39 - 00000000 ____D () C:\Program Files\SEPA Account Converter
2014-03-23 18:11 - 2014-03-23 18:11 - 00000000 ____D () C:\Users\Admin\AppData\Local\Downloaded Installations
2014-03-23 17:35 - 2014-03-23 17:34 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\WiseUpdate
2014-03-18 19:48 - 2013-07-21 16:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 19:44 - 2006-11-02 12:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-03-16 20:44 - 2013-05-31 17:45 - 00000000 ____D () C:\ProgramData\SketchUp
2014-03-16 20:44 - 2013-05-31 17:45 - 00000000 ____D () C:\Program Files\SketchUp
2014-03-16 13:21 - 2014-03-16 13:21 - 00003120 _____ () C:\Windows\system32\ALLFSAF14a.ocx
2014-03-16 13:20 - 2014-03-16 13:20 - 00002063 _____ () C:\Users\Public\Desktop\Style Builder 2014.lnk
2014-03-16 13:20 - 2014-03-16 13:20 - 00001977 _____ () C:\Users\Public\Desktop\LayOut 2014.lnk
2014-03-16 13:20 - 2014-03-16 13:20 - 00001896 _____ () C:\Users\Public\Desktop\SketchUp 2014.lnk
2014-03-15 23:11 - 2009-04-02 08:32 - 00001965 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-12 21:21 - 2012-05-08 23:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-12 21:21 - 2011-06-15 19:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 20:06 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-03-12 19:38 - 2008-03-29 17:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 07:58 - 2007-05-24 21:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 07:54 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-03-10 19:24 - 2012-11-03 11:43 - 00001849 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-03-10 19:22 - 2014-03-10 19:12 - 138607664 _____ () C:\Users\Admin\Downloads\avira_free_antivirus_de (1).exe
Files to move or delete:
====================
C:\Users\Admin\AppData\Roaming\desktop.ini
C:\Users\Admin\CitrixOnlinePluginWeb.exe
C:\Users\Admin\IKEA_Home_Planner_FY10.exe
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\avgnt.exe
C:\Users\Admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwy9eaj.dll
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-09 18:38
==================== End Of Log ============================
Dazu muss ich noch anmerken, dass ich die Änderung meines Outlook-Passwortes erst heute durchgeführt habe. Hoffe dass mein Problem sich langsam löst. |
|
09.04.2014, 22:20
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner verschickt emails Bitte auch ein neues addition Log erstellen, dazu Haken setzen bei addition.txt dann auf Scan klicken 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.04.2014, 19:25
| #9 |
| |  Rechner verschickt emails So nun beide Dateien von heute abend nochmal: FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 (ATTENTION: ====> FRST version is 28 days old and could be outdated)
Ran by Admin (administrator) on DELL-DIM-E520 on 10-04-2014 20:13:14
Running from C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FGXODH1P
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
() C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\sqlservr.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
() C:\Windows\system32\PSIService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(SigmaTel, Inc.) C:\Windows\system32\STacSV.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
() C:\Windows\FixCamera.exe
() C:\Windows\vsnpstd3.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Dell) C:\Users\Admin\AppData\Local\Apps\2.0\GH3DTNQ5.DB9\7RW983T5.A4G\dell..tion_0f612f649c4a10af_0005.0006_f9e15713f5aac8ac\DellSystemDetect.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Dropbox, Inc.) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Deutsche Telekom AG) C:\Program Files\Telekom\Sync-Plus\Sync-PlusTool.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe
(Farbar) C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FGXODH1P\FRST (1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [151552 2006-09-29] (Intel Corporation)
HKLM\...\Run: [ATICCC] - C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [90112 2006-07-11] ()
HKLM\...\Run: [RoxWatchTray] - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [221184 2006-11-05] (Sonic Solutions)
HKLM\...\Run: [FaxCenterServer] - C:\Program Files\Dell PC Fax\fm3032.exe [312200 2006-11-03] ()
HKLM\...\Run: [FixCamera] - C:\Windows\FixCamera.exe [20480 2007-07-11] ()
HKLM\...\Run: [snpstd3] - C:\Windows\vsnpstd3.exe [835584 2007-05-10] ()
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1983816 2009-07-27] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (CANON INC.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-05-06] (SigmaTel, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-1690639883-1602079938-3287190603-1000\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1690639883-1602079938-3287190603-1000\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-1690639883-1602079938-3287190603-1000\...\Run: [DellSystemDetect] - C:\Users\Admin\AppData\Local\Apps\2.0\GH3DTNQ5.DB9\7RW983T5.A4G\dell..tion_0f612f649c4a10af_0005.0006_f9e15713f5aac8ac\DellSystemDetect.exe [258160 2014-04-06] (Dell)
HKU\S-1-5-21-1690639883-1602079938-3287190603-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1690639883-1602079938-3287190603-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sync-Plus.lnk
ShortcutTarget: Sync-Plus.lnk -> C:\Program Files\Telekom\Sync-Plus\Start.exe (Deutsche Telekom AG)
==================== Internet (Whitelisted) ====================
ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {565515EB-44B6-7C1D-1738-38655AB28CA5} URL = hxxp://search.myheritage.com?orig=ds&q={searchTerms}
SearchScopes: HKCU - {565515EB-44B6-7C1D-1738-38655AB28CA5} URL =
SearchScopes: HKCU - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: No Name - {78875F5C-A685-4405-8DC5-D48DC65452B0} - No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Germany GmbH)
BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Germany GmbH)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Germany GmbH)
Toolbar: HKCU - No Name - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxp://support.euro.dell.com/systemprofiler/SysProExe.CAB
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44d23gv6.default
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=1.6.0_33 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.652 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.652 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44d23gv6.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-06-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-20]
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
Chrome:
=======
CHR HomePage: hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=4AE60019D1636D6C&affID=128492&tt=300314_16&tsp=5204
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\gcswf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files\real\realplayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-26]
CHR Extension: (Google-Suche) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-26]
CHR Extension: (RealDownloader) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-01-06]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-19]
CHR Extension: (Google Mail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-26]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
========================== Services (Whitelisted) =================
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S2 gupdate1c9b35cc6bdf230; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-04-02] (Google Inc.)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
R2 MSSQL$SERVEREXP2008; c:\Program Files\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\sqlservr.exe [43028328 2011-09-22] (Microsoft Corporation)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG)
U2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [174656 2006-11-02] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S4 SQLAgent$SERVEREXP2008; c:\Program Files\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\SQLAGENT.EXE [370024 2011-09-22] (Microsoft Corporation)
R2 STacSV; C:\Windows\system32\STacSV.exe [94208 2007-05-06] (SigmaTel, Inc.)
S2 StarMoney 7.0 OnlineUpdate; C:\Program Files\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S2 StarMoney 9.0 OnlineUpdate; C:\Program Files\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [663184 2014-01-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
==================== Drivers (Whitelisted) ====================
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 APL531; C:\Windows\System32\Drivers\ov550i.sys [580992 2012-01-05] (Omnivision Technologies, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-05-11] ()
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [24216 2010-03-10] (Initio Corporation)
S3 KMWDFilter; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [23944 2007-04-29] (Windows (R) Codename Longhorn DDK provider)
R3 mf; C:\Windows\System32\DRIVERS\mf.sys [109056 2008-01-18] (Microsoft Corporation)
R3 NmPar; C:\Windows\System32\DRIVERS\NmPar.sys [81408 2006-12-19] (Windows (R) Codename Longhorn DDK provider)
S4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10498688 2009-06-22] (Sonix Co. Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-05-06] (SigmaTel, Inc.)
R3 TelekomNM3; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R1 tStLibG; C:\Windows\System32\drivers\tStLibG.sys [55224 2014-03-26] (StdLib)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [X]
S2 DETEWECP; \SystemRoot\System32\drivers\detewecp.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 ulisa; System32\Drivers\ulisa.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-10 07:26 - 2014-03-08 01:51 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-10 07:26 - 2014-03-08 01:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-10 07:26 - 2014-03-08 01:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-10 07:26 - 2014-03-08 01:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-10 07:26 - 2014-03-08 01:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-10 07:26 - 2014-03-08 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-10 07:26 - 2014-03-08 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-10 07:26 - 2014-03-08 00:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-10 07:26 - 2014-03-08 00:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-10 07:26 - 2014-03-08 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-10 07:26 - 2014-03-08 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-10 07:26 - 2014-03-08 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-10 07:26 - 2014-03-08 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-10 07:26 - 2014-03-08 00:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-10 07:26 - 2014-03-08 00:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-10 07:26 - 2014-03-08 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-10 06:46 - 2014-02-06 03:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 18:54 - 2014-04-09 18:54 - 00046000 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-04-09 18:43 - 2014-04-09 18:43 - 00006321 _____ () C:\Users\Admin\Desktop\JRT.txt
2014-04-09 18:39 - 2014-04-09 18:39 - 00000000 ____D () C:\Windows\ERUNT
2014-04-09 18:38 - 2014-04-09 18:38 - 01016261 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe
2014-04-09 18:31 - 2014-04-09 18:31 - 00001357 _____ () C:\Users\Admin\Desktop\AdwCleaner[S2].txt
2014-04-08 21:59 - 2014-04-08 21:59 - 00000546 _____ () C:\Windows\PFRO.log
2014-04-08 21:50 - 2014-04-08 21:50 - 00014136 _____ () C:\Users\Admin\Desktop\combofix.txt
2014-04-08 21:40 - 2014-04-08 21:40 - 00014136 _____ () C:\ComboFix.txt
2014-04-08 21:23 - 2014-04-08 21:40 - 00000000 ____D () C:\ComboFix
2014-04-08 21:23 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-08 21:23 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-08 21:23 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-08 21:23 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-08 21:23 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-08 21:23 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-08 21:23 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-08 21:23 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-08 21:09 - 2014-04-08 21:40 - 00000000 ____D () C:\Qoobox
2014-04-08 21:08 - 2014-04-08 21:38 - 00000000 ____D () C:\Windows\erdnt
2014-04-07 18:54 - 2014-04-10 20:13 - 00000000 ____D () C:\FRST
2014-04-07 08:44 - 2014-04-07 08:44 - 00000988 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-04-07 08:44 - 2014-04-07 08:44 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Nico Mak Computing
2014-04-07 08:44 - 2014-04-07 08:44 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-04-07 08:44 - 2014-04-07 08:44 - 00000000 ____D () C:\Program Files\WinZip Malware Protector
2014-04-07 08:44 - 2013-03-15 17:01 - 00016384 _____ () C:\Windows\system32\wsusnative32.exe
2014-04-06 20:12 - 2014-04-06 20:13 - 00000000 __HDC () C:\ProgramData\{BA58D0EE-89D1-4191-9F19-B6AD920B04F7}
2014-04-06 20:12 - 2014-04-06 20:12 - 00000916 _____ () C:\Users\Public\Desktop\Netzmanager.lnk
2014-04-04 21:23 - 2014-04-10 07:38 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-04-04 21:23 - 2014-04-06 20:02 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-04-04 21:23 - 2014-04-06 20:02 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-04-04 21:22 - 2014-04-08 21:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-04 21:22 - 2014-04-04 21:22 - 00001960 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-04 21:22 - 2014-04-04 21:22 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-04-04 21:22 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2014-04-01 21:03 - 2014-04-10 07:41 - 00000000 ___RD () C:\Users\Admin\Dropbox
2014-04-01 21:03 - 2014-04-01 21:03 - 00000988 _____ () C:\Users\Admin\Desktop\Dropbox.lnk
2014-04-01 21:02 - 2014-04-01 21:03 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DropboxMaster
2014-04-01 21:02 - 2014-04-01 21:02 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-01 21:02 - 2014-04-01 21:02 - 00000000 ____D () C:\Program Files\Dropbox
2014-04-01 21:01 - 2014-04-10 07:41 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Dropbox
2014-04-01 20:49 - 2014-04-01 20:49 - 00527256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-01 19:57 - 2014-04-05 09:24 - 00000110 ___RH () C:\Users\Admin\Desktop\Stinger.opt
2014-04-01 18:50 - 2014-04-05 10:43 - 00000000 ____D () C:\Program Files\stinger
2014-04-01 18:49 - 2014-04-01 18:50 - 10640232 _____ (McAfee Inc) C:\Users\Admin\Desktop\stinger32.exe
2014-04-01 15:42 - 2014-04-01 15:42 - 00002961 _____ () C:\Users\Admin\Desktop\Mindjet MindManager Basic 6.lnk
2014-04-01 07:44 - 2014-04-01 07:44 - 00163648 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-31 21:12 - 2014-04-09 18:27 - 00000000 ____D () C:\AdwCleaner
2014-03-31 20:48 - 2014-03-31 20:48 - 00001059 _____ () C:\Users\Admin\Desktop\Revo Uninstaller.lnk
2014-03-31 20:48 - 2014-03-31 20:48 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-03-31 20:10 - 2014-03-31 20:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ChicaLogic
2014-03-31 20:10 - 2014-03-31 20:10 - 00000000 ____D () C:\ProgramData\ChicaLogic
2014-03-31 18:58 - 2014-03-31 19:28 - 00000000 ____D () C:\ProgramData\clp
2014-03-31 18:57 - 2014-03-31 20:47 - 00000000 ____D () C:\Users\Admin\AppData\Local\LogMeIn Rescue Applet
2014-03-31 18:56 - 2014-03-31 18:56 - 00000000 ____D () C:\Program Files\Common Files\Common Toolkit Suite
2014-03-31 18:54 - 2014-03-31 18:54 - 00000000 ____D () C:\ProgramData\Common Toolkit Suite
2014-03-26 08:05 - 2014-03-26 08:05 - 00055224 _____ (StdLib) C:\Windows\system32\Drivers\tStLibG.sys
2014-03-23 18:11 - 2014-03-23 18:11 - 00000000 ____D () C:\Users\Admin\AppData\Local\Downloaded Installations
2014-03-23 17:34 - 2014-03-23 17:35 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\WiseUpdate
2014-03-16 13:21 - 2014-03-16 13:21 - 00003120 _____ () C:\Windows\system32\ALLFSAF14a.ocx
2014-03-16 13:20 - 2014-03-16 13:20 - 00002063 _____ () C:\Users\Public\Desktop\Style Builder 2014.lnk
2014-03-16 13:20 - 2014-03-16 13:20 - 00001977 _____ () C:\Users\Public\Desktop\LayOut 2014.lnk
2014-03-16 13:20 - 2014-03-16 13:20 - 00001896 _____ () C:\Users\Public\Desktop\SketchUp 2014.lnk
2014-03-12 07:38 - 2014-02-07 12:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 07:38 - 2014-02-03 12:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 07:38 - 2014-01-30 09:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 07:38 - 2013-11-13 02:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
==================== One Month Modified Files and Folders =======
2014-04-10 20:13 - 2014-04-07 18:54 - 00000000 ____D () C:\FRST
2014-04-10 20:11 - 2012-12-02 20:06 - 00000000 ____D () C:\Users\Admin\AppData\Local\3B218449-4347-465D-89AA-CA0941C55E5A.aplzod
2014-04-10 18:14 - 2006-11-02 14:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-10 18:14 - 2006-11-02 14:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-10 18:13 - 2014-02-23 18:23 - 01746357 _____ () C:\Windows\WindowsUpdate.log
2014-04-10 07:43 - 2006-11-02 12:33 - 01790286 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-10 07:41 - 2014-04-01 21:03 - 00000000 ___RD () C:\Users\Admin\Dropbox
2014-04-10 07:41 - 2014-04-01 21:01 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Dropbox
2014-04-10 07:38 - 2014-04-04 21:23 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-04-10 07:38 - 2013-10-09 23:34 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec5375ce863d0.job
2014-04-10 07:36 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-10 07:33 - 2007-12-18 22:28 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-04-10 07:33 - 2006-11-02 15:01 - 00032610 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-10 07:27 - 2007-05-24 21:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 07:24 - 2013-07-21 16:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 07:20 - 2006-11-02 12:24 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-04-09 18:54 - 2014-04-09 18:54 - 00046000 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-04-09 18:43 - 2014-04-09 18:43 - 00006321 _____ () C:\Users\Admin\Desktop\JRT.txt
2014-04-09 18:39 - 2014-04-09 18:39 - 00000000 ____D () C:\Windows\ERUNT
2014-04-09 18:38 - 2014-04-09 18:38 - 01016261 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe
2014-04-09 18:31 - 2014-04-09 18:31 - 00001357 _____ () C:\Users\Admin\Desktop\AdwCleaner[S2].txt
2014-04-09 18:27 - 2014-03-31 21:12 - 00000000 ____D () C:\AdwCleaner
2014-04-08 21:59 - 2014-04-08 21:59 - 00000546 _____ () C:\Windows\PFRO.log
2014-04-08 21:50 - 2014-04-08 21:50 - 00014136 _____ () C:\Users\Admin\Desktop\combofix.txt
2014-04-08 21:40 - 2014-04-08 21:40 - 00014136 _____ () C:\ComboFix.txt
2014-04-08 21:40 - 2014-04-08 21:23 - 00000000 ____D () C:\ComboFix
2014-04-08 21:40 - 2014-04-08 21:09 - 00000000 ____D () C:\Qoobox
2014-04-08 21:40 - 2008-03-31 18:14 - 00000000 ____D () C:\Users\Admin\AppData\Local\Apps\2.0
2014-04-08 21:40 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-04-08 21:40 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-04-08 21:38 - 2014-04-08 21:08 - 00000000 ____D () C:\Windows\erdnt
2014-04-08 21:38 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2014-04-08 21:17 - 2014-04-04 21:22 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-08 06:32 - 2013-04-05 21:17 - 00000000 ____D () C:\Program Files\StarMoney 9.0 S-Edition
2014-04-07 08:44 - 2014-04-07 08:44 - 00000988 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-04-07 08:44 - 2014-04-07 08:44 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Nico Mak Computing
2014-04-07 08:44 - 2014-04-07 08:44 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-04-07 08:44 - 2014-04-07 08:44 - 00000000 ____D () C:\Program Files\WinZip Malware Protector
2014-04-06 20:21 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Help
2014-04-06 20:13 - 2014-04-06 20:12 - 00000000 __HDC () C:\ProgramData\{BA58D0EE-89D1-4191-9F19-B6AD920B04F7}
2014-04-06 20:12 - 2014-04-06 20:12 - 00000916 _____ () C:\Users\Public\Desktop\Netzmanager.lnk
2014-04-06 20:12 - 2013-11-05 20:17 - 00000000 ____D () C:\ProgramData\Netzmanager
2014-04-06 20:12 - 2013-11-05 20:17 - 00000000 ____D () C:\Program Files\Netzmanager
2014-04-06 20:12 - 2013-11-05 20:16 - 00000000 __HDC () C:\ProgramData\{87B61FE8-334F-4066-B7AA-68DC81782D4D}
2014-04-06 20:11 - 2011-09-08 19:08 - 00000000 ____D () C:\Users\Admin\AppData\Local\Deployment
2014-04-06 20:02 - 2014-04-04 21:23 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-04-06 20:02 - 2014-04-04 21:23 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-04-05 10:43 - 2014-04-01 18:50 - 00000000 ____D () C:\Program Files\stinger
2014-04-05 09:24 - 2014-04-01 19:57 - 00000110 ___RH () C:\Users\Admin\Desktop\Stinger.opt
2014-04-04 21:22 - 2014-04-04 21:22 - 00001960 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-04 21:22 - 2014-04-04 21:22 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-04-03 21:20 - 2012-05-08 23:08 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-03 20:53 - 2009-06-30 18:40 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-03 17:18 - 2009-07-10 20:04 - 00001052 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-04-01 21:03 - 2014-04-01 21:03 - 00000988 _____ () C:\Users\Admin\Desktop\Dropbox.lnk
2014-04-01 21:03 - 2014-04-01 21:02 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DropboxMaster
2014-04-01 21:03 - 2007-05-22 09:15 - 00000000 ____D () C:\Users\Admin
2014-04-01 21:02 - 2014-04-01 21:02 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-01 21:02 - 2014-04-01 21:02 - 00000000 ____D () C:\Program Files\Dropbox
2014-04-01 20:52 - 2010-12-03 19:38 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-04-01 20:49 - 2014-04-01 20:49 - 00527256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-01 18:50 - 2014-04-01 18:49 - 10640232 _____ (McAfee Inc) C:\Users\Admin\Desktop\stinger32.exe
2014-04-01 15:42 - 2014-04-01 15:42 - 00002961 _____ () C:\Users\Admin\Desktop\Mindjet MindManager Basic 6.lnk
2014-04-01 07:44 - 2014-04-01 07:44 - 00163648 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-01 07:42 - 2013-06-30 19:34 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Wise Disk Cleaner
2014-03-31 21:39 - 2013-06-23 11:15 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Wise Registry Cleaner
2014-03-31 20:48 - 2014-03-31 20:48 - 00001059 _____ () C:\Users\Admin\Desktop\Revo Uninstaller.lnk
2014-03-31 20:48 - 2014-03-31 20:48 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-03-31 20:47 - 2014-03-31 18:57 - 00000000 ____D () C:\Users\Admin\AppData\Local\LogMeIn Rescue Applet
2014-03-31 20:32 - 2014-03-04 19:49 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-03-31 20:10 - 2014-03-31 20:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ChicaLogic
2014-03-31 20:10 - 2014-03-31 20:10 - 00000000 ____D () C:\ProgramData\ChicaLogic
2014-03-31 20:00 - 2009-08-21 18:25 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2014-03-31 19:28 - 2014-03-31 18:58 - 00000000 ____D () C:\ProgramData\clp
2014-03-31 18:56 - 2014-03-31 18:56 - 00000000 ____D () C:\Program Files\Common Files\Common Toolkit Suite
2014-03-31 18:54 - 2014-03-31 18:54 - 00000000 ____D () C:\ProgramData\Common Toolkit Suite
2014-03-30 19:50 - 2006-11-02 12:23 - 00000379 _____ () C:\Windows\win.ini
2014-03-30 19:35 - 2010-12-05 09:27 - 00000000 ____D () C:\ProgramData\CanonIJ
2014-03-26 08:05 - 2014-03-26 08:05 - 00055224 _____ (StdLib) C:\Windows\system32\Drivers\tStLibG.sys
2014-03-23 18:12 - 2013-11-17 13:39 - 00002044 _____ () C:\Users\Admin\Desktop\SEPA Account Converter.lnk
2014-03-23 18:12 - 2013-11-17 13:39 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Finanz
2014-03-23 18:12 - 2013-11-17 13:39 - 00000000 ____D () C:\Program Files\SEPA Account Converter
2014-03-23 18:11 - 2014-03-23 18:11 - 00000000 ____D () C:\Users\Admin\AppData\Local\Downloaded Installations
2014-03-23 17:35 - 2014-03-23 17:34 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\WiseUpdate
2014-03-16 20:44 - 2013-05-31 17:45 - 00000000 ____D () C:\ProgramData\SketchUp
2014-03-16 20:44 - 2013-05-31 17:45 - 00000000 ____D () C:\Program Files\SketchUp
2014-03-16 13:21 - 2014-03-16 13:21 - 00003120 _____ () C:\Windows\system32\ALLFSAF14a.ocx
2014-03-16 13:20 - 2014-03-16 13:20 - 00002063 _____ () C:\Users\Public\Desktop\Style Builder 2014.lnk
2014-03-16 13:20 - 2014-03-16 13:20 - 00001977 _____ () C:\Users\Public\Desktop\LayOut 2014.lnk
2014-03-16 13:20 - 2014-03-16 13:20 - 00001896 _____ () C:\Users\Public\Desktop\SketchUp 2014.lnk
2014-03-15 23:11 - 2009-04-02 08:32 - 00001965 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-12 21:21 - 2012-05-08 23:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-12 21:21 - 2011-06-15 19:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 20:06 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-03-12 19:38 - 2008-03-29 17:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 07:54 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
Files to move or delete:
====================
C:\Users\Admin\AppData\Roaming\desktop.ini
C:\Users\Admin\CitrixOnlinePluginWeb.exe
C:\Users\Admin\IKEA_Home_Planner_FY10.exe
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\avgnt.exe
C:\Users\Admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxi7lxj.dll
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-10 19:43
==================== End Of Log ============================
und die Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by Admin at 2014-04-10 20:13:51
Running from C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FGXODH1P
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
7-Zip 9.22beta (HKLM\...\7-Zip) (Version: - )
ABBYY PDF Transformer 2.0 (HKLM\...\{FA200000-0001-0000-0000-074957833700}) (Version: 2.0.1147.4912 - ABBYY Software Ltd.)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoImpression 6 (HKLM\...\{063E409E-3D7C-4A4A-95AB-2F124B9224B3}) (Version: 6.1.8.135 - ArcSoft)
Assistant zum Anpassen des Dell-Systems (HKLM\...\{FD023F61-65E9-465C-B558-7C64EB2B97E6}) (Version: 1.00.0000 - Dell Inc.)
ATI Catalyst Control Center Ex (HKLM\...\{F08F36A8-7EEA-DB4D-00D1-2CA68C2DD445}) (Version: 2.0.2488.36465 - Ihr Firmenname)
ATI Catalyst Install Manager (HKLM\...\{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}) (Version: 3.0.641.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Benutzerhandbuch (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version: - )
Bing Bar (HKLM\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: - )
Canon MP Navigator EX 3.0 (HKLM\...\MP Navigator EX 3.0) (Version: - )
Canon MP550 series Benutzerregistrierung (HKLM\...\Canon MP550 series Benutzerregistrierung) (Version: - )
Canon MP550 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)
Citrix Online Plug-in (DV) (Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
Citrix Online Plug-in (HDX) (Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
Citrix Online Plug-in (USB) (Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
Citrix Online Plug-in (Web) (Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
Corel Graphics Suite 11 (HKLM\...\InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}) (Version: 11 - Corel Corporation)
Corel Graphics Suite 11 (Version: 11 - Corel Corporation) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.6.0.4 - Dell)
Dell System Detect Bootstrapper (HKCU\...\8e3135b376bd523e) (Version: 1.1.0.15 - Dell)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.27 - Dropbox, Inc.)
Fax-Lösungen (HKLM\...\Dell Fax Solutions) (Version: - Dell, Inc.)
Free Video Flip and Rotate version 1.6 (HKLM\...\Free Video Flip and Rotate_is1) (Version: - DVDVideoSoft Limited.)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google SketchUp 8 (HKLM\...\{4BA6784F-3B10-473A-B9F5-33A36AC354D5}) (Version: 3.0.14358 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - )
Google Toolbar for Internet Explorer (Version: 4.0.0.002 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
IncrediMail (HKLM\...\IncrediMail) (Version: 5.8.5.3849 - IncrediMail Ltd.)
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
Intel(R) PRO Network Connections Drivers (HKLM\...\PROSet) (Version: - )
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
iPhone-Konfigurationsprogramm (HKLM\...\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}) (Version: 2.1.0.163 - Apple Inc.)
iPod for Windows 2006-06-28 (HKLM\...\InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}) (Version: 4.7.0 - Apple Computer, Inc.)
iPod for Windows 2006-06-28 (Version: 4.7.0 - Apple Computer, Inc.) Hidden
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
kicker Manager (HKLM\...\{FA71F299-A761-422E-80AE-3748F3ED1BCF}) (Version: - )
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Configuration Analyzer Tool 2.0 (HKLM\...\{2488B526-0B60-4DE1-A736-C3B5D64ACDEB}) (Version: 2.0.3 - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 (Version: - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Browser (HKLM\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Common Files (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Native Client (HKLM\...\{539A0EAA-E1BB-4163-9C1E-6C8BF4A17FA2}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server VSS Writer (HKLM\...\{D074DC76-F6C9-440E-A1D0-1DE958417FDB}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 (x86) (HKLM\...\{A8BD5A60-E843-46DC-8271-ABF20756BE0F}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 (x86) (HKLM\...\{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 SP1 CRT Redistributable (HKLM\...\{CC038D57-788A-4544-BF8F-179E5CF50D2F}) (Version: 1.00.0000 - Buhl Data Service GmbH)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XML Parser und SDK (HKLM\...\{35343FF7-939B-401A-87B3-FF90A5123D88}) (Version: 4.10.9404.0 - Microsoft Corporation)
Mindjet MindManager Basic 6 (HKLM\...\{716EE3B2-3256-453C-91FC-AEDD1CE6B77F}) (Version: 6.2.399 - Mindjet LLC)
MosChip Multi-IO Controller (HKLM\...\MosChip Technology) (Version: - )
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Netzmanager (HKLM\...\Netzmanager) (Version: 1.081 - Deutsche Telekom AG)
Netzmanager (Version: 1.081 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden
Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version: - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OLYMPUS CAMEDIA Master 4.1 (HKLM\...\{30BB4D60-81DB-11D5-BB77-00400536ABAC}) (Version: - )
OLYMPUS Master 2 (HKLM\...\{9FA93155-472F-4778-87A8-95244FD1535D}) (Version: 1.0.11 - OLYMPUS IMAGING CORP.)
OVT Scanner X86 (HKLM\...\{6B566EFE-DC1D-471F-93DD-84832663F140}) (Version: 1.00.0000 - OVT)
PC Camera-168 (HKLM\...\{ECD03DA7-5952-406A-8156-5F0C93618D1F}) (Version: 5.18.1209.106 - Sonix)
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: - )
PrintFit Visitenkarten-Druckerei (HKLM\...\Visitenkarten-Druckerei_is1) (Version: - )
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
QuickVerein 2013 V10 (HKLM\...\{70FB667D-C26A-4CEC-8668-D24B92036300}) (Version: 10.0 - Lexware)
RealDownloader (Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.0 - Roxio)
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD DE (HKLM\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.116 - Roxio, Inc.)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
Segeln 2007 (HKLM\...\Segeln 2007_is1) (Version: - Contendo Media Ltd.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SEPA Account Converter (HKLM\...\{BE109F11-6E2C-43F4-B105-AC646809915D}) (Version: 1.25.2 - Star Finanz GmbH)
Service Pack 3 für SQL Server 2008 (KB2546951) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5102.0 - SigmaTel)
SketchUp 2014 (HKLM\...\{A608A8D3-E77C-4BEE-8F2A-F8124F5F0FE2}) (Version: 14.0.4900 - Trimble Navigation Limited)
Skype Toolbars (HKLM\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
StarMoney (Version: 2.0 - StarFinanz) Hidden
StarMoney (Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney (Version: 5.0 - StarFinanz) Hidden
StarMoney 7.0 S-Edition (HKLM\...\{3980E70D-0F4E-4496-A0B4-8A78F0BDEF1B}) (Version: 7.0 - StarFinanz GmbH)
StarMoney 9.0 S-Edition (HKLM\...\{B7A27DA3-BAFD-4B81-BFF6-64ADE37A82C3}) (Version: 9.0 - Star Finanz GmbH)
Sweet Home 3D version 4.1 (HKLM\...\Sweet Home 3D_is1) (Version: - eTeks)
Sync-Plus (HKLM\...\Sync-Plus) (Version: 1.0.0.4 - Deutsche Telekom AG)
SyncToy 2.0 (x86) (HKLM\...\{AFDFC350-C142-4790-BE12-8357AECD028F}) (Version: 2.0.100.0 - Microsoft)
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version: - )
Unterstützungsdateien für Microsoft SQL Server 2008-Setup (HKLM\...\{2A231800-A7CF-4223-B8A3-1FD9057BAE96}) (Version: 10.3.5500.0 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
URL Assistant (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version: - )
VBA (2701.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
Windows 7 Upgrade Advisor Beta (HKLM\...\{4394DC3A-5DAC-4C80-A86E-FF462D0AD653}) (Version: 2.0.1125.0 - Microsoft Corporation)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0) (HKLM\...\E24870CB6AA1C3511635FF9020A3E9471287FBE7) (Version: 01/26/2008 2.6.0.0 - MobileTop)
WinZip Malware Protector (HKLM\...\WinZip Malware Protector_is1) (Version: 2.1.1000.10798 - WinZip International LLC)
Wise Disk Cleaner 8.03 (HKLM\...\Wise Disk Cleaner_is1) (Version: 8.03 - WiseCleaner.com, Inc.)
Wise Registry Cleaner 7.94 (HKLM\...\Wise Registry Cleaner_is1) (Version: 7.94 - WiseCleaner.com, Inc.)
WISO Mein Geld 2012 Professional (HKLM\...\WISO Mein Geld 2012 Professional) (Version: - Buhl Data Service GmbH)
WISO Mein Geld 2012 Professional (Version: 14.0.1.18 - Buhl Data Service GmbH) Hidden
WISO Steuer-Sparbuch 2011 (HKLM\...\{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}) (Version: 18.00.6928 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2012 (HKLM\...\{0CC1DAFB-40C8-4903-953D-471E541477C7}) (Version: 19.00.7303 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2013 (HKLM\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM\...\{58207B7A-46E8-4DFA-B3DE-7EA4A1F1A692}) (Version: 21.00.8480 - Buhl Data Service GmbH)
==================== Restore Points =========================
27-03-2014 15:57:42 Geplanter Prüfpunkt
28-03-2014 06:20:30 Geplanter Prüfpunkt
29-03-2014 09:13:10 Geplanter Prüfpunkt
30-03-2014 07:48:21 Windows Update
31-03-2014 16:55:03 Installed Fighters.
31-03-2014 18:00:15 Windows-Sicherung
31-03-2014 18:57:53 Revo Uninstaller's restore point - Jotzey
01-04-2014 18:40:16 Revo Uninstaller's restore point - buenosearch toolbar
02-04-2014 15:19:55 Geplanter Prüfpunkt
03-04-2014 16:14:05 Geplanter Prüfpunkt
04-04-2014 13:00:59 Geplanter Prüfpunkt
04-04-2014 19:27:40 Windows Update
05-04-2014 08:20:38 Geplanter Prüfpunkt
06-04-2014 15:56:28 Geplanter Prüfpunkt
06-04-2014 18:16:34 Revo Uninstaller's restore point - DDBAC
06-04-2014 18:17:14 DDBAC wird entfernt
08-04-2014 12:34:17 Windows Update
08-04-2014 17:29:40 Windows-Sicherung
10-04-2014 05:15:37 Windows Update
==================== Hosts content: ==========================
2006-11-02 12:23 - 2014-04-08 21:37 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0482066B-E54D-4CBD-AEE2-6A59F6BB3CAF} - System32\Tasks\{8566B205-96AB-4F05-8AF0-086CF6B765E9} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {07DB0FE8-91B5-462A-92FA-2D6C2C4CF4B0} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Admin => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {124C2ABD-4491-4C0F-910A-FFF4E2E10F50} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {151F5F5C-6942-4884-ADA5-5BA22FF5C124} - System32\Tasks\{66D3BFE2-9DDE-4102-A410-C639D65306F8} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1F7CFA07-C790-4BD0-A58B-82E510A72A29} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {21133EF4-87E0-4B54-9019-996FD3817108} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1690639883-1602079938-3287190603-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {2683F8B4-21E8-4CB9-A09C-0FA009ADE909} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2013-10-31] (Apple Inc.)
Task: {32BF206A-558D-4446-BAF8-89E72E64110F} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {3515DE1B-33DC-4580-B4C4-5F275A81504F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-02] (Google Inc.)
Task: {35C5B832-A116-4A02-A801-F99877DBC4F9} - System32\Tasks\Microsoft\Windows\RestartManager\{DC0CBD35-4755-453c-B4E5-B2891243C6F8} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {36DAC59F-AC6F-4504-8AD0-9C6DEE521026} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1690639883-1602079938-3287190603-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {431F60EA-5D7A-4B29-8DAD-C1F1E195660F} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {4891337E-0024-42F3-966C-531C1BF91316} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {4D091618-9150-4BD5-99FA-F504E8AE53C0} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {5799EE4E-29B7-4EE7-A243-53E3E7E32C53} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {76934A16-976F-498B-8E30-3F1E36E9E625} - System32\Tasks\GoogleUpdateTaskMachineCore1cec5375ce863d0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-02] (Google Inc.)
Task: {920E4647-01F3-4EE5-9D63-CB4492D53B38} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-02] (Google Inc.)
Task: {9285DEDC-EE50-4037-971E-5079CF6244F4} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {9F0E877B-F62F-4711-985D-2BE8EB50F587} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1690639883-1602079938-3287190603-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {AE9C730F-872D-4112-B8A5-E22AC40654AD} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {B84069D5-9CBE-4012-919D-61482842EC64} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: {BD92F8EF-5154-4AA2-88A0-F1A97205323E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {C8F9D847-60FC-492B-A435-AA4FF05249B2} - System32\Tasks\Microsoft\Windows\RestartManager\{0326B6CE-8078-4e19-B70D-597A68259D8B} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {D16D7F7E-2166-44BF-B44B-A95FA91C75FB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {D5B2BB23-86FD-439D-B98F-F8B1D1F69AC3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {E1D16F3D-EE4D-4A33-AED8-B10292A044CB} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1690639883-1602079938-3287190603-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {FC48E866-3468-4E1D-894A-9B8D285CEAB0} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe [2013-07-15] (Nico Mak Computing)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec5375ce863d0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
==================== Loaded Modules (whitelisted) =============
2007-05-28 00:32 - 2006-10-06 07:06 - 00045056 _____ () C:\Windows\System32\DLPRMON.DLL
2007-05-28 00:32 - 2006-10-06 07:24 - 00016384 _____ () C:\Program Files\Dell PC Fax\DlCtrStr.dll
2007-05-28 00:32 - 2006-10-06 07:04 - 00032768 _____ () C:\Program Files\Dell PC Fax\ipcmt.dll
2012-11-03 11:42 - 2012-09-19 20:17 - 00397088 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-12-03 19:38 - 2009-02-10 17:01 - 00116104 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2010-10-19 09:31 - 2010-10-19 09:31 - 00159744 _____ () C:\Program Files\Netzmanager\NMInfraIS2\driver\SoftplugLib.dll
2006-11-02 20:40 - 2006-11-02 20:40 - 00174656 _____ () C:\Windows\system32\PSIService.exe
2013-04-16 03:07 - 2013-04-16 03:07 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2007-12-02 15:43 - 2006-10-26 17:21 - 00056056 _____ () C:\Windows\system32\DLAAPI_W.DLL
2009-09-30 18:21 - 2007-07-11 16:09 - 00020480 _____ () C:\Windows\FixCamera.exe
2009-09-30 18:21 - 2007-05-10 13:18 - 00835584 _____ () C:\Windows\vsnpstd3.exe
2014-04-04 21:22 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-04-04 21:22 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2013-12-01 14:59 - 2013-12-19 15:44 - 01427760 _____ () C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe
2013-12-01 14:52 - 2013-12-19 15:45 - 09618736 _____ () C:\Program Files\WISO\Steuersoftware 2014\wgui14.dll
2013-12-01 14:52 - 2013-12-19 15:44 - 00035120 _____ () C:\Program Files\WISO\Steuersoftware 2014\rsdcom48.dll
2013-12-01 14:52 - 2013-12-19 15:44 - 00309040 _____ () C:\Program Files\WISO\Steuersoftware 2014\rscorewinapi48.dll
2013-12-01 14:52 - 2013-12-19 15:44 - 00321840 _____ () C:\Program Files\WISO\Steuersoftware 2014\rsguiwinapi48.dll
2013-12-01 14:52 - 2013-12-19 15:45 - 03698992 _____ () C:\Program Files\WISO\Steuersoftware 2014\wcore14.dll
2013-12-01 14:52 - 2013-12-19 15:44 - 00136496 _____ () C:\Program Files\WISO\Steuersoftware 2014\rsodbc48.dll
2013-12-01 14:52 - 2013-12-19 15:44 - 02573104 _____ () C:\Program Files\WISO\Steuersoftware 2014\wfvie14.dll
2013-12-01 14:52 - 2013-12-19 15:44 - 01886000 _____ () C:\Program Files\WISO\Steuersoftware 2014\wsteu14.dll
2013-12-01 14:52 - 2013-12-19 15:44 - 01905456 _____ () C:\Program Files\WISO\Steuersoftware 2014\wreli14.dll
2013-12-01 14:52 - 2013-12-19 15:44 - 04274992 _____ () C:\Program Files\WISO\Steuersoftware 2014\wauff14.dll
2013-12-01 14:52 - 2013-10-30 18:37 - 01043456 ____N () C:\Program Files\WISO\Steuersoftware 2014\clucene-core.dll
2013-12-01 14:52 - 2013-10-30 18:37 - 00094720 ____N () C:\Program Files\WISO\Steuersoftware 2014\clucene-shared.dll
2013-12-01 14:52 - 2013-10-30 18:37 - 00250368 ____N () C:\Program Files\WISO\Steuersoftware 2014\clucene-contribs-lib.dll
2013-12-01 14:52 - 2013-12-19 15:44 - 01468208 _____ () C:\Program Files\WISO\Steuersoftware 2014\wmain14.dll
2013-12-01 14:52 - 2013-12-19 15:45 - 05055792 _____ () C:\Program Files\WISO\Steuersoftware 2014\wbae114.dll
2013-12-01 14:52 - 2013-12-19 15:44 - 01678640 _____ () C:\Program Files\WISO\Steuersoftware 2014\wbae214.dll
2013-12-01 14:52 - 2013-12-19 15:44 - 01804080 _____ () C:\Program Files\WISO\Steuersoftware 2014\wbae314.dll
2013-12-01 14:52 - 2013-12-19 15:44 - 01626416 _____ () C:\Program Files\WISO\Steuersoftware 2014\wbae414.dll
2013-12-01 14:52 - 2013-12-19 15:44 - 01126704 _____ () C:\Program Files\WISO\Steuersoftware 2014\whau114.dll
2013-12-01 14:52 - 2013-12-19 15:45 - 01313072 _____ () C:\Program Files\WISO\Steuersoftware 2014\whau214.dll
2013-12-01 14:52 - 2013-12-19 15:44 - 01281840 _____ () C:\Program Files\WISO\Steuersoftware 2014\wwerb14.dll
2013-12-01 14:52 - 2013-12-19 15:45 - 07274288 _____ () C:\Program Files\WISO\Steuersoftware 2014\wkont14.dll
2013-12-01 14:52 - 2013-12-19 15:44 - 01274672 _____ () C:\Program Files\WISO\Steuersoftware 2014\wimp14.dll
2013-12-01 14:52 - 2013-12-19 15:44 - 01330480 _____ () C:\Program Files\WISO\Steuersoftware 2014\wfabu14.dll
2014-04-10 07:40 - 2014-04-10 07:40 - 00041984 _____ () c:\users\admin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxi7lxj.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: ECenter => c:\dell\E-Center\EULALauncher.exe
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: MMReminderService => C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
MSCONFIG\startupreg: OM2_Monitor => "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
MSCONFIG\startupreg: TkBellExe => "c:\program files\real\realplayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: tsnpstd3 => C:\Windows\tsnpstd3.exe
MSCONFIG\startupreg: Windows Mobile Device Center => C:\Windows\WindowsMobile\wmdc.exe
==================== Faulty Device Manager Devices =============
Name: isatap.{7B145558-9FC0-4CCF-B3EB-2A8214441AD8}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (04/10/2014 07:43:58 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3604
Error: (04/10/2014 07:43:58 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3604
Error: (04/10/2014 07:43:58 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/10/2014 07:43:57 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2340
Error: (04/10/2014 07:43:57 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2340
Error: (04/10/2014 07:43:57 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/10/2014 07:43:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1248
Error: (04/10/2014 07:43:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1248
Error: (04/10/2014 07:43:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/10/2014 07:33:22 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
System errors:
=============
Error: (04/10/2014 07:11:06 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "USER-2ABC274126",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{7B145558-9FC0-4CCF-B3EB-2A-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (04/10/2014 04:15:19 PM) (Source: Service Control Manager) (User: )
Description: 30000W32Time
Error: (04/10/2014 07:37:18 AM) (Source: Service Control Manager) (User: )
Description: 30000StarMoney 9.0 OnlineUpdate
Error: (04/10/2014 07:37:18 AM) (Source: Service Control Manager) (User: )
Description: 30000StarMoney 7.0 OnlineUpdate
Error: (04/10/2014 07:36:23 AM) (Source: Microsoft-Windows-TaskScheduler) (User: NT-AUTORITÄT)
Description: 2147942402
Error: (04/09/2014 07:18:45 PM) (Source: Service Control Manager) (User: )
Description: Spybot-S&D 2 Scanner Service%%1053
Error: (04/09/2014 07:18:44 PM) (Source: Service Control Manager) (User: )
Description: 30000Spybot-S&D 2 Scanner Service
Error: (04/09/2014 07:17:26 PM) (Source: Service Control Manager) (User: )
Description: 30000StarMoney 9.0 OnlineUpdate
Error: (04/09/2014 07:17:26 PM) (Source: Service Control Manager) (User: )
Description: 30000StarMoney 7.0 OnlineUpdate
Error: (04/09/2014 07:17:26 PM) (Source: Service Control Manager) (User: )
Description: Spybot-S&D 2 Scanner Service%%1053
Microsoft Office Sessions:
=========================
Error: (01/25/2014 01:40:01 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.
Error: (11/29/2013 02:08:21 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 21006 seconds with 60 seconds of active time. This session ended with a crash.
Error: (10/17/2013 11:54:44 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3114 seconds with 1620 seconds of active time. This session ended with a crash.
Error: (01/14/2012 09:34:17 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 36 seconds with 0 seconds of active time. This session ended with a crash.
Error: (08/23/2011 07:24:15 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 29 seconds with 0 seconds of active time. This session ended with a crash.
Error: (07/12/2011 06:54:04 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 812 seconds with 360 seconds of active time. This session ended with a crash.
Error: (04/03/2011 01:00:15 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 465 seconds with 300 seconds of active time. This session ended with a crash.
Error: (01/13/2011 10:03:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 9151 seconds with 660 seconds of active time. This session ended with a crash.
Error: (09/05/2010 04:12:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 366 seconds with 240 seconds of active time. This session ended with a crash.
Error: (12/04/2009 07:31:34 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8918 seconds with 360 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2013-11-22 21:22:52.974
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\verifier.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-06-20 19:45:57.621
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-06-20 19:45:57.224
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-03-28 06:37:33.668
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-03-28 06:37:33.314
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-03-23 16:42:34.076
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-03-23 16:42:33.732
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-03-23 16:42:18.687
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-03-23 16:42:18.269
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-03-23 16:36:39.124
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 50%
Total physical RAM: 3069.21 MB
Available physical RAM: 1511.39 MB
Total Pagefile: 6364.71 MB
Available Pagefile: 4304.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1921.45 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:222.78 GB) (Free:113.46 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:3.57 GB) NTFS
Drive f: (ST2014) (CDROM) (Total:0.56 GB) (Free:0 GB) CDFS
Drive h: (USB-Festplatte) (Fixed) (Total:232.88 GB) (Free:25.24 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 50000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=223 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: 561C78FD)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
10.04.2014, 21:11
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner verschickt emails Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ProxyServer: localhost:21320
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {565515EB-44B6-7C1D-1738-38655AB28CA5} URL = http://search.myheritage.com?orig=ds&q={searchTerms}
SearchScopes: HKCU - {565515EB-44B6-7C1D-1738-38655AB28CA5} URL =
SearchScopes: HKCU - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL =
Toolbar: HKCU - No Name - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
CHR HomePage: http://www.buenosearch.com/?babsrc=HP_ss&mntrId=4AE60019D1636D6C&affID=128492&tt=300314_16&tsp=5204
C:\Users\Admin\AppData\Roaming\desktop.ini
C:\Users\Admin\CitrixOnlinePluginWeb.exe
C:\Users\Admin\IKEA_Home_Planner_FY10.exe
C:\Users\Admin\AppData\Local\Temp\avgnt.exe
C:\Users\Admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxi7lxj.dll
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.04.2014, 06:51
| #11 |
| | Rechner verschickt emails und hier das Ergebnis Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01
Ran by Admin at 2014-04-11 07:49:58 Run:1
Running from C:\Users\Admin\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
ProxyServer: localhost:21320
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {565515EB-44B6-7C1D-1738-38655AB28CA5} URL = hxxp://search.myheritage.com?orig=ds&q={searchTerms}
SearchScopes: HKCU - {565515EB-44B6-7C1D-1738-38655AB28CA5} URL =
SearchScopes: HKCU - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL =
Toolbar: HKCU - No Name - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
CHR HomePage: hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=4AE60019D1636D6C&affID=128492&tt=300314_16&tsp=5204
C:\Users\Admin\AppData\Roaming\desktop.ini
C:\Users\Admin\CitrixOnlinePluginWeb.exe
C:\Users\Admin\IKEA_Home_Planner_FY10.exe
C:\Users\Admin\AppData\Local\Temp\avgnt.exe
C:\Users\Admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxi7lxj.dll
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
*****************
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{565515EB-44B6-7C1D-1738-38655AB28CA5} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{565515EB-44B6-7C1D-1738-38655AB28CA5} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{565515EB-44B6-7C1D-1738-38655AB28CA5} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{565515EB-44B6-7C1D-1738-38655AB28CA5} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BE28C22E-F666-424d-B5FD-125C4AFEE34E} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{61D1C847-DF80-423A-8C6D-DC03B97E6EBE} => Value deleted successfully.
HKCR\CLSID\{61D1C847-DF80-423A-8C6D-DC03B97E6EBE} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
CHR HomePage: hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=4AE60019D1636D6C&affID=128492&tt=300314_16&tsp=5204 ==> The Chrome "Settings" can be used to fix the entry.
C:\Users\Admin\AppData\Roaming\desktop.ini => Moved successfully.
C:\Users\Admin\CitrixOnlinePluginWeb.exe => Moved successfully.
C:\Users\Admin\IKEA_Home_Planner_FY10.exe => Moved successfully.
C:\Users\Admin\AppData\Local\Temp\avgnt.exe => Moved successfully.
C:\Users\Admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxi7lxj.dll => Moved successfully.
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe => Moved successfully.
==== End of Fixlog ====
|
|
11.04.2014, 09:23
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner verschickt emails Okay, dann bitte Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte  Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.04.2014, 15:03
| #13 |
| | Rechner verschickt emails Hallo cosinus, war nun zwei Tage unterwegs und mein Rechner hat sich nicht mehr mit unzustellbaren emails konfrontiert. Ich bekam noch deine Nachricht mit dem Text: "Okay, dann bitte Kontrollscans mit MBAM und ESET bitte:" Sorry, aber könntest du mir nochmal auf die Sprünge helfen, wie ich das durchführen soll? Danke. |
|
13.04.2014, 22:50
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner verschickt emails Beitrag mal komplett lesen? Die Anleitungen steht direkt dadrunter!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.04.2014, 21:39
| #15 |
| | Rechner verschickt emails Sorry, habe nicht registriert, dass wir jetzt auf Seite 2 sind, daher habe ich dann die Infos nicht gelesen: Nun aber das Protokoll aus MBAM Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 14.04.2014 Suchlauf-Zeit: 22:20:28 Logdatei: Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.04.14.07 Rootkit Datenbank: v2014.03.27.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Chameleon: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x86 Dateisystem: NTFS Benutzer: Admin Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 271931 Verstrichene Zeit: 33 Min, 49 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 14 PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, In Quarantäne, [956b639d6c948c741b2be267ee145aa6], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, In Quarantäne, [956b639d6c948c741b2be267ee145aa6], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, In Quarantäne, [956b639d6c948c741b2be267ee145aa6], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, In Quarantäne, [956b639d6c948c741b2be267ee145aa6], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, In Quarantäne, [956b639d6c948c741b2be267ee145aa6], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, In Quarantäne, [956b639d6c948c741b2be267ee145aa6], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, In Quarantäne, [956b639d6c948c741b2be267ee145aa6], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, In Quarantäne, [956b639d6c948c741b2be267ee145aa6], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, In Quarantäne, [956b639d6c948c741b2be267ee145aa6], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, In Quarantäne, [956b639d6c948c741b2be267ee145aa6], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, In Quarantäne, [956b639d6c948c741b2be267ee145aa6], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, In Quarantäne, [956b639d6c948c741b2be267ee145aa6], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, In Quarantäne, [956b639d6c948c741b2be267ee145aa6], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, In Quarantäne, [956b639d6c948c741b2be267ee145aa6], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 5 PUP.Optional.RegCleanerPro, C:\Users\Admin\Downloads\rcpsetup_matomy_my30679 (1).exe, In Quarantäne, [936d867a8f71ce3235076d988e73de22], PUP.Optional.RegCleanerPro, C:\Users\Admin\Downloads\rcpsetup_matomy_my30679.exe, In Quarantäne, [01ff39c70af6c53b53e90203fa07e31d], PUP.Optional.Wajam.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jpmbfleldcgkldadpdinhjjopdfpjfjp_0.localstorage, In Quarantäne, [7e822bd525db7c8485b3f87328dac33d], PUP.Optional.BuenoSearch.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences, Gut: (), Schlecht: ( "homepage": "hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=4AE60019D1636D6C&affID=128492&tt=300314_16&tsp=5204",), Ersetzt,[42bedb250df3b14f31d493bb71937a86] PUP.Optional.BuenoSearch.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences, Gut: (), Schlecht: ( "startup_urls": [ "hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=4AE60019D1636D6C&affID=128492&tt=300314_16&tsp=5204" ]), Ersetzt,[6799e51bb05059a765d2bb9358ac13ed] Physische Sektoren: 0 (No malicious items detected) (end) |
|
| Themen zu Rechner verschickt emails |
| absender, account, anderer, email, emailkonto, emails, emails weiterleiten unzustellbar, erhalte, erkennen, fehlermeldung, georg, hinweis, nicht mehr, nutze, outlook, probleme, rechner, schädling, schädling?, stelle, systemadministrator, troja, trojaner, unbekannter, verschickt, versenden, vista |
Linear-Darstellung
