| |
| |||||||
Log-Analyse und Auswertung: Bank hat Online-Banking gesperrt wegen Verdacht von TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.06.2014, 19:56
| #1 |
 |  Bank hat Online-Banking gesperrt wegen Verdacht von Trojaner Beim Einloggen zum Online-Banking der Sparkasse erhielt ich die Mitteilung, dass der Zugang gesperrt wurde. Am selben Tag kam noch Post von der Sparkasse, dass die Onlinebanking-Zugangsdaten auf einem von Trojanern genutzem Pishing-Server gefunden wurden und deshalb die Zugangsdaten durch die Sparkasse gesperrt wurden. Bisher ist mir nur aufgefallen, dass ich nicht mehr aus dem Internet Explorer heraus drucken kann, bei den Downloads dauerte die Sicherheitsüberprüfung extrem lange und der PC war zudem sehr langsam. Sonstige Unregelmäßigkeiten konnte ich jedoch nicht feststellen. Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:02-06-2014
Ran by Sonja (administrator) on SONJA-PC on 05-06-2014 20:12:23
Running from C:\Users\Sonja\Downloads
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\SoftwareUpdater\UpdaterService.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files\003\vxlsnyaiet32.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
() C:\Program Files\SoftwareUpdater\AppsUpdater.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\WINDOWS\System32\conime.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [ApnUpdater] => C:\Program Files\Ask.com\Updater\Updater.exe [1573584 2012-10-29] (Ask)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-04] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800 2008-03-28] (Synaptics, Inc.)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [13601312 2009-06-24] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] => C:\Windows\system32\NvMcTray.dll [92704 2009-06-24] (NVIDIA Corporation)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472776 2007-03-01] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [317128 2007-01-10] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe
HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\launcher.exe [44128 2006-11-08] (soft thinks)
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Kaspersky Lab <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3630345418-880999805-3251746199-1000\...\Run: [ISUSPM Startup] => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
HKU\S-1-5-21-3630345418-880999805-3251746199-1000\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [247768 2012-08-28] (TomTom)
HKU\S-1-5-21-3630345418-880999805-3251746199-1000\...\Run: [svñhîst] => %USERPROFILE%\AppData\Local\Temp\wpbt0.dll <===== ATTENTION
HKU\S-1-5-21-3630345418-880999805-3251746199-1000\...\Run: [utyakwd] => regsvr32.exe "C:\ProgramData\utyakwd.dat"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1398932053&from=adks&uid=395049983_266114_D821E438&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1398932053&from=adks&uid=395049983_266114_D821E438
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1398932053&from=adks&uid=395049983_266114_D821E438
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1398932053&from=adks&uid=395049983_266114_D821E438&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1398932053&from=adks&uid=395049983_266114_D821E438&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1398932053&from=adks&uid=395049983_266114_D821E438
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1398932053&from=adks&uid=395049983_266114_D821E438&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1398932053&from=adks&uid=395049983_266114_D821E438&q={searchTerms}
SearchScopes: HKLM - {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=RGxdm204YYDE&ptb=gzHzwjRMwEaBmECfkO2gSg&ind=2010121210&ptnrS=RGxdm204YYDE&si=2845&n=77d003fa&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
SearchScopes: HKLM - {FD524BA7-ACF0-49FE-9360-E6BCCDCC5412} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119721&babsrc=SP_ss&mntrId=d821e438000000000000001a73467026
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119721&babsrc=SP_ss&mntrId=d821e438000000000000001a73467026
SearchScopes: HKCU - {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=RGxdm204YYDE&ptb=gzHzwjRMwEaBmECfkO2gSg&ind=2010121210&ptnrS=RGxdm204YYDE&si=2845&n=77d003fa&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
SearchScopes: HKCU - {FA62F52A-5E85-49EC-85FA-7DDDA0C3EE0D} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=a08f2769-e56e-4474-8086-1fe60438f386&apn_sauid=80E447C6-CC24-4092-9579-6D95E642EB6C
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File
Toolbar: HKLM - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - No Name - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
Toolbar: HKCU - No Name - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File
Toolbar: HKCU - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @mywebsearch.com/Plugin - C:\Program Files\MyWebSearch\bar\2.bin\NPMyWebS.dll (MyWebSearch.com)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2009-09-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-08-14]
FF HKLM\...\Firefox\Extensions: [m3ffxtbr@mywebsearch.com] - C:\Program Files\MyWebSearch\bar\2.bin
FF Extension: My Web Search - C:\Program Files\MyWebSearch\bar\2.bin [2011-04-26]
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-08-14]
========================== Services (Whitelisted) =================
S3 AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [126976 2006-06-26] (Hewlett-Packard Development Company, L.P.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-06-04] (Avira Operations GmbH & Co. KG)
R2 CLCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [270431 2006-11-25] ()
R2 CLSched; C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [118877 2006-11-25] ()
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [58984 2006-12-04] (Hewlett-Packard)
R3 hpqcxs08; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.)
S2 hpqddsvc; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll [135168 2008-03-25] (Hewlett-Packard Co.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
R2 SrvUpdater; C:\Program Files\SoftwareUpdater\UpdaterService.exe [31744 2012-12-21] ()
R2 vxlsnyaiet32; C:\Program Files\003\vxlsnyaiet32.exe [541696 2014-05-01] ()
S2 CLTNetCnService; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]
S2 MyWebSearchService; No ImagePath
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [145920 2006-11-18] (Conexant Systems Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 WinPhlash; C:\SwSetup\sp48125\SWinFlash\PHLASHNT.SYS [31616 2006-09-06] ()
R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}t; C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}t.sys [55224 2014-04-28] (StdLib)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
U4 eabfiltr;
S3 HSXHWAZL; system32\DRIVERS\HSXHWAZL.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 kl1; system32\DRIVERS\kl1.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 TSP; system32\DRIVERS\klif.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-05 20:12 - 2014-06-05 20:13 - 00018385 _____ () C:\Users\Sonja\Downloads\FRST.txt
2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ___DC () C:\FRST
2014-06-05 20:11 - 2014-06-05 20:11 - 01059840 _____ (Farbar) C:\Users\Sonja\Downloads\FRST.exe
2014-06-05 20:10 - 2014-06-05 20:11 - 00000472 _____ () C:\Users\Sonja\Downloads\defogger_disable.log
2014-06-05 20:10 - 2014-06-05 20:10 - 00000000 _____ () C:\Users\Sonja\defogger_reenable
2014-06-05 20:08 - 2014-06-05 20:08 - 00050477 _____ () C:\Users\Sonja\Downloads\Defogger.exe
2014-05-16 07:32 - 2014-05-16 07:32 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-16 07:29 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 07:29 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-16 07:29 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 06:43 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-12 13:31 - 2014-05-12 13:31 - 00279160 _____ (Microsoft Corporation) C:\ProgramData\utyakwd.dat
==================== One Month Modified Files and Folders =======
2014-06-05 20:13 - 2014-06-05 20:12 - 00018385 _____ () C:\Users\Sonja\Downloads\FRST.txt
2014-06-05 20:13 - 2007-06-05 10:24 - 00000000 ____D () C:\Users\Sonja\AppData\Local\Temp
2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ___DC () C:\FRST
2014-06-05 20:11 - 2014-06-05 20:11 - 01059840 _____ (Farbar) C:\Users\Sonja\Downloads\FRST.exe
2014-06-05 20:11 - 2014-06-05 20:10 - 00000472 _____ () C:\Users\Sonja\Downloads\defogger_disable.log
2014-06-05 20:10 - 2014-06-05 20:10 - 00000000 _____ () C:\Users\Sonja\defogger_reenable
2014-06-05 20:10 - 2007-06-05 10:24 - 00000000 ____D () C:\Users\Sonja
2014-06-05 20:09 - 2007-06-05 20:01 - 01738059 _____ () C:\Windows\WindowsUpdate.log
2014-06-05 20:08 - 2014-06-05 20:08 - 00050477 _____ () C:\Users\Sonja\Downloads\Defogger.exe
2014-06-05 20:03 - 2014-01-11 13:05 - 00074624 _____ () C:\ProgramData\nvModes.001
2014-06-05 20:02 - 2014-05-01 10:32 - 00000282 _____ () C:\Windows\Tasks\FF Watcher {94748EF8-EB34-417D-BE4E-6D92D9D1E18E}.job
2014-06-05 20:00 - 2011-05-10 22:51 - 00241136 _____ () C:\Windows\PFRO.log
2014-06-05 20:00 - 2011-05-10 19:34 - 00000000 ____D () C:\Program Files\Trojan Remover
2014-06-05 20:00 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-05 20:00 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-05 20:00 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-05 19:59 - 2006-11-02 15:01 - 00032538 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-05 19:38 - 2014-01-11 13:05 - 00074624 _____ () C:\ProgramData\nvModes.dat
2014-06-05 09:30 - 2010-03-30 20:02 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-04 07:41 - 2012-12-18 20:02 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-04 07:41 - 2012-12-18 20:02 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-27 13:36 - 2011-02-23 21:11 - 00000000 ____D () C:\Users\Sonja\Documents\Sonja
2014-05-17 20:45 - 2011-08-04 20:32 - 00000000 ____D () C:\Users\Sonja\AppData\Local\.elfohilfe
2014-05-17 08:12 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-16 07:38 - 2009-01-13 19:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-16 07:37 - 2013-08-19 11:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 07:33 - 2006-11-02 12:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-16 07:32 - 2014-05-16 07:32 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 12:01 - 2010-04-05 13:28 - 00003300 ____C () C:\fpRedmon.log
2014-05-15 12:01 - 2010-04-05 13:28 - 00000000 ____D () C:\Users\Sonja\AppData\Local\FreePDF_XP
2014-05-13 17:56 - 2011-05-01 13:28 - 00000000 ____D () C:\Users\Sonja\EST
2014-05-12 18:21 - 2007-07-09 21:13 - 00000000 ____D () C:\Program Files\ElsterFormular
2014-05-12 13:31 - 2014-05-12 13:31 - 00279160 _____ (Microsoft Corporation) C:\ProgramData\utyakwd.dat
2014-05-06 01:32 - 2014-05-16 07:29 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 01:14 - 2014-05-16 07:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 01:14 - 2014-05-16 07:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
Files to move or delete:
====================
C:\ProgramData\utyakwd.dat
Some content of TEMP:
====================
C:\Users\Sonja\AppData\Local\Temp\avgnt.exe
C:\Users\Sonja\AppData\Local\Temp\BackupSetup.exe
C:\Users\Sonja\AppData\Local\Temp\nsl84A9.tmp.exe
C:\Users\Sonja\AppData\Local\Temp\sqlite3.exe
C:\Users\Sonja\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Sonja\AppData\Local\Temp\System.Data.SQLite25314.dll
C:\Users\Sonja\AppData\Local\Temp\System.Data.SQLite99741.dll
C:\Users\Sonja\AppData\Local\Temp\uninst1.exe
C:\Users\Sonja\AppData\Local\Temp\v-bates.exe
C:\Users\Sonja\AppData\Local\Temp\_is3370.exe
C:\Users\Sonja\AppData\Local\Temp\_is3BA8.exe
C:\Users\Sonja\AppData\Local\Temp\_is4865.exe
C:\Users\Sonja\AppData\Local\Temp\_is5D3C.exe
C:\Users\Sonja\AppData\Local\Temp\_isAC74.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-06-05 20:11
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:02-06-2014
Ran by Sonja at 2014-06-05 20:14:17
Running from C:\Users\Sonja\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
32 Bit HP CIO Components Installer (Version: 2.1.5 - Hewlett-Packard) Hidden
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Reader 8.1.3 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A81300000003}) (Version: 8.1.3 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 10.3.0.24 - Adobe Systems, Inc.)
Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.11.0 - Ask.com) <==== ATTENTION
ASL_HS_Installer32 (Version: 1.0.9 - Hewlett-Packard) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
Avira SearchFree Toolbar plus Web Protection Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.3.30498 - Ask.com) <==== ATTENTION
BPM-Studio 4 Profi (HKLM\...\BPM-Studio 4 Profi) (Version: - )
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 5.10.38.26 - Broadcom Corporation)
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version: - )
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 110.0.180.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DocMgr (Version: 100.0.201.000 - Hewlett-Packard) Hidden
DocProc (Version: 10.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
ElsterFormular 2006/2007 (HKLM\...\{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}) (Version: 8.1.0.0 - Steuerverwaltung des Bundes und der Länder)
ElsterFormular 2007/2008 (HKLM\...\{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}) (Version: 9.1.0.0 - Steuerverwaltung des Bundes und der Länder)
ElsterFormular 2008/2009 (HKLM\...\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}) (Version: 10.3.1.0 - Steuerverwaltung des Bundes und der Länder)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version: - )
GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version: - )
Hewlett-Packard Active Check (Version: 1.1.4.0 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent (Version: 2.0.55.0 - HP) Hidden
HP Active Support Library (Version: 1.0.21 - Hewlett-Packard) Hidden
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Document Manager 1.0 (HKLM\...\HP Document Manager) (Version: 1.0 - HP)
HP Easy Setup - Core (HKLM\...\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}) (Version: 1.00.0000 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.00.0000 - Hewlett-Packard)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
HP Photosmart Essential2.01 (Version: 1.01.0000 - Hewlett-Packard) Hidden
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
HP QuickPlay 3.0 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - )
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
HP Support Solutions Framework (HKLM\...\{23CCE784-A812-4647-AEFF-1DCCD4E57478}) (Version: 11.50.0000 - Hewlett-Packard Company)
HP Update (HKLM\...\{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}) (Version: 5.002.007.004 - Hewlett-Packard)
HP User Guide 0041 (HKLM\...\{D5CEFEDA-38DF-4F94-A392-C86163CB9965}) (Version: 1.00.0008 - Ihr Firmenname)
HP Wireless Assistant (HKLM\...\{D32067CD-7409-4792-BFA0-1469BCD8F0C8}) (Version: 3.00 F1 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Java(TM) 6 Update 16 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.160 - Sun Microsystems, Inc.)
Java(TM) 6 Update 2 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160020}) (Version: 1.6.0.20 - Sun Microsystems, Inc.)
Java(TM) SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lexware business office pro 2007 (Version: 7.00 - Lexware) Hidden
Lexware business office pro 2008 (Version: 8.00.00.0084 - Lexware) Hidden
Lexware business office pro Aktualisierung Februar 2008, Version 8.20 (Version: 8.20.00.0016 - Lexware) Hidden
Lexware Business office pro Aktualisierung Februar 2009, Version 9.20 (Version: 9.20.00.0024 - Lexware) Hidden
Lexware business office pro Aktualisierung Januar 2008, Version 8.10 (Version: 8.10.00.0021 - Lexware) Hidden
LightScribe 1.4.124.1 (Version: 1.4.124.1 - hxxp://www.lightscribe.com) Hidden
MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Basic 2007 (HKLM\...\BASICR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Basic 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Thunderbird (3.1.7) (HKLM\...\Mozilla Thunderbird (3.1.7)) (Version: 3.1.7 (de) - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
OCR Software by I.R.I.S. 10.0 (HKLM\...\HPOCR) (Version: 10.0 - HP)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
RENESIS® Player Browser Plugins (HKLM\...\{62B7C52C-CAB6-48B1-8245-52356C141C92}) (Version: 1.1.1 - examotion® GmbH)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}) (Version: 9.0.114 - Roxio)
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Assistant (HKLM\...\Samsung Scan Assistant) (Version: 1.05.07 (20.07.2012) - Samsung Electronics Co., Ltd.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Servicepack Datumsaktualisierung (Version: 1.00.00.0005 - Haufe-Lexware) Hidden
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SoftwareUpdater (HKLM\...\SoftwareUpdater) (Version: - )
SolutionCenter (Version: 100.0.175.000 - Hewlett-Packard) Hidden
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Status (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.0.7.0 - Synaptics)
TomTom HOME (HKLM\...\{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}) (Version: 2.9.2 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TrayApp (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_BASICR_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_BASICR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_BASICR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_BASICR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.00 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
==================== Restore Points =========================
==================== Hosts content: ==========================
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {12A18A08-CD69-43C1-9C90-26445111CB65} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {16EE96FF-EEFB-4722-8D9D-C82957CA03D1} - System32\Tasks\FF Watcher {94748EF8-EB34-417D-BE4E-6D92D9D1E18E} => C:\Program Files\V-bates\PrefHelper.exe
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {29DB40C4-DF1C-4BB9-9BA3-A8B2E1C3EA0A} - System32\Tasks\Microsoft\Windows\RestartManager\{DAE54BFC-0BDF-4e52-A9E8-0AF1BE3BE28F} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {4C29AA75-F4A7-47FE-9DE5-2D5FD5AD4AA3} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2012-10-29] () <==== ATTENTION
Task: {6635AD3B-DA42-4324-87BB-D58F45C726A5} - System32\Tasks\Hewlett-Packard-Online-Aktualisierungsprogramm => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2006-12-04] (Hewlett-Packard)
Task: {8F6EBC33-B779-4643-8448-1C4CDE96A393} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {A4918493-EF5D-42BE-81E9-DCC0D9D68A93} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {A7D784AB-EAEC-467D-BEE0-1D69AD76A2EA} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2008-11-03] (Lexware GmbH & Co. KG)
Task: {D1CD1915-CD34-41DA-B98F-F20D2FB57E79} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2011-01-12] (Hewlett-Packard)
Task: {D3ABB18C-61D6-41C8-92BF-AD9976C5618F} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Sonja => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {DA8DC243-8B51-4CE0-9E6D-8D3E204CFAE6} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {EC3FB6EA-5415-48D9-9B85-DEDAB010ED24} - System32\Tasks\HP Health Check => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2006-12-04] (Hewlett-Packard)
Task: {F4065F46-CCC2-419E-BF3C-D106F608F04A} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {F5AB1F0D-9A42-4872-BF87-A1FD9FF6E40D} - System32\Tasks\Sun Microsystems-Online-Aktualisierungsprogramm => C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-26] (Sun Microsystems, Inc.)
Task: {FFCF8DCF-6CF0-41BE-9BFB-7C3759BF6162} - System32\Tasks\InstallShield Software-Online-Aktualisierungsprogramm => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\FF Watcher {94748EF8-EB34-417D-BE4E-6D92D9D1E18E}.job => C:\Program Files\V-bates\PrefHelper.exe
==================== Loaded Modules (whitelisted) =============
2010-04-05 13:27 - 2005-01-06 18:33 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2011-06-16 05:11 - 2011-06-16 05:11 - 00024064 _____ () C:\Windows\System32\ssn2mlm.dll
2011-06-16 05:10 - 2013-10-22 06:12 - 00889344 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\ssn2mdu.dll
2007-01-19 05:44 - 2006-11-25 01:34 - 00270431 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
2007-01-19 05:44 - 2006-11-25 01:34 - 00233573 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
2007-01-19 05:44 - 2006-11-25 01:34 - 00032768 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
2012-12-21 12:00 - 2012-12-21 12:00 - 00031744 ____C () C:\Program Files\SoftwareUpdater\UpdaterService.exe
2014-05-01 10:17 - 2014-05-01 10:17 - 00541696 ____C () C:\Program Files\003\vxlsnyaiet32.exe
2007-01-19 05:44 - 2006-11-25 01:34 - 00118877 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
2007-01-19 05:44 - 2006-11-25 01:34 - 00114783 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
2007-01-19 05:44 - 2006-11-25 01:34 - 00339968 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
2013-01-02 11:06 - 2013-01-02 11:06 - 00099840 ____C () C:\Program Files\SoftwareUpdater\AppsUpdater.exe
2012-12-11 17:05 - 2012-12-11 17:05 - 00091648 ____C () C:\Program Files\SoftwareUpdater\KeyGen.dll
2008-10-15 01:03 - 2008-10-15 01:03 - 03076096 ____C () c:\program files\adobe\reader 8.0\reader\rdlang32.deu
2007-05-11 02:54 - 2007-05-11 02:54 - 00036864 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Spelling.DEU
2007-05-11 02:53 - 2007-05-11 02:53 - 00974848 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\PPKLite.DEU
2007-05-11 02:50 - 2007-05-11 02:50 - 00077824 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Accessibility.DEU
2007-05-11 02:50 - 2007-05-11 02:50 - 00811008 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\AcroForm.DEU
2007-05-11 02:51 - 2007-05-11 02:51 - 01224704 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Annots.DEU
2007-05-11 02:51 - 2007-05-11 02:51 - 00192512 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Checkers.DEU
2007-05-11 02:51 - 2007-05-11 02:51 - 00221184 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\DigSig.DEU
2006-10-23 01:30 - 2006-10-23 01:30 - 00028672 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\eBook.DEU
2008-01-11 21:49 - 2008-01-11 21:49 - 00098304 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\EScript.DEU
2007-05-11 02:52 - 2007-05-11 02:52 - 00006656 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\EWH32.DEU
2006-10-23 01:31 - 2006-10-23 01:31 - 00013312 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\HLS.DEU
2007-05-11 02:52 - 2007-05-11 02:52 - 00086016 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\MakeAccessible.DEU
2007-05-11 02:52 - 2007-05-11 02:52 - 00159744 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Multimedia.DEU
2006-10-23 01:32 - 2006-10-23 01:32 - 00011264 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\PDDom.DEU
2007-05-11 02:53 - 2007-05-11 02:53 - 00013312 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\ReadOutLoud.DEU
2006-10-23 01:33 - 2006-10-23 01:33 - 00008192 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\reflow.DEU
2007-05-11 02:53 - 2007-05-11 02:53 - 00028672 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\SaveAsRTF.DEU
2007-05-11 02:54 - 2007-05-11 02:54 - 00053248 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Search.DEU
2006-10-23 01:33 - 2006-10-23 01:33 - 00012288 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Search5.DEU
2007-05-11 02:54 - 2007-05-11 02:54 - 00026112 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\SendMail.DEU
2006-10-23 01:34 - 2006-10-23 01:34 - 00005120 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Updater.DEU
2007-05-11 02:55 - 2007-05-11 02:55 - 00053248 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\weblink.DEU
2007-01-13 03:01 - 2007-01-13 03:01 - 00397312 ___RC () C:\Program Files\Adobe\Reader 8.0\Reader\cryptocme2.dll
2007-01-13 03:01 - 2007-01-13 03:01 - 00475136 ___RC () C:\Program Files\Adobe\Reader 8.0\Reader\ccme_base.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Sonja:zylomtest
AlternateDataStreams: C:\Users\Sonja:zylomtr{00013KEU-UKQE-K6V0-9MH3-29NVUQ9IEVVB}
AlternateDataStreams: C:\Users\Sonja:zylomtr{000HQ7FF-AD7A-3FG4-OK39-27NOI1CL8VVO}
AlternateDataStreams: C:\ProgramData\TEMP:0BBF232A
AlternateDataStreams: C:\ProgramData\TEMP:1392F09D
AlternateDataStreams: C:\ProgramData\TEMP:1ECED34B
AlternateDataStreams: C:\ProgramData\TEMP:23834E1E
AlternateDataStreams: C:\ProgramData\TEMP:24C072FF
AlternateDataStreams: C:\ProgramData\TEMP:29629382
AlternateDataStreams: C:\ProgramData\TEMP:29F0CA7D
AlternateDataStreams: C:\ProgramData\TEMP:2AE74FF9
AlternateDataStreams: C:\ProgramData\TEMP:2E3F04BC
AlternateDataStreams: C:\ProgramData\TEMP:3086B95F
AlternateDataStreams: C:\ProgramData\TEMP:32A82570
AlternateDataStreams: C:\ProgramData\TEMP:370E4EFB
AlternateDataStreams: C:\ProgramData\TEMP:397D67BA
AlternateDataStreams: C:\ProgramData\TEMP:3A7527E8
AlternateDataStreams: C:\ProgramData\TEMP:4A448DB2
AlternateDataStreams: C:\ProgramData\TEMP:4A906D4A
AlternateDataStreams: C:\ProgramData\TEMP:4DCAC4BC
AlternateDataStreams: C:\ProgramData\TEMP:4DDE401B
AlternateDataStreams: C:\ProgramData\TEMP:50092C64
AlternateDataStreams: C:\ProgramData\TEMP:5080697C
AlternateDataStreams: C:\ProgramData\TEMP:512E1728
AlternateDataStreams: C:\ProgramData\TEMP:535F54F3
AlternateDataStreams: C:\ProgramData\TEMP:572631AC
AlternateDataStreams: C:\ProgramData\TEMP:5FFC2819
AlternateDataStreams: C:\ProgramData\TEMP:627153F1
AlternateDataStreams: C:\ProgramData\TEMP:697DDE2B
AlternateDataStreams: C:\ProgramData\TEMP:6A4353C3
AlternateDataStreams: C:\ProgramData\TEMP:6F0B6A5A
AlternateDataStreams: C:\ProgramData\TEMP:71612023
AlternateDataStreams: C:\ProgramData\TEMP:74165027
AlternateDataStreams: C:\ProgramData\TEMP:7ADB695A
AlternateDataStreams: C:\ProgramData\TEMP:80F63EC3
AlternateDataStreams: C:\ProgramData\TEMP:848CC150
AlternateDataStreams: C:\ProgramData\TEMP:870649A4
AlternateDataStreams: C:\ProgramData\TEMP:8B4B9596
AlternateDataStreams: C:\ProgramData\TEMP:8E5EA40F
AlternateDataStreams: C:\ProgramData\TEMP:95198126
AlternateDataStreams: C:\ProgramData\TEMP:A02025CE
AlternateDataStreams: C:\ProgramData\TEMP:AECF4772
AlternateDataStreams: C:\ProgramData\TEMP:AED33A42
AlternateDataStreams: C:\ProgramData\TEMP:B0456F0C
AlternateDataStreams: C:\ProgramData\TEMP:B1786630
AlternateDataStreams: C:\ProgramData\TEMP:B5CC7C28
AlternateDataStreams: C:\ProgramData\TEMP:C0893153
AlternateDataStreams: C:\ProgramData\TEMP:C48A983C
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
AlternateDataStreams: C:\ProgramData\TEMP:CC4C59B4
AlternateDataStreams: C:\ProgramData\TEMP:CF61CE5A
AlternateDataStreams: C:\ProgramData\TEMP:D3A89E47
AlternateDataStreams: C:\ProgramData\TEMP:DAE3E5CC
AlternateDataStreams: C:\ProgramData\TEMP:DC0B1070
AlternateDataStreams: C:\ProgramData\TEMP:DE875C30
AlternateDataStreams: C:\ProgramData\TEMP:DE9AC04F
AlternateDataStreams: C:\ProgramData\TEMP:E2CFA9CD
AlternateDataStreams: C:\ProgramData\TEMP:E411AA0D
AlternateDataStreams: C:\ProgramData\TEMP:E7B4296D
AlternateDataStreams: C:\ProgramData\TEMP:EA10407C
AlternateDataStreams: C:\ProgramData\TEMP:ED2998F5
AlternateDataStreams: C:\ProgramData\TEMP:EE39C93C
AlternateDataStreams: C:\ProgramData\TEMP:F792B89F
AlternateDataStreams: C:\ProgramData\TEMP:F8F070C2
AlternateDataStreams: C:\ProgramData\TEMP:FAB64002
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: avupdate => C:\Users\Sonja\AppData\Roaming\jashla.exe
MSCONFIG\startupreg: FreePDF Assistant => C:\Program Files\FreePDF_XP\fpassist.exe
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SynTPStart => C:\Program Files\Synaptics\SynTP\SynTPStart.exe
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
==================== Faulty Device Manager Devices =============
Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft-ISATAP-Adapter #2
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{54590120-21CF-4893-975C-812906F9A42D}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{8767ED90-5E37-4200-B983-85F309D00935}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/05/2014 08:14:22 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (06/05/2014 08:14:22 PM) (Source: VSS) (EventID: 40) (User: )
Description: Volumeschattenkopie-Dienst-Fehler: Der Dienst "Microsoft-Softwareschattenkopie-Anbieter"
(SWPRV) ist deaktiviert. Aktivieren Sie den Dienst, und wiederholen Sie den Vorgang.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (06/05/2014 07:54:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung IEXPLORE.EXE, Version 9.0.8112.16545, Zeitstempel 0x531a4f73, fehlerhaftes Modul urlmon.dll, Version 9.0.8112.16545, Zeitstempel 0x531a5031, Ausnahmecode 0xc0000005, Fehleroffset 0x00029dba,
Prozess-ID 0xe54, Anwendungsstartzeit IEXPLORE.EXE0.
Error: (06/05/2014 02:45:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16545, Zeitstempel 0x531a4f73, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00775467,
Prozess-ID 0x28ac, Anwendungsstartzeit iexplore.exe0.
Error: (06/02/2014 03:35:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung LxUpdateManager.exe, Version 2.61.0.12, Zeitstempel 0x490efad6, fehlerhaftes Modul KERNEL32.dll, Version 6.0.6002.19034, Zeitstempel 0x52f2ec86, Ausnahmecode 0xe0434f4d, Fehleroffset 0x0003fd1e,
Prozess-ID 0x%9, Anwendungsstartzeit LxUpdateManager.exe0.
Error: (05/30/2014 08:54:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16545, Zeitstempel 0x531a4f73, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000005, Fehleroffset 0x0003dd6d,
Prozess-ID 0x1324, Anwendungsstartzeit iexplore.exe0.
Error: (05/26/2014 03:47:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung LxUpdateManager.exe, Version 2.61.0.12, Zeitstempel 0x490efad6, fehlerhaftes Modul KERNEL32.dll, Version 6.0.6002.19034, Zeitstempel 0x52f2ec86, Ausnahmecode 0xe0434f4d, Fehleroffset 0x0003fd1e,
Prozess-ID 0x%9, Anwendungsstartzeit LxUpdateManager.exe0.
Error: (05/23/2014 00:46:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16545, Zeitstempel 0x531a4f73, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x008a95f6,
Prozess-ID 0x238, Anwendungsstartzeit iexplore.exe0.
Error: (05/16/2014 07:38:52 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Windows\servicing\TrustedInstaller.exe; Beschreibung = Windows-Modulinstallation; Hr = 0x8004230f).
Error: (05/16/2014 07:38:52 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien löschen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 0
Snapshotkontext: 0
Ausführungskontext: Coordinator
System errors:
=============
Error: (06/05/2014 08:03:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Windows Media Player-NetzwerkfreigabedienstUPnP-Gerätehost%%1058
Error: (06/05/2014 08:02:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: HP CUE DeviceDiscovery Service%%2147500037
Error: (06/05/2014 08:02:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: kl1
Error: (06/05/2014 08:02:49 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Diagnosediensthost
Error: (06/05/2014 08:02:47 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
Error: (06/05/2014 08:02:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Windows-BilderfassungShellhardwareerkennung%%1058
Error: (06/05/2014 08:02:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: My Web Search Service%%3
Error: (06/01/2014 07:09:53 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Windows Media Player-NetzwerkfreigabedienstUPnP-Gerätehost%%1058
Error: (06/01/2014 07:09:44 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: HP CUE DeviceDiscovery Service%%2147500037
Error: (06/01/2014 07:09:43 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: kl1
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 53%
Total physical RAM: 1981.87 MB
Available physical RAM: 912.92 MB
Total Pagefile: 4209.02 MB
Available Pagefile: 2912.62 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.48 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:106.56 GB) (Free:32.29 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:5.23 GB) (Free:1.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 112 GB) (Disk ID: EBD671CE)
Partition 1: (Active) - (Size=107 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:10 on 05/06/2014 (Sonja)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-05 20:40:47
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000066 ST912082 rev.7.24 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\Sonja\AppData\Local\Temp\ugloypow.sys
---- System - GMER 2.1 ----
SSDT 89E5E6E6 ZwCreateSection
SSDT 89E5E6F0 ZwRequestWaitReplyPort
SSDT 89E5E6EB ZwSetContextThread
SSDT 89E5E6F5 ZwSetSecurityObject
SSDT 89E5E6FA ZwSystemDebugControl
SSDT 89E5E687 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 215 824ED860 4 Bytes [E6, E6, E5, 89] {OUT 0xe6, AL; IN EAX, 0x89}
.text ntkrnlpa.exe!KeSetEvent + 539 824EDB84 4 Bytes [F0, E6, E5, 89]
.text ntkrnlpa.exe!KeSetEvent + 56D 824EDBB8 4 Bytes [EB, E6, E5, 89] {JMP 0xffffffe8; IN EAX, 0x89}
.text ntkrnlpa.exe!KeSetEvent + 5D1 824EDC1C 4 Bytes [F5, E6, E5, 89]
.text ntkrnlpa.exe!KeSetEvent + 619 824EDC64 4 Bytes [FA, E6, E5, 89]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8BE0E340, 0x3ED9C7, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] kernel32.dll!CreateThread 777ECBEE 5 Bytes JMP 688475DB C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!EnableWindow 765CCD8B 5 Bytes JMP 68889ED4 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!DefWindowProcA 765CDB88 7 Bytes JMP 68849805 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!CreateWindowExA 765CDC2A 5 Bytes JMP 68853627 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!CreateWindowExW 765D1305 5 Bytes JMP 688B040F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!DefWindowProcW 765E03B4 7 Bytes JMP 688A8082 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!DialogBoxParamW 765F10B0 5 Bytes JMP 687E18B3 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!DialogBoxIndirectParamW 765F2EF5 5 Bytes JMP 689D91B6 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!DialogBoxParamA 76608152 5 Bytes JMP 689D9151 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!DialogBoxIndirectParamA 7660847D 5 Bytes JMP 689D921B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!MessageBoxIndirectA 7661D4D9 5 Bytes JMP 689D90D8 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!MessageBoxIndirectW 7661D5D3 5 Bytes JMP 689D905F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!MessageBoxExA 7661D639 5 Bytes JMP 689D8FFB C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!MessageBoxExW 7661D65D 5 Bytes JMP 689D8F97 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] ole32.dll!OleLoadFromStream 77921E80 5 Bytes JMP 689D99A8 C:\Windows\system32\IEFRAME.dll
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
AttachedDevice \Driver\tdx \Device\Tcp {9edd0ea8-2819-47c2-8320-b007d5996f8a}t.sys
AttachedDevice \Driver\tdx \Device\Udp {9edd0ea8-2819-47c2-8320-b007d5996f8a}t.sys
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
05.06.2014, 20:06
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Bank hat Online-Banking gesperrt wegen Verdacht von Trojaner Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
05.06.2014, 20:26
| #3 |
| | Bank hat Online-Banking gesperrt wegen Verdacht von Trojaner Leider hab ich keine weiteren Logs, hab alles durchsucht, aber nichts gefunden
__________________ |
|
05.06.2014, 20:32
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bank hat Online-Banking gesperrt wegen Verdacht von Trojaner Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
06.06.2014, 07:17
| #5 |
| | Bank hat Online-Banking gesperrt wegen Verdacht von Trojaner Hier die Combofix.txt: Code:
ATTFilter ComboFix 14-06-04.01 - Sonja 06.06.2014 7:46.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.1982.1094 [GMT 2:00]
ausgeführt von:: c:\users\Sonja\Downloads\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFTBPR.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PATCH.DLL
c:\program files\MyWebSearch\bar\2.bin\CHROME.MANIFEST
c:\program files\MyWebSearch\bar\2.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\2.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\2.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\2.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\2.bin\INSTALL.RDF
c:\program files\MyWebSearch\bar\2.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\2.bin\M3DLGHK.DLL
c:\program files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\2.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\2.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\2.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\2.bin\m3SrchMn.exe.vir
c:\program files\MyWebSearch\bar\2.bin\M3TPINST.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSBAR.DLL.vir
c:\program files\MyWebSearch\bar\2.bin\MWSMLBTN.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOEMON.EXE.vir
c:\program files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL.vir
c:\program files\MyWebSearch\bar\2.bin\mwssvc.exe.vir
c:\program files\MyWebSearch\bar\2.bin\MWSUABTN.DLL
c:\program files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\programdata\ADSL Software Ltd
c:\programdata\ADSL Software Ltd\WinSpywareProtect\LOG\20080710205345734.log
c:\programdata\ADSL Software Ltd\WinSpywareProtect\LOG\20080710230039426.log
c:\programdata\ADSL Software Ltd\WinSpywareProtect\LOG\20080718152913070.log
c:\programdata\ADSL Software Ltd\WinSpywareProtect\LOG\20080718154227136.log
c:\programdata\ADSL Software Ltd\WinSpywareProtect\LOG\20080723092707758.log
c:\programdata\ADSL Software Ltd\WinSpywareProtect\LOG\20080723094132918.log
c:\programdata\ADSL Software Ltd\WinSpywareProtect\LOG\20080723094756996.log
c:\programdata\ADSL Software Ltd\WinSpywareProtect\LOG\20080723104133948.log
c:\programdata\ADSL Software Ltd\WinSpywareProtect\LOG\20080728071811844.log
c:\programdata\utyakwd.dat
c:\users\Sonja\AppData\Local\AnyProtectScannerSetup.exe
c:\users\Sonja\AppData\Local\nsc5D57.tmp
c:\users\Sonja\AppData\Roaming\MSA
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MyWebSearchService
-------\Service_SrvUpdater
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-05-06 bis 2014-06-06 ))))))))))))))))))))))))))))))
.
.
2014-06-05 18:12 . 2014-06-05 18:15 -------- dc----w- C:\FRST
2014-05-16 05:29 . 2014-05-05 23:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-04 05:41 . 2012-12-18 18:02 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-06-04 05:41 . 2012-12-18 18:02 93528 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-04-28 08:23 . 2014-05-02 12:49 55224 ----a-w- c:\windows\system32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}t.sys
2014-03-31 20:46 . 2014-03-31 20:46 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2014-03-31 20:46 . 2014-03-31 20:46 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-03-19 10:12 . 2014-05-01 08:18 18776 ----a-w- c:\windows\system32\roboot.exe
2014-02-21 16:21 . 2014-02-21 16:21 49940480 -c--a-w- c:\program files\GUTFC9B.tmp
2013-10-15 01:10 . 2013-10-15 01:10 50053120 -c--a-w- c:\program files\GUT6DC1.tmp
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-08-28 247768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-10-29 1573584]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-06-04 737872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-24 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-24 92704]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 23:04 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
2009-09-05 15:29 385024 ----a-w- c:\program files\FreePDF_XP\fpassist.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-03-28 01:05 1045800 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-15 01:29 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2012-08-28 05:41 247768 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"Dvdwin"=c:\users\Sonja\AppData\Roaming\Freebus\xmlole.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"LexwareInfoService"=c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"QPService"="c:\program files\HP\QuickPlay\QPService.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
rsmsvcs REG_MULTI_SZ ntmssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://start.qone8.com/?type=hp&ts=1398932053&from=adks&uid=395049983_266114_D821E438
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKCU-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
HKCU-Run-svñhîst - c:\users\Sonja\AppData\Local\Temp\wpbt0.dll
HKCU-Run-utyakwd - c:\programdata\utyakwd.dat
HKLM-Run-mobilegeni daemon - c:\program files\Mobogenie\DaemonProcess.exe
SafeBoot-Wdf01000.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-avupdate - c:\users\Sonja\AppData\Roaming\jashla.exe
MSConfigStartUp-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
mobilegeni daemon = c:\program files\Mobogenie\DaemonProcess.exe?????????????????????????????????????????????????????????????????????????????????????
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\programdata\IePluginService\PluginService.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\Hp\Common\HPSupportSolutionsFrameworkService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\TomTom HOME 2\TomTomHOMEService.exe
c:\program files\003\vxlsnyaiet32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE
c:\windows\system32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\ssText3d.scr
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-06-06 08:12:21 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-06-06 06:09
.
Vor Suchlauf: 16 Verzeichnis(se), 36.169.904.128 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 35.938.402.304 Bytes frei
.
- - End Of File - - 9B9CADECA9CF5F1B1F6CBFA4A18EEA28
1A1A06F62E891045814007163C1C76C3
|
|
06.06.2014, 08:39
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bank hat Online-Banking gesperrt wegen Verdacht von Trojaner Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ --> Bank hat Online-Banking gesperrt wegen Verdacht von Trojaner |
|
06.06.2014, 09:40
| #7 |
| | Bank hat Online-Banking gesperrt wegen Verdacht von Trojaner Alle Schritte wie angegeben ausgeführt, jedoch eine neue Addition.txt wurde nicht erzeugt: Code:
ATTFilter # AdwCleaner v3.212 - Bericht erstellt am 06/06/2014 um 09:53:12
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Sonja - SONJA-PC
# Gestartet von : C:\Users\Sonja\Desktop\adwcleaner_3.212.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : IePluginService
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\IePluginService
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\Alawar Entertainment
Ordner Gelöscht : C:\ProgramData\Alawar Stargaze
Ordner Gelöscht : C:\ProgramData\AlawarWrapper
Ordner Gelöscht : C:\Program Files\003
Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\Program Files\SoftwareUpdater
Ordner Gelöscht : C:\Program Files\SupTab
Ordner Gelöscht : C:\Program Files\V-bates
Ordner Gelöscht : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Ordner Gelöscht : C:\Users\Public\Documents\AlawarWrapper
Ordner Gelöscht : C:\Users\Sonja\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Sonja\AppData\Local\iac
Ordner Gelöscht : C:\Users\Sonja\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Sonja\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Sonja\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Sonja\AppData\LocalLow\FunWebProducts
Ordner Gelöscht : C:\Users\Sonja\AppData\LocalLow\iac
Ordner Gelöscht : C:\Users\Sonja\AppData\LocalLow\MyWebSearch
Ordner Gelöscht : C:\Users\Sonja\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Sonja\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Sonja\AppData\Roaming\HELPER
Ordner Gelöscht : C:\Users\Sonja\AppData\Roaming\qone8
Ordner Gelöscht : C:\Users\Sonja\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\Sonja\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Sonja\AppData\Roaming\Alawar Entertainment
Ordner Gelöscht : C:\Users\Sonja\AppData\Roaming\Alawar Stargaze
Ordner Gelöscht : C:\Users\Sonja\Documents\Mobogenie
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gelöscht : C:\Windows\system32\f3PSSavr.scr
Datei Gelöscht : C:\Windows\system32\roboot.exe
Datei Gelöscht : C:\Users\Sonja\daemonprocess.txt
Datei Gelöscht : C:\Users\Sonja\AppData\Roaming\aps.uninstall.scan.results
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
Datei Gelöscht : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [m3ffxtbr@mywebsearch.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaabfjnbeinlpljodiajipidiompfl
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C29AA75-F4A7-47FE-9DE5-2D5FD5AD4AA3}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C29AA75-F4A7-47FE-9DE5-2D5FD5AD4AA3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows Media\Wmsdk\Sources [F3PopularScreenSavers]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform [FunWebProducts]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Schlüssel Gelöscht : HKCU\Software\fedcd8e138ef49
Schlüssel Gelöscht : HKLM\SOFTWARE\fedcd8e138ef49
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{799391D3-EB86-4BAC-9BD3-CBFEA58A0E15}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4796719D-2B92-47BC-920B-77BCDBDBCB6A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
[#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\blockAndSurf
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Fun Web Products
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\FunWebProducts
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\MyWebSearch
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Supra Savings
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\LevelQualityWatcher
Schlüssel Gelöscht : HKLM\Software\qone8Software
Schlüssel Gelöscht : HKLM\Software\SoftwareUpdater
Schlüssel Gelöscht : HKLM\Software\suprasavings
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Trymedia Systems
Schlüssel Gelöscht : HKLM\Software\Wpm
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AnyProtect
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdater
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16545
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [26407 octets] - [06/06/2014 09:47:06]
AdwCleaner[S0].txt - [26171 octets] - [06/06/2014 09:53:12]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [26232 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Sonja on 06.06.2014 at 10:16:25,11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FA62F52A-5E85-49EC-85FA-7DDDA0C3EE0D}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\Users\Sonja\AppData\Roaming\big fish games"
Successfully deleted: [Empty Folder] C:\Users\Sonja\appdata\local\{8893B0C4-34EF-4057-A84C-99BB5532C59F}
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.06.2014 at 10:21:24,01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:02-06-2014
Ran by Sonja (administrator) on SONJA-PC on 06-06-2014 10:35:02
Running from C:\Users\Sonja\Downloads
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\WINDOWS\System32\conime.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Users\Sonja\Downloads\FRST (1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-04] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800 2008-03-28] (Synaptics, Inc.)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [13601312 2009-06-24] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] => C:\Windows\system32\NvMcTray.dll [92704 2009-06-24] (NVIDIA Corporation)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472776 2007-03-01] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [317128 2007-01-10] (Hewlett-Packard Development Company, L.P.)
HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\launcher.exe [44128 2006-11-08] (soft thinks)
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Kaspersky Lab <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKU\S-1-5-21-3630345418-880999805-3251746199-1000\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [247768 2012-08-28] (TomTom)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {FD524BA7-ACF0-49FE-9360-E6BCCDCC5412} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2009-09-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-08-14]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-08-14]
========================== Services (Whitelisted) =================
S3 AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [126976 2006-06-26] (Hewlett-Packard Development Company, L.P.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-06-04] (Avira Operations GmbH & Co. KG)
R2 CLCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [270431 2006-11-25] ()
R2 CLSched; C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [118877 2006-11-25] ()
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [58984 2006-12-04] (Hewlett-Packard)
R3 hpqcxs08; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.)
S2 hpqddsvc; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll [135168 2008-03-25] (Hewlett-Packard Co.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation)
S2 CLTNetCnService; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]
S2 vxlsnyaiet32; C:\Program Files\003\vxlsnyaiet32.exe run options=01100010030000000000000000000000 sourceguid=CB78F643-3729-434F-8C25-F28D15F025F3 [X]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [145920 2006-11-18] (Conexant Systems Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 WinPhlash; C:\SwSetup\sp48125\SWinFlash\PHLASHNT.SYS [31616 2006-09-06] ()
R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}t; C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}t.sys [55224 2014-04-28] (StdLib)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 eabfiltr;
S3 HSXHWAZL; system32\DRIVERS\HSXHWAZL.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 kl1; system32\DRIVERS\kl1.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 TSP; system32\DRIVERS\klif.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-06 10:34 - 2014-06-06 10:34 - 01059840 _____ (Farbar) C:\Users\Sonja\Downloads\FRST (1).exe
2014-06-06 10:21 - 2014-06-06 10:21 - 00001163 _____ () C:\Users\Sonja\Desktop\JRT.txt
2014-06-06 10:16 - 2014-06-06 10:16 - 00000000 ____D () C:\Windows\ERUNT
2014-06-06 10:15 - 2014-06-06 10:15 - 01016261 _____ (Thisisu) C:\Users\Sonja\Downloads\JRT.exe
2014-06-06 09:47 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-06-06 09:46 - 2014-06-06 09:54 - 00000000 ___DC () C:\AdwCleaner
2014-06-06 09:45 - 2014-06-06 09:45 - 01333465 _____ () C:\Users\Sonja\Desktop\adwcleaner_3.212.exe
2014-06-06 08:12 - 2014-06-06 08:12 - 00014690 ____C () C:\ComboFix.txt
2014-06-06 08:12 - 2014-06-06 08:12 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-06 08:12 - 2014-06-06 08:12 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-06 08:12 - 2014-06-06 08:12 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-05 22:02 - 2014-06-05 22:02 - 279988724 _____ () C:\Windows\MEMORY.DMP
2014-06-05 22:02 - 2014-06-05 22:02 - 00142488 _____ () C:\Windows\Minidump\Mini060514-01.dmp
2014-06-05 21:47 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-05 21:47 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-05 21:47 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-05 21:47 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-05 21:47 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-05 21:47 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-05 21:47 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-05 21:47 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-05 21:44 - 2014-06-06 08:12 - 00000000 ___DC () C:\Qoobox
2014-06-05 21:44 - 2014-06-06 08:07 - 00000000 ____D () C:\Windows\erdnt
2014-06-05 21:42 - 2014-06-05 21:42 - 05205146 ____R (Swearware) C:\Users\Sonja\Downloads\ComboFix.exe
2014-06-05 20:40 - 2014-06-05 20:40 - 00005500 _____ () C:\Users\Sonja\Downloads\Gmer.txt
2014-06-05 20:16 - 2014-06-05 20:16 - 00380416 _____ () C:\Users\Sonja\Downloads\Gmer-19357.exe
2014-06-05 20:14 - 2014-06-05 20:15 - 00041434 _____ () C:\Users\Sonja\Downloads\Addition.txt
2014-06-05 20:12 - 2014-06-06 10:35 - 00012082 _____ () C:\Users\Sonja\Downloads\FRST.txt
2014-06-05 20:12 - 2014-06-06 10:35 - 00000000 ___DC () C:\FRST
2014-06-05 20:11 - 2014-06-05 20:11 - 01059840 _____ (Farbar) C:\Users\Sonja\Downloads\FRST.exe
2014-06-05 20:10 - 2014-06-05 20:11 - 00000472 _____ () C:\Users\Sonja\Downloads\defogger_disable.log
2014-06-05 20:10 - 2014-06-05 20:10 - 00000000 _____ () C:\Users\Sonja\defogger_reenable
2014-06-05 20:08 - 2014-06-05 20:08 - 00050477 _____ () C:\Users\Sonja\Downloads\Defogger.exe
2014-05-16 07:32 - 2014-05-16 07:32 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-16 07:29 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 07:29 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-16 07:29 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 06:43 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
==================== One Month Modified Files and Folders =======
2014-06-06 10:36 - 2014-06-05 20:12 - 00012082 _____ () C:\Users\Sonja\Downloads\FRST.txt
2014-06-06 10:36 - 2007-06-05 10:24 - 00000000 ____D () C:\Users\Sonja\AppData\Local\Temp
2014-06-06 10:35 - 2014-06-05 20:12 - 00000000 ___DC () C:\FRST
2014-06-06 10:34 - 2014-06-06 10:34 - 01059840 _____ (Farbar) C:\Users\Sonja\Downloads\FRST (1).exe
2014-06-06 10:21 - 2014-06-06 10:21 - 00001163 _____ () C:\Users\Sonja\Desktop\JRT.txt
2014-06-06 10:16 - 2014-06-06 10:16 - 00000000 ____D () C:\Windows\ERUNT
2014-06-06 10:15 - 2014-06-06 10:15 - 01016261 _____ (Thisisu) C:\Users\Sonja\Downloads\JRT.exe
2014-06-06 10:05 - 2007-06-05 20:01 - 01765920 _____ () C:\Windows\WindowsUpdate.log
2014-06-06 10:01 - 2014-01-11 13:05 - 00074624 _____ () C:\ProgramData\nvModes.001
2014-06-06 09:58 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-06 09:58 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-06 09:58 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-06 09:57 - 2011-05-10 22:51 - 00242510 _____ () C:\Windows\PFRO.log
2014-06-06 09:56 - 2006-11-02 15:01 - 00032538 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-06 09:54 - 2014-06-06 09:46 - 00000000 ___DC () C:\AdwCleaner
2014-06-06 09:54 - 2007-06-05 10:24 - 00000000 ____D () C:\Users\Sonja
2014-06-06 09:45 - 2014-06-06 09:45 - 01333465 _____ () C:\Users\Sonja\Desktop\adwcleaner_3.212.exe
2014-06-06 08:12 - 2014-06-06 08:12 - 00014690 ____C () C:\ComboFix.txt
2014-06-06 08:12 - 2014-06-06 08:12 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-06 08:12 - 2014-06-06 08:12 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-06 08:12 - 2014-06-06 08:12 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-06 08:12 - 2014-06-05 21:44 - 00000000 ___DC () C:\Qoobox
2014-06-06 08:12 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-06-06 08:12 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-06-06 08:07 - 2014-06-05 21:44 - 00000000 ____D () C:\Windows\erdnt
2014-06-06 08:03 - 2006-11-02 12:23 - 00000215 ____C () C:\Windows\system.ini
2014-06-06 07:30 - 2014-01-11 13:05 - 00074624 _____ () C:\ProgramData\nvModes.dat
2014-06-05 22:02 - 2014-06-05 22:02 - 279988724 _____ () C:\Windows\MEMORY.DMP
2014-06-05 22:02 - 2014-06-05 22:02 - 00142488 _____ () C:\Windows\Minidump\Mini060514-01.dmp
2014-06-05 22:02 - 2007-10-25 11:10 - 00000000 ____D () C:\Windows\Minidump
2014-06-05 21:42 - 2014-06-05 21:42 - 05205146 ____R (Swearware) C:\Users\Sonja\Downloads\ComboFix.exe
2014-06-05 20:40 - 2014-06-05 20:40 - 00005500 _____ () C:\Users\Sonja\Downloads\Gmer.txt
2014-06-05 20:16 - 2014-06-05 20:16 - 00380416 _____ () C:\Users\Sonja\Downloads\Gmer-19357.exe
2014-06-05 20:15 - 2014-06-05 20:14 - 00041434 _____ () C:\Users\Sonja\Downloads\Addition.txt
2014-06-05 20:11 - 2014-06-05 20:11 - 01059840 _____ (Farbar) C:\Users\Sonja\Downloads\FRST.exe
2014-06-05 20:11 - 2014-06-05 20:10 - 00000472 _____ () C:\Users\Sonja\Downloads\defogger_disable.log
2014-06-05 20:10 - 2014-06-05 20:10 - 00000000 _____ () C:\Users\Sonja\defogger_reenable
2014-06-05 20:08 - 2014-06-05 20:08 - 00050477 _____ () C:\Users\Sonja\Downloads\Defogger.exe
2014-06-05 20:00 - 2011-05-10 19:34 - 00000000 ____D () C:\Program Files\Trojan Remover
2014-06-05 09:30 - 2010-03-30 20:02 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-04 07:41 - 2012-12-18 20:02 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-04 07:41 - 2012-12-18 20:02 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-27 13:36 - 2011-02-23 21:11 - 00000000 ____D () C:\Users\Sonja\Documents\Sonja
2014-05-17 20:45 - 2011-08-04 20:32 - 00000000 ____D () C:\Users\Sonja\AppData\Local\.elfohilfe
2014-05-17 08:12 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-16 07:38 - 2009-01-13 19:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-16 07:37 - 2013-08-19 11:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 07:33 - 2006-11-02 12:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-16 07:32 - 2014-05-16 07:32 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 12:01 - 2010-04-05 13:28 - 00003300 ____C () C:\fpRedmon.log
2014-05-15 12:01 - 2010-04-05 13:28 - 00000000 ____D () C:\Users\Sonja\AppData\Local\FreePDF_XP
2014-05-13 17:56 - 2011-05-01 13:28 - 00000000 ____D () C:\Users\Sonja\EST
2014-05-12 18:21 - 2007-07-09 21:13 - 00000000 ____D () C:\Program Files\ElsterFormular
Some content of TEMP:
====================
C:\Users\Sonja\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-06-06 10:06
==================== End Of Log ============================
|
|
06.06.2014, 10:05
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bank hat Online-Banking gesperrt wegen Verdacht von Trojaner Haken setzen bei addition.txt dann auf Scan klicken 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.06.2014, 10:10
| #9 |
| | Bank hat Online-Banking gesperrt wegen Verdacht von Trojaner Hier noch die Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:02-06-2014
Ran by Sonja at 2014-06-06 11:05:47
Running from C:\Users\Sonja\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
32 Bit HP CIO Components Installer (Version: 2.1.5 - Hewlett-Packard) Hidden
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Reader 8.1.3 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A81300000003}) (Version: 8.1.3 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 10.3.0.24 - Adobe Systems, Inc.)
ASL_HS_Installer32 (Version: 1.0.9 - Hewlett-Packard) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
BPM-Studio 4 Profi (HKLM\...\BPM-Studio 4 Profi) (Version: - )
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 5.10.38.26 - Broadcom Corporation)
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version: - )
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 110.0.180.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DocMgr (Version: 100.0.201.000 - Hewlett-Packard) Hidden
DocProc (Version: 10.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
ElsterFormular 2006/2007 (HKLM\...\{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}) (Version: 8.1.0.0 - Steuerverwaltung des Bundes und der Länder)
ElsterFormular 2007/2008 (HKLM\...\{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}) (Version: 9.1.0.0 - Steuerverwaltung des Bundes und der Länder)
ElsterFormular 2008/2009 (HKLM\...\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}) (Version: 10.3.1.0 - Steuerverwaltung des Bundes und der Länder)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version: - )
GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version: - )
Hewlett-Packard Active Check (Version: 1.1.4.0 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent (Version: 2.0.55.0 - HP) Hidden
HP Active Support Library (Version: 1.0.21 - Hewlett-Packard) Hidden
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Document Manager 1.0 (HKLM\...\HP Document Manager) (Version: 1.0 - HP)
HP Easy Setup - Core (HKLM\...\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}) (Version: 1.00.0000 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.00.0000 - Hewlett-Packard)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
HP Photosmart Essential2.01 (Version: 1.01.0000 - Hewlett-Packard) Hidden
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
HP QuickPlay 3.0 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - )
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
HP Support Solutions Framework (HKLM\...\{23CCE784-A812-4647-AEFF-1DCCD4E57478}) (Version: 11.50.0000 - Hewlett-Packard Company)
HP Update (HKLM\...\{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}) (Version: 5.002.007.004 - Hewlett-Packard)
HP User Guide 0041 (HKLM\...\{D5CEFEDA-38DF-4F94-A392-C86163CB9965}) (Version: 1.00.0008 - Ihr Firmenname)
HP Wireless Assistant (HKLM\...\{D32067CD-7409-4792-BFA0-1469BCD8F0C8}) (Version: 3.00 F1 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Java(TM) 6 Update 16 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.160 - Sun Microsystems, Inc.)
Java(TM) 6 Update 2 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160020}) (Version: 1.6.0.20 - Sun Microsystems, Inc.)
Java(TM) SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lexware business office pro 2007 (Version: 7.00 - Lexware) Hidden
Lexware business office pro 2008 (Version: 8.00.00.0084 - Lexware) Hidden
Lexware business office pro Aktualisierung Februar 2008, Version 8.20 (Version: 8.20.00.0016 - Lexware) Hidden
Lexware Business office pro Aktualisierung Februar 2009, Version 9.20 (Version: 9.20.00.0024 - Lexware) Hidden
Lexware business office pro Aktualisierung Januar 2008, Version 8.10 (Version: 8.10.00.0021 - Lexware) Hidden
LightScribe 1.4.124.1 (Version: 1.4.124.1 - hxxp://www.lightscribe.com) Hidden
MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Basic 2007 (HKLM\...\BASICR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Basic 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Thunderbird (3.1.7) (HKLM\...\Mozilla Thunderbird (3.1.7)) (Version: 3.1.7 (de) - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
OCR Software by I.R.I.S. 10.0 (HKLM\...\HPOCR) (Version: 10.0 - HP)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
RENESIS® Player Browser Plugins (HKLM\...\{62B7C52C-CAB6-48B1-8245-52356C141C92}) (Version: 1.1.1 - examotion® GmbH)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}) (Version: 9.0.114 - Roxio)
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Assistant (HKLM\...\Samsung Scan Assistant) (Version: 1.05.07 (20.07.2012) - Samsung Electronics Co., Ltd.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Servicepack Datumsaktualisierung (Version: 1.00.00.0005 - Haufe-Lexware) Hidden
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 100.0.175.000 - Hewlett-Packard) Hidden
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Status (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.0.7.0 - Synaptics)
TomTom HOME (HKLM\...\{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}) (Version: 2.9.2 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TrayApp (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_BASICR_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_BASICR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_BASICR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_BASICR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.00 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
==================== Restore Points =========================
==================== Hosts content: ==========================
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {12A18A08-CD69-43C1-9C90-26445111CB65} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {29DB40C4-DF1C-4BB9-9BA3-A8B2E1C3EA0A} - System32\Tasks\Microsoft\Windows\RestartManager\{DAE54BFC-0BDF-4e52-A9E8-0AF1BE3BE28F} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {6635AD3B-DA42-4324-87BB-D58F45C726A5} - System32\Tasks\Hewlett-Packard-Online-Aktualisierungsprogramm => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2006-12-04] (Hewlett-Packard)
Task: {8F6EBC33-B779-4643-8448-1C4CDE96A393} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {A7D784AB-EAEC-467D-BEE0-1D69AD76A2EA} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2008-11-03] (Lexware GmbH & Co. KG)
Task: {D1CD1915-CD34-41DA-B98F-F20D2FB57E79} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2011-01-12] (Hewlett-Packard)
Task: {D3ABB18C-61D6-41C8-92BF-AD9976C5618F} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Sonja => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {EC3FB6EA-5415-48D9-9B85-DEDAB010ED24} - System32\Tasks\HP Health Check => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2006-12-04] (Hewlett-Packard)
Task: {F5AB1F0D-9A42-4872-BF87-A1FD9FF6E40D} - System32\Tasks\Sun Microsystems-Online-Aktualisierungsprogramm => C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-26] (Sun Microsystems, Inc.)
Task: {FFCF8DCF-6CF0-41BE-9BFB-7C3759BF6162} - System32\Tasks\InstallShield Software-Online-Aktualisierungsprogramm => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
==================== Loaded Modules (whitelisted) =============
2010-04-05 13:27 - 2005-01-06 18:33 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2011-06-16 05:11 - 2011-06-16 05:11 - 00024064 _____ () C:\Windows\System32\ssn2mlm.dll
2011-06-16 05:10 - 2013-10-22 06:12 - 00889344 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\ssn2mdu.dll
2007-01-19 05:44 - 2006-11-25 01:34 - 00270431 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
2007-01-19 05:44 - 2006-11-25 01:34 - 00233573 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
2007-01-19 05:44 - 2006-11-25 01:34 - 00032768 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
2007-01-19 05:44 - 2006-11-25 01:34 - 00118877 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
2007-01-19 05:44 - 2006-11-25 01:34 - 00114783 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
2007-01-19 05:44 - 2006-11-25 01:34 - 00339968 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
2009-02-26 14:46 - 2009-02-26 14:46 - 00064344 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 12:46 - 2011-06-22 12:46 - 00434016 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Sonja:zylomtest
AlternateDataStreams: C:\Users\Sonja:zylomtr{00013KEU-UKQE-K6V0-9MH3-29NVUQ9IEVVB}
AlternateDataStreams: C:\Users\Sonja:zylomtr{000HQ7FF-AD7A-3FG4-OK39-27NOI1CL8VVO}
AlternateDataStreams: C:\ProgramData\TEMP:0BBF232A
AlternateDataStreams: C:\ProgramData\TEMP:1392F09D
AlternateDataStreams: C:\ProgramData\TEMP:1ECED34B
AlternateDataStreams: C:\ProgramData\TEMP:23834E1E
AlternateDataStreams: C:\ProgramData\TEMP:24C072FF
AlternateDataStreams: C:\ProgramData\TEMP:29629382
AlternateDataStreams: C:\ProgramData\TEMP:29F0CA7D
AlternateDataStreams: C:\ProgramData\TEMP:2AE74FF9
AlternateDataStreams: C:\ProgramData\TEMP:2E3F04BC
AlternateDataStreams: C:\ProgramData\TEMP:3086B95F
AlternateDataStreams: C:\ProgramData\TEMP:32A82570
AlternateDataStreams: C:\ProgramData\TEMP:370E4EFB
AlternateDataStreams: C:\ProgramData\TEMP:397D67BA
AlternateDataStreams: C:\ProgramData\TEMP:3A7527E8
AlternateDataStreams: C:\ProgramData\TEMP:4A448DB2
AlternateDataStreams: C:\ProgramData\TEMP:4A906D4A
AlternateDataStreams: C:\ProgramData\TEMP:4DCAC4BC
AlternateDataStreams: C:\ProgramData\TEMP:4DDE401B
AlternateDataStreams: C:\ProgramData\TEMP:50092C64
AlternateDataStreams: C:\ProgramData\TEMP:5080697C
AlternateDataStreams: C:\ProgramData\TEMP:512E1728
AlternateDataStreams: C:\ProgramData\TEMP:535F54F3
AlternateDataStreams: C:\ProgramData\TEMP:572631AC
AlternateDataStreams: C:\ProgramData\TEMP:5FFC2819
AlternateDataStreams: C:\ProgramData\TEMP:627153F1
AlternateDataStreams: C:\ProgramData\TEMP:697DDE2B
AlternateDataStreams: C:\ProgramData\TEMP:6A4353C3
AlternateDataStreams: C:\ProgramData\TEMP:6F0B6A5A
AlternateDataStreams: C:\ProgramData\TEMP:71612023
AlternateDataStreams: C:\ProgramData\TEMP:74165027
AlternateDataStreams: C:\ProgramData\TEMP:7ADB695A
AlternateDataStreams: C:\ProgramData\TEMP:80F63EC3
AlternateDataStreams: C:\ProgramData\TEMP:848CC150
AlternateDataStreams: C:\ProgramData\TEMP:870649A4
AlternateDataStreams: C:\ProgramData\TEMP:8B4B9596
AlternateDataStreams: C:\ProgramData\TEMP:8E5EA40F
AlternateDataStreams: C:\ProgramData\TEMP:95198126
AlternateDataStreams: C:\ProgramData\TEMP:A02025CE
AlternateDataStreams: C:\ProgramData\TEMP:AECF4772
AlternateDataStreams: C:\ProgramData\TEMP:AED33A42
AlternateDataStreams: C:\ProgramData\TEMP:B0456F0C
AlternateDataStreams: C:\ProgramData\TEMP:B1786630
AlternateDataStreams: C:\ProgramData\TEMP:B5CC7C28
AlternateDataStreams: C:\ProgramData\TEMP:C0893153
AlternateDataStreams: C:\ProgramData\TEMP:C48A983C
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
AlternateDataStreams: C:\ProgramData\TEMP:CC4C59B4
AlternateDataStreams: C:\ProgramData\TEMP:CF61CE5A
AlternateDataStreams: C:\ProgramData\TEMP:D3A89E47
AlternateDataStreams: C:\ProgramData\TEMP:DAE3E5CC
AlternateDataStreams: C:\ProgramData\TEMP:DC0B1070
AlternateDataStreams: C:\ProgramData\TEMP:DE875C30
AlternateDataStreams: C:\ProgramData\TEMP:DE9AC04F
AlternateDataStreams: C:\ProgramData\TEMP:E2CFA9CD
AlternateDataStreams: C:\ProgramData\TEMP:E411AA0D
AlternateDataStreams: C:\ProgramData\TEMP:E7B4296D
AlternateDataStreams: C:\ProgramData\TEMP:EA10407C
AlternateDataStreams: C:\ProgramData\TEMP:ED2998F5
AlternateDataStreams: C:\ProgramData\TEMP:EE39C93C
AlternateDataStreams: C:\ProgramData\TEMP:F792B89F
AlternateDataStreams: C:\ProgramData\TEMP:F8F070C2
AlternateDataStreams: C:\ProgramData\TEMP:FAB64002
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: FreePDF Assistant => C:\Program Files\FreePDF_XP\fpassist.exe
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SynTPStart => C:\Program Files\Synaptics\SynTP\SynTPStart.exe
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
==================== Faulty Device Manager Devices =============
Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft-ISATAP-Adapter #2
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/06/2014 11:05:53 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (06/06/2014 11:05:53 AM) (Source: VSS) (EventID: 40) (User: )
Description: Volumeschattenkopie-Dienst-Fehler: Der Dienst "Microsoft-Softwareschattenkopie-Anbieter"
(SWPRV) ist deaktiviert. Aktivieren Sie den Dienst, und wiederholen Sie den Vorgang.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 59%
Total physical RAM: 1981.87 MB
Available physical RAM: 804.1 MB
Total Pagefile: 4209.02 MB
Available Pagefile: 2673.42 MB
Total Virtual: 2047.88 MB
Available Virtual: 1930.31 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:106.56 GB) (Free:33.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:5.23 GB) (Free:1.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 112 GB) (Disk ID: EBD671CE)
Partition 1: (Active) - (Size=107 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
06.06.2014, 10:58
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bank hat Online-Banking gesperrt wegen Verdacht von Trojaner Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Kaspersky Lab <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}t; C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}t.sys [55224 2014-04-28] (StdLib)
S2 vxlsnyaiet32; C:\Program Files\003\vxlsnyaiet32.exe run options=01100010030000000000000000000000 sourceguid=CB78F643-3729-434F-8C25-F28D15F025F3 [X]
C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}t.sys
C:\Program Files\003
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.06.2014, 11:35
| #11 |
| | Bank hat Online-Banking gesperrt wegen Verdacht von TrojanerCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:02-06-2014
Ran by Sonja at 2014-06-06 12:14:38 Run:1
Running from C:\Users\Sonja\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Kaspersky Lab <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}t; C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}t.sys [55224 2014-04-28] (StdLib)
S2 vxlsnyaiet32; C:\Program Files\003\vxlsnyaiet32.exe run options=01100010030000000000000000000000 sourceguid=CB78F643-3729-434F-8C25-F28D15F025F3 [X]
C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}t.sys
C:\Program Files\003
*****************
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
{9edd0ea8-2819-47c2-8320-b007d5996f8a}t => Unable to stop service
{9edd0ea8-2819-47c2-8320-b007d5996f8a}t => Service deleted successfully.
vxlsnyaiet32 => Service deleted successfully.
C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}t.sys => Moved successfully.
"C:\Program Files\003" => File/Directory not found.
The system needed a reboot.
==== End of Fixlog ====
|
|
06.06.2014, 14:24
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bank hat Online-Banking gesperrt wegen Verdacht von Trojaner Ich brauch den Quarantäneordner von FRST. Bitte folgendes machen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen! 2.) Ordner Quarantine in C:\FRST in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.06.2014, 14:59
| #13 |
| | Bank hat Online-Banking gesperrt wegen Verdacht von Trojaner Erfolgreich geladen |
|
07.06.2014, 00:13
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bank hat Online-Banking gesperrt wegen Verdacht von Trojaner Danke!  Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.06.2014, 07:08
| #15 |
| | Bank hat Online-Banking gesperrt wegen Verdacht von TrojanerCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:06-06-2014
Ran by Sonja at 2014-06-07 08:04:56
Running from C:\Users\Sonja\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
32 Bit HP CIO Components Installer (Version: 2.1.5 - Hewlett-Packard) Hidden
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Reader 8.1.3 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A81300000003}) (Version: 8.1.3 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 10.3.0.24 - Adobe Systems, Inc.)
ASL_HS_Installer32 (Version: 1.0.9 - Hewlett-Packard) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
BPM-Studio 4 Profi (HKLM\...\BPM-Studio 4 Profi) (Version: - )
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 5.10.38.26 - Broadcom Corporation)
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version: - )
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 110.0.180.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DocMgr (Version: 100.0.201.000 - Hewlett-Packard) Hidden
DocProc (Version: 10.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
ElsterFormular 2006/2007 (HKLM\...\{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}) (Version: 8.1.0.0 - Steuerverwaltung des Bundes und der Länder)
ElsterFormular 2007/2008 (HKLM\...\{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}) (Version: 9.1.0.0 - Steuerverwaltung des Bundes und der Länder)
ElsterFormular 2008/2009 (HKLM\...\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}) (Version: 10.3.1.0 - Steuerverwaltung des Bundes und der Länder)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version: - )
GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version: - )
Hewlett-Packard Active Check (Version: 1.1.4.0 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent (Version: 2.0.55.0 - HP) Hidden
HP Active Support Library (Version: 1.0.21 - Hewlett-Packard) Hidden
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Document Manager 1.0 (HKLM\...\HP Document Manager) (Version: 1.0 - HP)
HP Easy Setup - Core (HKLM\...\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}) (Version: 1.00.0000 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.00.0000 - Hewlett-Packard)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
HP Photosmart Essential2.01 (Version: 1.01.0000 - Hewlett-Packard) Hidden
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
HP QuickPlay 3.0 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - )
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
HP Support Solutions Framework (HKLM\...\{23CCE784-A812-4647-AEFF-1DCCD4E57478}) (Version: 11.50.0000 - Hewlett-Packard Company)
HP Update (HKLM\...\{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}) (Version: 5.002.007.004 - Hewlett-Packard)
HP User Guide 0041 (HKLM\...\{D5CEFEDA-38DF-4F94-A392-C86163CB9965}) (Version: 1.00.0008 - Ihr Firmenname)
HP Wireless Assistant (HKLM\...\{D32067CD-7409-4792-BFA0-1469BCD8F0C8}) (Version: 3.00 F1 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Java(TM) 6 Update 16 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.160 - Sun Microsystems, Inc.)
Java(TM) 6 Update 2 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160020}) (Version: 1.6.0.20 - Sun Microsystems, Inc.)
Java(TM) SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lexware business office pro 2007 (Version: 7.00 - Lexware) Hidden
Lexware business office pro 2008 (Version: 8.00.00.0084 - Lexware) Hidden
Lexware business office pro Aktualisierung Februar 2008, Version 8.20 (Version: 8.20.00.0016 - Lexware) Hidden
Lexware Business office pro Aktualisierung Februar 2009, Version 9.20 (Version: 9.20.00.0024 - Lexware) Hidden
Lexware business office pro Aktualisierung Januar 2008, Version 8.10 (Version: 8.10.00.0021 - Lexware) Hidden
LightScribe 1.4.124.1 (Version: 1.4.124.1 - hxxp://www.lightscribe.com) Hidden
MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Basic 2007 (HKLM\...\BASICR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Basic 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Thunderbird (3.1.7) (HKLM\...\Mozilla Thunderbird (3.1.7)) (Version: 3.1.7 (de) - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
OCR Software by I.R.I.S. 10.0 (HKLM\...\HPOCR) (Version: 10.0 - HP)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
RENESIS® Player Browser Plugins (HKLM\...\{62B7C52C-CAB6-48B1-8245-52356C141C92}) (Version: 1.1.1 - examotion® GmbH)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}) (Version: 9.0.114 - Roxio)
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Assistant (HKLM\...\Samsung Scan Assistant) (Version: 1.05.07 (20.07.2012) - Samsung Electronics Co., Ltd.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Servicepack Datumsaktualisierung (Version: 1.00.00.0005 - Haufe-Lexware) Hidden
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 100.0.175.000 - Hewlett-Packard) Hidden
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Status (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.0.7.0 - Synaptics)
TomTom HOME (HKLM\...\{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}) (Version: 2.9.2 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TrayApp (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_BASICR_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_BASICR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_BASICR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_BASICR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.00 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
==================== Restore Points =========================
==================== Hosts content: ==========================
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {12A18A08-CD69-43C1-9C90-26445111CB65} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {29DB40C4-DF1C-4BB9-9BA3-A8B2E1C3EA0A} - System32\Tasks\Microsoft\Windows\RestartManager\{DAE54BFC-0BDF-4e52-A9E8-0AF1BE3BE28F} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {6635AD3B-DA42-4324-87BB-D58F45C726A5} - System32\Tasks\Hewlett-Packard-Online-Aktualisierungsprogramm => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2006-12-04] (Hewlett-Packard)
Task: {8F6EBC33-B779-4643-8448-1C4CDE96A393} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {A7D784AB-EAEC-467D-BEE0-1D69AD76A2EA} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2008-11-03] (Lexware GmbH & Co. KG)
Task: {D1CD1915-CD34-41DA-B98F-F20D2FB57E79} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2011-01-12] (Hewlett-Packard)
Task: {D3ABB18C-61D6-41C8-92BF-AD9976C5618F} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Sonja => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {EC3FB6EA-5415-48D9-9B85-DEDAB010ED24} - System32\Tasks\HP Health Check => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2006-12-04] (Hewlett-Packard)
Task: {F5AB1F0D-9A42-4872-BF87-A1FD9FF6E40D} - System32\Tasks\Sun Microsystems-Online-Aktualisierungsprogramm => C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-26] (Sun Microsystems, Inc.)
Task: {FFCF8DCF-6CF0-41BE-9BFB-7C3759BF6162} - System32\Tasks\InstallShield Software-Online-Aktualisierungsprogramm => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
==================== Loaded Modules (whitelisted) =============
2010-04-05 13:27 - 2005-01-06 18:33 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2011-06-16 05:11 - 2011-06-16 05:11 - 00024064 _____ () C:\Windows\System32\ssn2mlm.dll
2011-06-16 05:10 - 2013-10-22 06:12 - 00889344 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\ssn2mdu.dll
2007-01-19 05:44 - 2006-11-25 01:34 - 00270431 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
2007-01-19 05:44 - 2006-11-25 01:34 - 00233573 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
2007-01-19 05:44 - 2006-11-25 01:34 - 00032768 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
2007-01-19 05:44 - 2006-11-25 01:34 - 00118877 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
2007-01-19 05:44 - 2006-11-25 01:34 - 00114783 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
2007-01-19 05:44 - 2006-11-25 01:34 - 00339968 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
2009-02-26 14:46 - 2009-02-26 14:46 - 00064344 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 12:46 - 2011-06-22 12:46 - 00434016 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Sonja:zylomtest
AlternateDataStreams: C:\Users\Sonja:zylomtr{00013KEU-UKQE-K6V0-9MH3-29NVUQ9IEVVB}
AlternateDataStreams: C:\Users\Sonja:zylomtr{000HQ7FF-AD7A-3FG4-OK39-27NOI1CL8VVO}
AlternateDataStreams: C:\ProgramData\TEMP:0BBF232A
AlternateDataStreams: C:\ProgramData\TEMP:1392F09D
AlternateDataStreams: C:\ProgramData\TEMP:1ECED34B
AlternateDataStreams: C:\ProgramData\TEMP:23834E1E
AlternateDataStreams: C:\ProgramData\TEMP:24C072FF
AlternateDataStreams: C:\ProgramData\TEMP:29629382
AlternateDataStreams: C:\ProgramData\TEMP:29F0CA7D
AlternateDataStreams: C:\ProgramData\TEMP:2AE74FF9
AlternateDataStreams: C:\ProgramData\TEMP:2E3F04BC
AlternateDataStreams: C:\ProgramData\TEMP:3086B95F
AlternateDataStreams: C:\ProgramData\TEMP:32A82570
AlternateDataStreams: C:\ProgramData\TEMP:370E4EFB
AlternateDataStreams: C:\ProgramData\TEMP:397D67BA
AlternateDataStreams: C:\ProgramData\TEMP:3A7527E8
AlternateDataStreams: C:\ProgramData\TEMP:4A448DB2
AlternateDataStreams: C:\ProgramData\TEMP:4A906D4A
AlternateDataStreams: C:\ProgramData\TEMP:4DCAC4BC
AlternateDataStreams: C:\ProgramData\TEMP:4DDE401B
AlternateDataStreams: C:\ProgramData\TEMP:50092C64
AlternateDataStreams: C:\ProgramData\TEMP:5080697C
AlternateDataStreams: C:\ProgramData\TEMP:512E1728
AlternateDataStreams: C:\ProgramData\TEMP:535F54F3
AlternateDataStreams: C:\ProgramData\TEMP:572631AC
AlternateDataStreams: C:\ProgramData\TEMP:5FFC2819
AlternateDataStreams: C:\ProgramData\TEMP:627153F1
AlternateDataStreams: C:\ProgramData\TEMP:697DDE2B
AlternateDataStreams: C:\ProgramData\TEMP:6A4353C3
AlternateDataStreams: C:\ProgramData\TEMP:6F0B6A5A
AlternateDataStreams: C:\ProgramData\TEMP:71612023
AlternateDataStreams: C:\ProgramData\TEMP:74165027
AlternateDataStreams: C:\ProgramData\TEMP:7ADB695A
AlternateDataStreams: C:\ProgramData\TEMP:80F63EC3
AlternateDataStreams: C:\ProgramData\TEMP:848CC150
AlternateDataStreams: C:\ProgramData\TEMP:870649A4
AlternateDataStreams: C:\ProgramData\TEMP:8B4B9596
AlternateDataStreams: C:\ProgramData\TEMP:8E5EA40F
AlternateDataStreams: C:\ProgramData\TEMP:95198126
AlternateDataStreams: C:\ProgramData\TEMP:A02025CE
AlternateDataStreams: C:\ProgramData\TEMP:AECF4772
AlternateDataStreams: C:\ProgramData\TEMP:AED33A42
AlternateDataStreams: C:\ProgramData\TEMP:B0456F0C
AlternateDataStreams: C:\ProgramData\TEMP:B1786630
AlternateDataStreams: C:\ProgramData\TEMP:B5CC7C28
AlternateDataStreams: C:\ProgramData\TEMP:C0893153
AlternateDataStreams: C:\ProgramData\TEMP:C48A983C
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
AlternateDataStreams: C:\ProgramData\TEMP:CC4C59B4
AlternateDataStreams: C:\ProgramData\TEMP:CF61CE5A
AlternateDataStreams: C:\ProgramData\TEMP:D3A89E47
AlternateDataStreams: C:\ProgramData\TEMP:DAE3E5CC
AlternateDataStreams: C:\ProgramData\TEMP:DC0B1070
AlternateDataStreams: C:\ProgramData\TEMP:DE875C30
AlternateDataStreams: C:\ProgramData\TEMP:DE9AC04F
AlternateDataStreams: C:\ProgramData\TEMP:E2CFA9CD
AlternateDataStreams: C:\ProgramData\TEMP:E411AA0D
AlternateDataStreams: C:\ProgramData\TEMP:E7B4296D
AlternateDataStreams: C:\ProgramData\TEMP:EA10407C
AlternateDataStreams: C:\ProgramData\TEMP:ED2998F5
AlternateDataStreams: C:\ProgramData\TEMP:EE39C93C
AlternateDataStreams: C:\ProgramData\TEMP:F792B89F
AlternateDataStreams: C:\ProgramData\TEMP:F8F070C2
AlternateDataStreams: C:\ProgramData\TEMP:FAB64002
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: FreePDF Assistant => C:\Program Files\FreePDF_XP\fpassist.exe
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SynTPStart => C:\Program Files\Synaptics\SynTP\SynTPStart.exe
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
==================== Faulty Device Manager Devices =============
Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft-ISATAP-Adapter #2
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/07/2014 08:05:00 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (06/07/2014 08:05:00 AM) (Source: VSS) (EventID: 40) (User: )
Description: Volumeschattenkopie-Dienst-Fehler: Der Dienst "Microsoft-Softwareschattenkopie-Anbieter"
(SWPRV) ist deaktiviert. Aktivieren Sie den Dienst, und wiederholen Sie den Vorgang.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (06/06/2014 03:59:58 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 16
Snapshotkontext: 16
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: C:\
Ausführungskontext: Coordinator
Error: (06/06/2014 03:59:58 PM) (Source: VSS) (EventID: 40) (User: )
Description: Volumeschattenkopie-Dienst-Fehler: Der Dienst "Microsoft-Softwareschattenkopie-Anbieter"
(SWPRV) ist deaktiviert. Aktivieren Sie den Dienst, und wiederholen Sie den Vorgang.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 16
Snapshotkontext: 16
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: C:\
Ausführungskontext: Coordinator
Error: (06/06/2014 11:05:53 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (06/06/2014 11:05:53 AM) (Source: VSS) (EventID: 40) (User: )
Description: Volumeschattenkopie-Dienst-Fehler: Der Dienst "Microsoft-Softwareschattenkopie-Anbieter"
(SWPRV) ist deaktiviert. Aktivieren Sie den Dienst, und wiederholen Sie den Vorgang.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
System errors:
=============
Error: (06/06/2014 00:20:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Windows Media Player-NetzwerkfreigabedienstUPnP-Gerätehost%%1058
Error: (06/06/2014 00:19:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: HP CUE DeviceDiscovery Service%%2147500037
Error: (06/06/2014 00:19:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: kl1
Error: (06/06/2014 00:19:57 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Diagnosediensthost
Error: (06/06/2014 00:19:55 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
Error: (06/06/2014 00:19:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Windows-BilderfassungShellhardwareerkennung%%1058
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 51%
Total physical RAM: 1981.87 MB
Available physical RAM: 967.84 MB
Total Pagefile: 4209.02 MB
Available Pagefile: 2834.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1930.38 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:106.56 GB) (Free:33.37 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:5.23 GB) (Free:1.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 112 GB) (Disk ID: EBD671CE)
Partition 1: (Active) - (Size=107 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-06-2014
Ran by Sonja (administrator) on SONJA-PC on 07-06-2014 08:04:09
Running from C:\Users\Sonja\Downloads
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-04] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800 2008-03-28] (Synaptics, Inc.)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [13601312 2009-06-24] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] => C:\Windows\system32\NvMcTray.dll [92704 2009-06-24] (NVIDIA Corporation)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472776 2007-03-01] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [317128 2007-01-10] (Hewlett-Packard Development Company, L.P.)
HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\launcher.exe [44128 2006-11-08] (soft thinks)
HKU\S-1-5-21-3630345418-880999805-3251746199-1000\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [247768 2012-08-28] (TomTom)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {FD524BA7-ACF0-49FE-9360-E6BCCDCC5412} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2009-09-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-08-14]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-08-14]
========================== Services (Whitelisted) =================
S3 AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [126976 2006-06-26] (Hewlett-Packard Development Company, L.P.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-06-04] (Avira Operations GmbH & Co. KG)
R2 CLCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [270431 2006-11-25] ()
R2 CLSched; C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [118877 2006-11-25] ()
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [58984 2006-12-04] (Hewlett-Packard)
R3 hpqcxs08; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.)
S2 hpqddsvc; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll [135168 2008-03-25] (Hewlett-Packard Co.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation)
S2 CLTNetCnService; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [145920 2006-11-18] (Conexant Systems Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 WinPhlash; C:\SwSetup\sp48125\SWinFlash\PHLASHNT.SYS [31616 2006-09-06] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 eabfiltr;
S3 HSXHWAZL; system32\DRIVERS\HSXHWAZL.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 kl1; system32\DRIVERS\kl1.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 TSP; system32\DRIVERS\klif.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-07 08:04 - 2014-06-07 08:04 - 00000000 ____D () C:\Users\Sonja\Downloads\FRST-OlderVersion
2014-06-06 10:21 - 2014-06-06 10:21 - 00001163 _____ () C:\Users\Sonja\Desktop\JRT.txt
2014-06-06 10:16 - 2014-06-06 10:16 - 00000000 ____D () C:\Windows\ERUNT
2014-06-06 10:15 - 2014-06-06 10:15 - 01016261 _____ (Thisisu) C:\Users\Sonja\Downloads\JRT.exe
2014-06-06 09:47 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-06-06 09:46 - 2014-06-06 09:54 - 00000000 ___DC () C:\AdwCleaner
2014-06-06 09:45 - 2014-06-06 09:45 - 01333465 _____ () C:\Users\Sonja\Desktop\adwcleaner_3.212.exe
2014-06-06 08:12 - 2014-06-06 08:12 - 00014690 ____C () C:\ComboFix.txt
2014-06-06 08:12 - 2014-06-06 08:12 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-06 08:12 - 2014-06-06 08:12 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-06 08:12 - 2014-06-06 08:12 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-05 22:02 - 2014-06-05 22:02 - 279988724 _____ () C:\Windows\MEMORY.DMP
2014-06-05 22:02 - 2014-06-05 22:02 - 00142488 _____ () C:\Windows\Minidump\Mini060514-01.dmp
2014-06-05 21:47 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-05 21:47 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-05 21:47 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-05 21:47 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-05 21:47 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-05 21:47 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-05 21:47 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-05 21:47 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-05 21:44 - 2014-06-06 08:12 - 00000000 ___DC () C:\Qoobox
2014-06-05 21:44 - 2014-06-06 08:07 - 00000000 ____D () C:\Windows\erdnt
2014-06-05 21:42 - 2014-06-05 21:42 - 05205146 ____R (Swearware) C:\Users\Sonja\Downloads\ComboFix.exe
2014-06-05 20:40 - 2014-06-05 20:40 - 00005500 _____ () C:\Users\Sonja\Downloads\Gmer.txt
2014-06-05 20:16 - 2014-06-05 20:16 - 00380416 _____ () C:\Users\Sonja\Downloads\Gmer-19357.exe
2014-06-05 20:14 - 2014-06-06 11:06 - 00031123 _____ () C:\Users\Sonja\Downloads\Addition.txt
2014-06-05 20:12 - 2014-06-07 08:04 - 00011485 _____ () C:\Users\Sonja\Downloads\FRST.txt
2014-06-05 20:12 - 2014-06-07 08:04 - 00000000 ___DC () C:\FRST
2014-06-05 20:11 - 2014-06-07 08:04 - 01063424 ____C (Farbar) C:\Users\Sonja\Downloads\FRST.exe
2014-06-05 20:10 - 2014-06-05 20:11 - 00000472 _____ () C:\Users\Sonja\Downloads\defogger_disable.log
2014-06-05 20:10 - 2014-06-05 20:10 - 00000000 _____ () C:\Users\Sonja\defogger_reenable
2014-06-05 20:08 - 2014-06-05 20:08 - 00050477 _____ () C:\Users\Sonja\Downloads\Defogger.exe
2014-05-16 07:32 - 2014-05-16 07:32 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-16 07:29 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 07:29 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-16 07:29 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 06:43 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
==================== One Month Modified Files and Folders =======
2014-06-07 08:04 - 2014-06-07 08:04 - 00000000 ____D () C:\Users\Sonja\Downloads\FRST-OlderVersion
2014-06-07 08:04 - 2014-06-05 20:12 - 00011485 _____ () C:\Users\Sonja\Downloads\FRST.txt
2014-06-07 08:04 - 2014-06-05 20:12 - 00000000 ___DC () C:\FRST
2014-06-07 08:04 - 2014-06-05 20:11 - 01063424 ____C (Farbar) C:\Users\Sonja\Downloads\FRST.exe
2014-06-07 08:04 - 2007-06-05 10:24 - 00000000 ____D () C:\Users\Sonja\AppData\Local\Temp
2014-06-07 08:02 - 2014-01-11 13:05 - 00074624 _____ () C:\ProgramData\nvModes.dat
2014-06-07 08:02 - 2014-01-11 13:05 - 00074624 _____ () C:\ProgramData\nvModes.001
2014-06-07 08:01 - 2007-06-05 20:01 - 01770308 _____ () C:\Windows\WindowsUpdate.log
2014-06-06 22:16 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-06 22:16 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-06 12:19 - 2011-07-07 22:13 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-06-06 12:17 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-06 12:16 - 2006-11-02 15:01 - 00032538 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-06 12:14 - 2006-11-02 13:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-06 11:06 - 2014-06-05 20:14 - 00031123 _____ () C:\Users\Sonja\Downloads\Addition.txt
2014-06-06 10:21 - 2014-06-06 10:21 - 00001163 _____ () C:\Users\Sonja\Desktop\JRT.txt
2014-06-06 10:16 - 2014-06-06 10:16 - 00000000 ____D () C:\Windows\ERUNT
2014-06-06 10:15 - 2014-06-06 10:15 - 01016261 _____ (Thisisu) C:\Users\Sonja\Downloads\JRT.exe
2014-06-06 09:57 - 2011-05-10 22:51 - 00242510 _____ () C:\Windows\PFRO.log
2014-06-06 09:54 - 2014-06-06 09:46 - 00000000 ___DC () C:\AdwCleaner
2014-06-06 09:54 - 2007-06-05 10:24 - 00000000 ____D () C:\Users\Sonja
2014-06-06 09:45 - 2014-06-06 09:45 - 01333465 _____ () C:\Users\Sonja\Desktop\adwcleaner_3.212.exe
2014-06-06 08:12 - 2014-06-06 08:12 - 00014690 ____C () C:\ComboFix.txt
2014-06-06 08:12 - 2014-06-06 08:12 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-06 08:12 - 2014-06-06 08:12 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-06 08:12 - 2014-06-06 08:12 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-06 08:12 - 2014-06-05 21:44 - 00000000 ___DC () C:\Qoobox
2014-06-06 08:12 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-06-06 08:12 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-06-06 08:07 - 2014-06-05 21:44 - 00000000 ____D () C:\Windows\erdnt
2014-06-06 08:03 - 2006-11-02 12:23 - 00000215 ____C () C:\Windows\system.ini
2014-06-05 22:02 - 2014-06-05 22:02 - 279988724 _____ () C:\Windows\MEMORY.DMP
2014-06-05 22:02 - 2014-06-05 22:02 - 00142488 _____ () C:\Windows\Minidump\Mini060514-01.dmp
2014-06-05 22:02 - 2007-10-25 11:10 - 00000000 ____D () C:\Windows\Minidump
2014-06-05 21:42 - 2014-06-05 21:42 - 05205146 ____R (Swearware) C:\Users\Sonja\Downloads\ComboFix.exe
2014-06-05 20:40 - 2014-06-05 20:40 - 00005500 _____ () C:\Users\Sonja\Downloads\Gmer.txt
2014-06-05 20:16 - 2014-06-05 20:16 - 00380416 _____ () C:\Users\Sonja\Downloads\Gmer-19357.exe
2014-06-05 20:11 - 2014-06-05 20:10 - 00000472 _____ () C:\Users\Sonja\Downloads\defogger_disable.log
2014-06-05 20:10 - 2014-06-05 20:10 - 00000000 _____ () C:\Users\Sonja\defogger_reenable
2014-06-05 20:08 - 2014-06-05 20:08 - 00050477 _____ () C:\Users\Sonja\Downloads\Defogger.exe
2014-06-05 20:00 - 2011-05-10 19:34 - 00000000 ____D () C:\Program Files\Trojan Remover
2014-06-05 09:30 - 2010-03-30 20:02 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-04 07:41 - 2012-12-18 20:02 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-04 07:41 - 2012-12-18 20:02 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-27 13:36 - 2011-02-23 21:11 - 00000000 ____D () C:\Users\Sonja\Documents\Sonja
2014-05-17 20:45 - 2011-08-04 20:32 - 00000000 ____D () C:\Users\Sonja\AppData\Local\.elfohilfe
2014-05-17 08:12 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-16 07:38 - 2009-01-13 19:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-16 07:37 - 2013-08-19 11:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 07:33 - 2006-11-02 12:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-16 07:32 - 2014-05-16 07:32 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 12:01 - 2010-04-05 13:28 - 00003300 ____C () C:\fpRedmon.log
2014-05-15 12:01 - 2010-04-05 13:28 - 00000000 ____D () C:\Users\Sonja\AppData\Local\FreePDF_XP
2014-05-13 17:56 - 2011-05-01 13:28 - 00000000 ____D () C:\Users\Sonja\EST
2014-05-12 18:21 - 2007-07-09 21:13 - 00000000 ____D () C:\Program Files\ElsterFormular
Some content of TEMP:
====================
C:\Users\Sonja\AppData\Local\Temp\avgnt.exe
C:\Users\Sonja\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-06-06 12:25
==================== End Of Log ============================
|
|
Linear-Darstellung
