| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PC hat eigenmächtig Internetseite h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad geöffnetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
19.06.2014, 20:01
| #1 |
| |  PC hat eigenmächtig Internetseite h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad geöffnet So habe alle Scans durchlaufen lassen. AdwCleaner: Code:
ATTFilter # AdwCleaner v3.212 - Bericht erstellt am 19/06/2014 um 19:28:42
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Nino - NINO-PC
# Gestartet von : C:\Users\Nino\Downloads\adwcleaner_3.212.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : ICQ Service
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files\Optimizer Pro
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Nino\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Nino\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Nino\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\Conduit
Ordner Gelöscht : C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\ConduitEngine
Ordner Gelöscht : C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\ICQToolbarData
Ordner Gelöscht : C:\Program Files\Mozilla Firefox\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\searchplugins\icqplugin-3.xml
Datei Gelöscht : C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDA6A420-C6FA-44FC-8158-53864B73581E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT1700389
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\PIP
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
***** [ Browser ] *****
-\\ Internet Explorer v7.0.6002.18005
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
-\\ Mozilla Firefox v30.0 (de)
[ Datei : C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\prefs.js ]
Zeile gelöscht : user_pref("CT1700389.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Zeile gelöscht : user_pref("CT1700389.CTID", "CT1700389");
Zeile gelöscht : user_pref("CT1700389.CommunitiesChangesLastCheckTime", "Thu Jun 03 2010 09:57:56 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.CommunityChanged", true);
Zeile gelöscht : user_pref("CT1700389.CurrentServerDate", "3-6-2010");
Zeile gelöscht : user_pref("CT1700389.DialogsAlignMode", "LTR");
Zeile gelöscht : user_pref("CT1700389.DownloadDomainsCheckInterval", "168");
Zeile gelöscht : user_pref("CT1700389.DownloadDomainsListLastCheckTime", "Thu Jun 03 2010 09:57:57 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.DownloadDomainsListLastServerUpdateTime", "1201073583");
Zeile gelöscht : user_pref("CT1700389.DownloadReferralCookieData", "");
Zeile gelöscht : user_pref("CT1700389.EMailNotifierPollDate", "Thu Jun 03 2010 09:57:59 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.FeedLastCount128491938150862572", 288);
Zeile gelöscht : user_pref("CT1700389.FeedLastCount128575629586249728", 17);
Zeile gelöscht : user_pref("CT1700389.FeedPollDate128575629586249728", "Thu Jun 03 2010 09:57:58 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.FeedPollDate128763355875137803", "Thu Jun 03 2010 09:57:58 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.FeedPollDate128763356097638018", "Thu Jun 03 2010 11:57:58 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.FeedPollDate128763356222169378", "Thu Jun 03 2010 11:57:58 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.FeedPollDate128763356772169656", "Thu Jun 03 2010 11:57:58 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.FeedPollDate128763356922168881", "Thu Jun 03 2010 11:57:58 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.FeedPollDate128763357141387910", "Thu Jun 03 2010 11:57:58 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.FeedPollDate128763358174356670", "Thu Jun 03 2010 09:57:59 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.FeedPollDate128763358378888162", "Thu Jun 03 2010 09:57:59 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.FeedPollDate128763358813731428", "Thu Jun 03 2010 09:57:59 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.FeedPollDate128763359039981926", "Thu Jun 03 2010 09:57:59 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.FeedPollDate128763359203575264", "Thu Jun 03 2010 09:57:59 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.FeedPollDate128763359372794293", "Thu Jun 03 2010 09:57:59 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.FeedPollDate128763359763731872", "Thu Jun 03 2010 11:57:59 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.FeedPollDate128763360041543951", "Thu Jun 03 2010 11:57:59 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.FeedPollDate128763360326700728", "Thu Jun 03 2010 09:57:59 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.FeedPollDate129091015757496686", "Thu Jun 03 2010 09:57:59 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.FeedTTL128763356097638018", 5);
Zeile gelöscht : user_pref("CT1700389.FeedTTL128763356222169378", 10);
Zeile gelöscht : user_pref("CT1700389.FeedTTL128763356772169656", 10);
Zeile gelöscht : user_pref("CT1700389.FeedTTL128763357141387910", 5);
Zeile gelöscht : user_pref("CT1700389.FeedTTL128763359763731872", 5);
Zeile gelöscht : user_pref("CT1700389.FeedTTL128763360326700728", 60);
Zeile gelöscht : user_pref("CT1700389.FirstServerDate", "3-6-2010");
Zeile gelöscht : user_pref("CT1700389.FirstTime", true);
Zeile gelöscht : user_pref("CT1700389.FirstTimeFF3", true);
Zeile gelöscht : user_pref("CT1700389.FirstTimeSettingsDone", true);
Zeile gelöscht : user_pref("CT1700389.FixPageNotFoundErrors", true);
Zeile gelöscht : user_pref("CT1700389.GroupingLastCheckTime", "Thu Jun 03 2010 09:57:57 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.GroupingLastErrorCode", "");
Zeile gelöscht : user_pref("CT1700389.GroupingLastResponse", true);
Zeile gelöscht : user_pref("CT1700389.GroupingLastServerUpdateTime", "129192867627230000");
Zeile gelöscht : user_pref("CT1700389.GroupingServerCheckInterval", 1440);
Zeile gelöscht : user_pref("CT1700389.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Zeile gelöscht : user_pref("CT1700389.Initialize", true);
Zeile gelöscht : user_pref("CT1700389.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("CT1700389.InstallationAndCookieDataSentCount", 1);
Zeile gelöscht : user_pref("CT1700389.InstallationType", "UnknownIntegration");
Zeile gelöscht : user_pref("CT1700389.InstalledDate", "Thu Jun 03 2010 09:57:56 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.InvalidateCache", false);
Zeile gelöscht : user_pref("CT1700389.IsGrouping", true);
Zeile gelöscht : user_pref("CT1700389.IsMulticommunity", true);
Zeile gelöscht : user_pref("CT1700389.IsOpenThankYouPage", true);
Zeile gelöscht : user_pref("CT1700389.IsOpenUninstallPage", true);
Zeile gelöscht : user_pref("CT1700389.LanguagePackLastCheckTime", "Thu Jun 03 2010 09:57:58 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.LanguagePackReloadIntervalMM", 1440);
Zeile gelöscht : user_pref("CT1700389.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Zeile gelöscht : user_pref("CT1700389.LastLogin_2.6.0.15", "Thu Jun 03 2010 09:57:58 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.LatestVersion", "2.1.0.18");
Zeile gelöscht : user_pref("CT1700389.Locale", "en-us");
Zeile gelöscht : user_pref("CT1700389.LoginCache", 4);
Zeile gelöscht : user_pref("CT1700389.MCDetectTooltipHeight", "83");
Zeile gelöscht : user_pref("CT1700389.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gelöscht : user_pref("CT1700389.MCDetectTooltipWidth", "295");
Zeile gelöscht : user_pref("CT1700389.RadioIsPodcast", false);
Zeile gelöscht : user_pref("CT1700389.RadioLastCheckTime", "Thu Jun 03 2010 09:57:59 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.RadioLastUpdateIPServer", "3");
Zeile gelöscht : user_pref("CT1700389.RadioLastUpdateServer", "128929877726170000");
Zeile gelöscht : user_pref("CT1700389.RadioMediaID", "9816740");
Zeile gelöscht : user_pref("CT1700389.RadioMediaType", "Media Player");
Zeile gelöscht : user_pref("CT1700389.RadioMenuSelectedID", "EBRadioMenu_CT17003899816740");
Zeile gelöscht : user_pref("CT1700389.RadioStationName", "KABC%20");
Zeile gelöscht : user_pref("CT1700389.RadioStationURL", "hxxp://citadelcc-kabc-am.wm.llnwd.net/citadelcc_KABC_AM");
Zeile gelöscht : user_pref("CT1700389.SHRINK_TOOLBAR", 1);
Zeile gelöscht : user_pref("CT1700389.SavedHomepage", "hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official");
Zeile gelöscht : user_pref("CT1700389.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT1700389&octid=EB_ORIGINAL_CTID&SearchSource=1");
Zeile gelöscht : user_pref("CT1700389.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("CT1700389.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1700389&q=");
Zeile gelöscht : user_pref("CT1700389.SearchInNewTabEnabled", true);
Zeile gelöscht : user_pref("CT1700389.SearchInNewTabIntervalMM", 1440);
Zeile gelöscht : user_pref("CT1700389.SearchInNewTabLastCheckTime", "Thu Jun 03 2010 09:57:59 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT1700389.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT1700389.SettingsCheckIntervalMin", 120);
Zeile gelöscht : user_pref("CT1700389.SettingsLastCheckTime", "Thu Jun 03 2010 09:57:56 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.SettingsLastUpdate", "1274805962");
Zeile gelöscht : user_pref("CT1700389.ThirdPartyComponentsInterval", 504);
Zeile gelöscht : user_pref("CT1700389.ThirdPartyComponentsLastCheck", "Thu Jun 03 2010 09:57:55 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.ThirdPartyComponentsLastUpdate", "1274805962");
Zeile gelöscht : user_pref("CT1700389.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Zeile gelöscht : user_pref("CT1700389.UserID", "UN41173380636108914");
Zeile gelöscht : user_pref("CT1700389.WeatherNetwork", "");
Zeile gelöscht : user_pref("CT1700389.WeatherPollDate", "Thu Jun 03 2010 09:58:00 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.WeatherUnit", "C");
Zeile gelöscht : user_pref("CT1700389.clientLogIsEnabled", true);
Zeile gelöscht : user_pref("CT1700389.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Zeile gelöscht : user_pref("CT1700389.myStuffEnabled", true);
Zeile gelöscht : user_pref("CT1700389.myStuffPublihserMinWidth", 400);
Zeile gelöscht : user_pref("CT1700389.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Zeile gelöscht : user_pref("CT1700389.myStuffServiceIntervalMM", 1440);
Zeile gelöscht : user_pref("CT1700389.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Zeile gelöscht : user_pref("CT1700389.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"803651ba7facb1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"807dc126dd28cc1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Zeile gelöscht : user_pref("CommunityToolbar.IsEngineShown", true);
Zeile gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Zeile gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT1700389,ConduitEngine");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT1700389");
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon May 09 2011 08:43:32 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Jun 23 2011 23:22:50 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jun 25 2011 19:32:58 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Zeile gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Zeile gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Zeile gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Zeile gelöscht : user_pref("CommunityToolbar.alert.userId", "de0aab94-299f-4dc0-b996-737f3132cf39");
Zeile gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Jun 03 2010 09:57:59 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1700389");
Zeile gelöscht : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Wed Jun 22 2011 23:10:13 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.CTID", "ConduitEngine");
Zeile gelöscht : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Jun 25 2011 19:33:00 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.FirstServerDate", "05/09/2011 09");
Zeile gelöscht : user_pref("ConduitEngine.FirstTime", true);
Zeile gelöscht : user_pref("ConduitEngine.FirstTimeFF3", true);
Zeile gelöscht : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Zeile gelöscht : user_pref("ConduitEngine.Initialize", true);
Zeile gelöscht : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("ConduitEngine.InstalledDate", "Mon May 09 2011 08:43:31 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.IsMulticommunity", false);
Zeile gelöscht : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Zeile gelöscht : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Zeile gelöscht : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Jun 25 2011 19:33:00 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sat Jun 25 2011 19:33:00 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Jun 25 2011 19:33:00 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.UserID", "UN09282711445668368");
Zeile gelöscht : user_pref("ConduitEngine.componentAlertEnabled", false);
Zeile gelöscht : user_pref("ConduitEngine.engineLocale", "de");
Zeile gelöscht : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Jun 25 2011 19:33:00 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Jun 25 2011 19:33:00 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.initDone", true);
Zeile gelöscht : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Zeile gelöscht : user_pref("ConduitEngine.usagesFlag", 2);
Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "IsoBuster Web Search");
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1700389&SearchSource=3&q={searchTerms}");
Zeile gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Zeile gelöscht : user_pref("icqtoolbar.engineVerified", true);
Zeile gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
Zeile gelöscht : user_pref("icqtoolbar.history", "youtube||osram||ntv.de||htwk-leipzig||toyota||uci||Opel-Werk%20Saragossa||wikipedia||lotto||kfw-studienkredit||saab%209-3%20turbo%20X||saab||MDV||matrikel%2007%20bernb[...]
Zeile gelöscht : user_pref("icqtoolbar.installsource", "1");
Zeile gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Zeile gelöscht : user_pref("icqtoolbar.previousFFVersion", "3.0.6");
Zeile gelöscht : user_pref("icqtoolbar.suggestions", false);
Zeile gelöscht : user_pref("icqtoolbar.uniqueID", "122719304512271930451227213618116");
Zeile gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1236600423);
Zeile gelöscht : user_pref("icqtoolbar.version", "1.1.2");
Zeile gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Zeile gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1700389&q=");
*************************
AdwCleaner[R0].txt - [22376 octets] - [19/06/2014 19:26:00]
AdwCleaner[S0].txt - [22243 octets] - [19/06/2014 19:28:42]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [22304 octets] ##########
Code:
ATTFilter <?xml version="1.0" encoding="UTF-8" ?>
<logs>
<record severity="debug" LoggingEventType="2" datetime="2014-06-19T19:45:35.161254+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINO-PC" last_modified_tag="66e5ef94-5b26-46b8-838f-d1c1d5165b91" result="Starting" subtype="Malware Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-06-19T19:45:35.176254+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINO-PC" last_modified_tag="a18efb59-5f3d-4307-9df4-46f2e10573c4" result="Started" subtype="Malware Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-06-19T19:45:35.207254+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINO-PC" last_modified_tag="38a3c77c-c582-46e0-88f6-58a675e1cb66" result="Starting" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="1" datetime="2014-06-19T19:45:41.289254+02:00" source="Manual" type="Update" username="SYSTEM" systemname="NINO-PC" fromVersion="2014.2.20.1" last_modified_tag="7a41d8a3-df13-4d2d-9e55-0f2990d95bcb" name="Rootkit Database" toVersion="2014.6.2.1"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-06-19T19:46:09.449254+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINO-PC" last_modified_tag="76348795-915b-4c7b-9e6c-739146bff0f7" result="Started" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="1" datetime="2014-06-19T19:46:12.713254+02:00" source="Manual" type="Update" username="SYSTEM" systemname="NINO-PC" fromVersion="2014.3.4.9" last_modified_tag="cb12a0be-31eb-44bd-ae1b-a99785fb1e0f" name="Malware Database" toVersion="2014.6.19.8"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-06-19T19:46:17.736254+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINO-PC" last_modified_tag="c398c7fa-b9a4-4979-9523-be35561813fe" result="Starting" subtype="Refresh"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-06-19T19:46:17.741254+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINO-PC" last_modified_tag="5f9c1bba-f9d4-41aa-a9a9-f98153867316" result="Stopping" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-06-19T19:46:17.773254+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINO-PC" last_modified_tag="c1ab68af-756c-493a-8c91-e45ca8f6f1d8" result="Stopped" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-06-19T19:46:22.391254+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINO-PC" last_modified_tag="abceba87-433a-4fcb-8647-b7764565f6f2" result="Success" subtype="Refresh"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-06-19T19:46:22.410254+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINO-PC" last_modified_tag="84d845e1-e79e-4ef7-9e32-f7b04f10ae98" result="Starting" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-06-19T19:46:22.788254+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINO-PC" last_modified_tag="dac9f125-93ac-4d28-8250-e9112c2e91cd" result="Started" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-06-19T20:39:36.524250+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINO-PC" last_modified_tag="81cdb3cb-2b32-40d8-be3c-1a62ed95c5ea" result="Starting" subtype="Malware Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-06-19T20:39:36.754250+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINO-PC" last_modified_tag="6f8930a4-c1cb-4c54-9e54-71ba20cba5e8" result="Started" subtype="Malware Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-06-19T20:39:36.774250+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINO-PC" last_modified_tag="2f31461e-12b2-40f0-8108-108ba03c0ad1" result="Starting" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-06-19T20:42:36.574250+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINO-PC" last_modified_tag="0e225486-3396-45a5-b5cd-74fb4de7448a" result="Started" subtype="Malicious Website Protection"></record>
</logs>
Code:
ATTFilter Zoek.exe v5.0.0.0 Updated 16-June-2014
Tool run by Nino on 19.06.2014 at 20:03:22,64.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Nino\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
19.06.2014 20:08:54 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-4257226603-2756161322-550577746-1003\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.de/");
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Ask.com");
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default
user.js not found
---- Lines ask.com modified from prefs.js ----
user_pref("extensions.enabledItems", "{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.4.13,{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,{CAFEEFAC-0016-0000-0
---- FireFox user.js and prefs.js backups ----
prefs__2021_.backup
==== Deleting Files \ Folders ======================
C:\Program Files\Common Files\DVDVideoSoft\bin deleted
C:\Program Files\Wolfram Research deleted
C:\Users\Nino\AppData\Roaming\Yahoo! deleted
C:\PROGRA~2\ICQ deleted
C:\Users\Nino\AppData\Local\cache deleted
C:\Users\Nino\Downloads\FreeYouTubeToMP3Converter(1).exe deleted
C:\Users\Nino\Downloads\FreeYouTubeToMP3Converter.exe deleted
C:\Users\Nino\Downloads\FreeYouTubeToMP3Converter_3.11.22.exe deleted
C:\Users\Nino\AppData\LocalLow\boost_interprocess deleted
C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\jetpack deleted
C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\CT1700389 deleted
C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\extensions\youtubeunblocker@unblocker.yt deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [03.04.2010 17:40]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default
- Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
- Free Hide IP - %ProfilePath%\extensions\support@free-hideip.com.xpi
- 572ae458-3f7c-4678-aa10-b22b5979d2c1 - %ProfilePath%\extensions\{572ae458-3f7c-4678-aa10-b22b5979d2c1}.xpi
- DVDVideoSoft YouTube MP3 and Video Download - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Unity Web Player Wizard Light - %ProfilePath%\extensions\{e5a64d20-3633-48ca-823e-6de40a412f20}.xpi
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default
FB5621842FDABF9F8359775573498FBC - C:\Users\Nino\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update
738C29EAC995029E13333034C1402F56 - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll - Shockwave Flash
5CB01CF141E021DAAE96991A5BA57944 - C:\Users\Nino\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
DD31F0C436E4F5E6FA9783FF8A80ADC1 - C:\Users\Nino\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
785105A23650755A8F7A72405EB0D923 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll - Google Update
1E5E8C84DE796A01D1D46E3A660690F1 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
F055C91A961601B8D50EF2976145AEE6 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
A32402A7A2AC60B5422255DF020EC44A - C:\Program Files\DivX\DivX Web Player\npdivx32.dll - DivX Plus Web Player
025BBEF5A248B09BDC6684747F6EB5BC - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U55
290A0130C74ADCD4546BC6900D1665D9 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.550.14
5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
86244E1B6D062BBE2B91AA5DA7376806 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll - DivX VOD Helper Plug-in
358878E398AB0FB8B1EE176C2E3EDF48 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll - Google Updater
31DA97B4682187C6639BBE2215814FDA - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.de/"
"ICQ Search"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://de.intl.acer.yahoo.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"ICQ Search"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://www.google.de/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{12520993-F63A-465C-92EF-EA73A3ACE58F} Google Url="hxxp://www.google.de/search?q={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
Nothing found to reset
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Users\Nino\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Nino\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\Nino\AppData\Local\Mozilla\Firefox\Profiles\qjax06cs.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=14915 folders=1638 1564010472 bytes)
==== Empty Temp Folders ======================
C:\Users\Anika\AppData\Local\temp emptied successfully
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Nino\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Nino\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Nino\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
==== EOF on 19.06.2014 at 20:42:47,90 ======================
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-06-2014 Ran by Nino (administrator) on NINO-PC on 19-06-2014 20:49:48 Running from C:\Users\Nino\Desktop Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 7 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe () C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe (Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (National Instruments, Inc.) C:\Windows\System32\lkcitdl.exe (National Instruments Corporation) C:\Windows\System32\lkads.exe (National Instruments Corporation) C:\Windows\System32\lktsrv.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Acer\Mobility Center\MobilityService.exe (National Instruments Corporation) C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe (National Instruments Corp.) C:\Windows\System32\nisvcloc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe () C:\Program Files\Join Air\AssistantServices.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe (acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor Corp.) C:\Users\Nino\AppData\Local\Temp\RtkBtMnt.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (National Instruments) C:\Program Files\National Instruments\Shared\Update Service\BackgroundService.exe () C:\Program Files\Join Air\UIExec.exe (shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe () C:\Program Files\DivX\DivX Update\DivXUpdate.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation) HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-07] (Synaptics, Inc.) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4853760 2008-01-08] (Realtek Semiconductor) HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [521776 2008-01-03] (Egis Incorporated) HKLM\...\Run: [WarReg_PopUp] => C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [303104 2008-01-29] (Acer Incorporated) HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [858632 2008-01-08] (Dritek System Inc.) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2007-10-11] (Nuance Communications, Inc.) HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2007-10-11] (Nuance Communications, Inc.) HKLM\...\Run: [PPort11reminder] => C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.) HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1089536 2008-02-19] (Brother Industries, Ltd.) HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [86016 2007-12-21] (Brother Industries, Ltd.) HKLM\...\Run: [NI Background Service] => C:\Program Files\National Instruments\Shared\Update Service\BackgroundService.exe [77824 2008-04-03] (National Instruments) HKLM\...\Run: [UIExec] => C:\Program Files\Join Air\UIExec.exe [132608 2009-08-31] () HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-21] (Realtek Semiconductor Corp.) HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-03] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] () HKU\S-1-5-21-4257226603-2756161322-550577746-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-4257226603-2756161322-550577746-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-4257226603-2756161322-550577746-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{08B785C1-3893-4154-B53B-F5D341D0AAAA}\Icon3E5562ED7.ico () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKCU - {12520993-F63A-465C-92EF-EA73A3ACE58F} URL = hxxp://www.google.de/search?q={searchTerms} SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_05-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_05-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 217.68.161.141 217.68.161.171 FireFox: ======== FF ProfilePath: C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default FF NewTab: hxxp://www.google.com/ FF DefaultSearchEngine: Google FF SearchEngineOrder.1: Google FF SelectedSearchEngine: Google FF Homepage: hxxp://www.google.com FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q= FF NetworkProxy: "backup.ftp", "" FF NetworkProxy: "backup.ftp_port", 0 FF NetworkProxy: "backup.socks", "" FF NetworkProxy: "backup.socks_port", 0 FF NetworkProxy: "backup.ssl", "" FF NetworkProxy: "backup.ssl_port", 0 FF NetworkProxy: "ftp", "proxy.htwk-leipzig.de" FF NetworkProxy: "ftp_port", 3128 FF NetworkProxy: "gopher", "" FF NetworkProxy: "gopher_port", 0 FF NetworkProxy: "http", "proxy.htwk-leipzig.de" FF NetworkProxy: "http_port", 3128 FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "proxy.htwk-leipzig.de" FF NetworkProxy: "socks_port", 3128 FF NetworkProxy: "ssl", "proxy.htwk-leipzig.de" FF NetworkProxy: "ssl_port", 3128 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Nino\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Nino\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Nino\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Nino\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPLV82Win32.dll (National Instruments) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nplv85win32.dll (National Instruments) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Nino\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Nino\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF SearchPlugin: C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\searchplugins\searchplugins-backup FF SearchPlugin: C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\searchplugins\znout-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Free Hide IP - C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\Extensions\support@free-hideip.com.xpi [2012-09-03] FF Extension: {572ae458-3f7c-4678-aa10-b22b5979d2c1} - C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\Extensions\{572ae458-3f7c-4678-aa10-b22b5979d2c1}.xpi [2013-10-30] FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20] FF Extension: Adblock Plus - C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-24] FF Extension: Unity Web Player Wizard Light - C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\Extensions\{e5a64d20-3633-48ca-823e-6de40a412f20}.xpi [2013-11-05] FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-01-25] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] ========================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG) R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] () R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528624 2009-08-23] (Cisco Systems, Inc.) R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [506416 2008-01-03] (Egis Incorporated) R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-01] (Acer Inc.) [File not signed] R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2007-12-20] (Acer Inc.) [File not signed] R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.) [File not signed] R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] () [File not signed] S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2011-07-27] (Flexera Software, Inc.) R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-06-04] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-06-04] (Hewlett-Packard Co.) [File not signed] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed] R2 LkCitadelServer; C:\Windows\system32\lkcitdl.exe [695136 2007-11-27] (National Instruments, Inc.) R2 lkClassAds; C:\Windows\system32\lkads.exe [40488 2007-11-27] (National Instruments Corporation) R2 lkTimeSync; C:\Windows\system32\lktsrv.exe [50736 2007-11-27] (National Instruments Corporation) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-11-27] () [File not signed] S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed] R2 NIDomainService; C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe [213552 2007-11-27] (National Instruments Corporation) S4 NILM License Manager; C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1007616 2007-01-29] (Macrovision Corporation) [File not signed] R2 niSvcLoc; C:\Windows\system32\nisvcloc.exe [48704 2007-07-19] (National Instruments Corp.) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed] S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [575488 2008-08-07] (Nokia.) [File not signed] S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [361728 2008-09-19] (TuneUp Software GmbH) R2 UI Assistant Service; C:\Program Files\Join Air\AssistantServices.exe [241664 2009-08-31] () [File not signed] R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-20] (acer) [File not signed] ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-06-03] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-03] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG) R2 cvintdrv; C:\Windows\system32\Drivers\cvintdrv.sys [4096 2007-10-23] () [File not signed] S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2009-08-23] (Cisco Systems, Inc.) [File not signed] R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.) S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-19] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2008-03-27] (NewTech Infosystems, Inc.) [File not signed] R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8064 2008-06-06] (Windows (R) Codename Longhorn DDK provider) S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8064 2008-05-07] (Windows (R) Codename Longhorn DDK provider) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) S3 catchme; \??\C:\Users\Nino\AppData\Local\Temp\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 WisINT15; \??\C:\Elements\1stboot\WisINT15.SYS [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-19 20:49 - 2014-06-19 20:50 - 00022418 _____ () C:\Users\Nino\Desktop\FRST.txt 2014-06-19 20:49 - 2014-06-19 20:49 - 00000000 ____D () C:\Users\Nino\Desktop\FRST-OlderVersion 2014-06-19 20:45 - 2014-06-19 20:45 - 00010276 _____ () C:\Users\Nino\Desktop\zoek-results.txt 2014-06-19 20:36 - 2014-06-19 20:03 - 00024064 _____ () C:\Windows\zoek-delete.exe 2014-06-19 20:08 - 2014-06-19 20:42 - 00010276 _____ () C:\zoek-results.log 2014-06-19 20:03 - 2014-06-19 20:31 - 00000000 ____D () C:\zoek_backup 2014-06-19 20:03 - 2014-06-19 20:03 - 01285120 _____ () C:\Users\Nino\Desktop\zoek.exe 2014-06-19 19:59 - 2014-06-19 19:59 - 00001159 _____ () C:\Users\Nino\Desktop\mbam.txt 2014-06-19 19:45 - 2014-06-19 20:43 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-19 19:44 - 2014-06-19 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-19 19:44 - 2014-06-19 19:44 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-19 19:44 - 2014-06-19 19:44 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-06-19 19:44 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-19 19:44 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-06-19 19:44 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-06-19 19:38 - 2014-06-19 19:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nino\Desktop\mbam-setup-2.0.2.1012.exe 2014-06-19 19:33 - 2014-06-19 19:33 - 00022385 _____ () C:\Users\Nino\Desktop\AdwCleaner[S0].txt 2014-06-19 19:25 - 2014-06-19 19:28 - 00000000 ____D () C:\AdwCleaner 2014-06-19 19:25 - 2014-06-19 19:25 - 01333465 _____ () C:\Users\Nino\Desktop\adwcleaner_3.212.exe 2014-06-19 17:59 - 2014-06-19 17:59 - 00013991 _____ () C:\Users\Nino\Desktop\ComboFix.txt 2014-06-19 17:41 - 2014-06-19 17:41 - 00013991 _____ () C:\ComboFix.txt 2014-06-19 17:20 - 2014-06-19 17:41 - 00000000 ____D () C:\Qoobox 2014-06-19 17:20 - 2014-06-19 17:41 - 00000000 ____D () C:\ComboFix 2014-06-19 17:20 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-06-19 17:20 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-06-19 17:20 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-06-19 17:20 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-06-19 17:20 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-06-19 17:20 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-06-19 17:20 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-06-19 17:20 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-06-19 17:19 - 2014-06-19 17:39 - 00000000 ____D () C:\Windows\erdnt 2014-06-19 17:13 - 2014-06-19 17:14 - 05207168 ____R (Swearware) C:\Users\Nino\Desktop\ComboFix.exe 2014-06-18 21:26 - 2014-06-18 21:26 - 00380416 _____ () C:\Users\Nino\Desktop\Gmer-19357.exe 2014-06-18 21:02 - 2014-06-18 21:06 - 00119702 _____ () C:\Users\Nino\Desktop\Ereignisse Avira.txt 2014-06-18 19:46 - 2014-06-18 19:53 - 00043637 _____ () C:\Users\Nino\Desktop\Addition alt.txt 2014-06-18 19:41 - 2014-06-18 19:53 - 00033578 _____ () C:\Users\Nino\Desktop\FRST alt.txt 2014-06-18 19:34 - 2014-06-19 20:49 - 00000000 ____D () C:\FRST 2014-06-18 19:27 - 2014-06-19 20:49 - 01072128 _____ (Farbar) C:\Users\Nino\Desktop\FRST.exe 2014-06-12 20:49 - 2014-06-12 20:49 - 00000000 ____D () C:\Users\Nino\AppData\Local\Adobe 2014-06-12 18:12 - 2014-05-06 06:46 - 03630592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-12 18:12 - 2014-05-06 06:46 - 01177600 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-12 18:12 - 2014-05-06 06:46 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-12 18:12 - 2014-05-06 06:46 - 00671744 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll 2014-06-12 18:12 - 2014-05-06 06:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-12 18:12 - 2014-05-06 06:46 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-12 18:12 - 2014-05-06 06:46 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-06-12 18:12 - 2014-05-06 06:45 - 06119424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-12 18:12 - 2014-05-06 06:45 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-12 18:12 - 2014-05-06 06:45 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-12 18:12 - 2014-05-06 06:45 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-06-12 18:12 - 2014-05-06 06:45 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-12 18:12 - 2014-05-06 06:45 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-12 18:12 - 2014-05-06 06:45 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll 2014-06-12 18:12 - 2014-05-06 05:16 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-06-12 18:12 - 2014-05-06 05:07 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-12 18:12 - 2014-04-26 18:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-12 18:12 - 2014-04-05 04:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-12 18:12 - 2014-03-10 03:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-12 18:12 - 2014-03-10 03:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-11 18:44 - 2014-06-11 18:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-31 10:06 - 2014-05-31 10:06 - 00000000 ____D () C:\Program Files\Common Files\Skype ==================== One Month Modified Files and Folders ======= 2014-06-19 20:50 - 2014-06-19 20:49 - 00022418 _____ () C:\Users\Nino\Desktop\FRST.txt 2014-06-19 20:49 - 2014-06-19 20:49 - 00000000 ____D () C:\Users\Nino\Desktop\FRST-OlderVersion 2014-06-19 20:49 - 2014-06-18 19:34 - 00000000 ____D () C:\FRST 2014-06-19 20:49 - 2014-06-18 19:27 - 01072128 _____ (Farbar) C:\Users\Nino\Desktop\FRST.exe 2014-06-19 20:47 - 2008-07-26 04:54 - 01174778 _____ () C:\Windows\WindowsUpdate.log 2014-06-19 20:45 - 2014-06-19 20:45 - 00010276 _____ () C:\Users\Nino\Desktop\zoek-results.txt 2014-06-19 20:43 - 2014-06-19 19:45 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-19 20:43 - 2014-03-23 19:19 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4257226603-2756161322-550577746-1003UA.job 2014-06-19 20:42 - 2014-06-19 20:08 - 00010276 _____ () C:\zoek-results.log 2014-06-19 20:42 - 2008-11-19 10:47 - 00000416 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{CFFA0713-7CE4-4E47-A2F3-3D61073123BF}.job 2014-06-19 20:39 - 2010-01-06 22:56 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-19 20:39 - 2009-10-17 18:30 - 21943602 _____ () C:\Windows\PFRO.log 2014-06-19 20:39 - 2008-09-19 22:45 - 00000498 _____ () C:\Windows\Tasks\1-Klick-Wartung.job 2014-06-19 20:39 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-19 20:39 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-19 20:39 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-19 20:37 - 2008-07-26 04:56 - 00000012 _____ () C:\Windows\bthservsdp.dat 2014-06-19 20:37 - 2006-11-02 15:01 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-06-19 20:33 - 2011-12-18 20:26 - 00000000 ____D () C:\Users\Nino\AppData\Roaming\Skype 2014-06-19 20:31 - 2014-06-19 20:03 - 00000000 ____D () C:\zoek_backup 2014-06-19 20:31 - 2012-11-19 11:36 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft 2014-06-19 20:24 - 2010-01-06 22:56 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-19 20:13 - 2012-04-06 22:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-19 20:03 - 2014-06-19 20:36 - 00024064 _____ () C:\Windows\zoek-delete.exe 2014-06-19 20:03 - 2014-06-19 20:03 - 01285120 _____ () C:\Users\Nino\Desktop\zoek.exe 2014-06-19 19:59 - 2014-06-19 19:59 - 00001159 _____ () C:\Users\Nino\Desktop\mbam.txt 2014-06-19 19:44 - 2014-06-19 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-19 19:44 - 2014-06-19 19:44 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-19 19:44 - 2014-06-19 19:44 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-06-19 19:38 - 2014-06-19 19:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nino\Desktop\mbam-setup-2.0.2.1012.exe 2014-06-19 19:33 - 2014-06-19 19:33 - 00022385 _____ () C:\Users\Nino\Desktop\AdwCleaner[S0].txt 2014-06-19 19:28 - 2014-06-19 19:25 - 00000000 ____D () C:\AdwCleaner 2014-06-19 19:25 - 2014-06-19 19:25 - 01333465 _____ () C:\Users\Nino\Desktop\adwcleaner_3.212.exe 2014-06-19 18:42 - 2014-03-23 19:19 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4257226603-2756161322-550577746-1003Core.job 2014-06-19 18:24 - 2008-09-20 11:23 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2014-06-19 17:59 - 2014-06-19 17:59 - 00013991 _____ () C:\Users\Nino\Desktop\ComboFix.txt 2014-06-19 17:41 - 2014-06-19 17:41 - 00013991 _____ () C:\ComboFix.txt 2014-06-19 17:41 - 2014-06-19 17:20 - 00000000 ____D () C:\Qoobox 2014-06-19 17:41 - 2014-06-19 17:20 - 00000000 ____D () C:\ComboFix 2014-06-19 17:41 - 2010-01-24 17:27 - 00000000 ____D () C:\Users\Anika 2014-06-19 17:41 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default 2014-06-19 17:41 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public 2014-06-19 17:39 - 2014-06-19 17:19 - 00000000 ____D () C:\Windows\erdnt 2014-06-19 17:37 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini 2014-06-19 17:14 - 2014-06-19 17:13 - 05207168 ____R (Swearware) C:\Users\Nino\Desktop\ComboFix.exe 2014-06-19 17:11 - 2008-10-20 20:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-06-19 17:11 - 2008-10-20 20:32 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2014-06-19 00:06 - 2008-09-19 18:16 - 00000000 ____D () C:\Users\Nino 2014-06-18 23:37 - 2008-09-19 23:03 - 00000000 ____D () C:\ProgramData\TEMP 2014-06-18 21:26 - 2014-06-18 21:26 - 00380416 _____ () C:\Users\Nino\Desktop\Gmer-19357.exe 2014-06-18 21:06 - 2014-06-18 21:02 - 00119702 _____ () C:\Users\Nino\Desktop\Ereignisse Avira.txt 2014-06-18 19:53 - 2014-06-18 19:46 - 00043637 _____ () C:\Users\Nino\Desktop\Addition alt.txt 2014-06-18 19:53 - 2014-06-18 19:41 - 00033578 _____ () C:\Users\Nino\Desktop\FRST alt.txt 2014-06-14 14:38 - 2009-03-24 21:20 - 00001022 _____ () C:\Windows\Tasks\Google Software Updater.job 2014-06-13 17:17 - 2009-10-19 10:37 - 00000000 ____D () C:\Users\Nino\Documents\Privat 2014-06-12 20:49 - 2014-06-12 20:49 - 00000000 ____D () C:\Users\Nino\AppData\Local\Adobe 2014-06-12 19:00 - 2012-04-06 22:53 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-06-12 19:00 - 2011-05-20 21:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-06-12 18:51 - 2012-04-26 14:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-06-12 18:31 - 2008-03-27 22:27 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-06-12 18:29 - 2013-08-14 11:48 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-12 18:26 - 2006-11-02 12:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-06-12 17:56 - 2014-04-09 17:49 - 00000000 ____D () C:\Users\Nino\Documents\Arbeit 2014-06-12 17:53 - 2006-11-02 12:33 - 01715048 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-11 18:44 - 2014-06-11 18:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-06-09 13:38 - 2008-09-19 22:46 - 00000000 ____D () C:\Users\Nino\AppData\Roaming\Mozilla 2014-06-09 13:26 - 2011-07-26 21:46 - 00000000 ____D () C:\Users\Nino\AppData\Local\FreePDF_XP 2014-06-09 13:17 - 2014-04-18 20:24 - 00010406 _____ () C:\Users\Nino\Desktop\Meine Schulden.xlsx 2014-06-03 18:01 - 2012-12-18 11:19 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-06-03 18:01 - 2012-12-18 11:19 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-06-02 19:01 - 2013-11-26 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX 2014-06-02 19:01 - 2011-01-01 17:26 - 00000000 ____D () C:\ProgramData\DivX 2014-06-02 19:00 - 2011-01-01 17:27 - 00000000 ____D () C:\Program Files\DivX 2014-05-31 10:06 - 2014-05-31 10:06 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-05-31 10:06 - 2014-03-03 08:11 - 00000000 ___RD () C:\Program Files\Skype 2014-05-31 10:06 - 2011-12-18 20:26 - 00000000 ____D () C:\ProgramData\Skype 2014-05-31 10:05 - 2011-02-24 11:39 - 00000680 _____ () C:\Users\Nino\AppData\Local\d3d9caps.dat Files to move or delete: ==================== C:\Users\Nino\CTX.DAT Some content of TEMP: ==================== C:\Users\Nino\AppData\Local\Temp\avgnt.exe C:\Users\Nino\AppData\Local\Temp\RtkBtMnt.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-19 20:46 ==================== End Of Log ============================ --- --- --- Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:18-06-2014
Ran by Nino at 2014-06-19 20:51:04
Running from C:\Users\Nino\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 2.8.4354 - Egis Inc.)
Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.4302 - Acer Inc.)
Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4301 - Acer Inc.)
Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.4303 - Acer Inc.)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.4310 - Acer Inc.)
Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.4300 - Acer Inc.)
Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4302 - Acer Inc.)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.4301 - Acer Inc.)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 2.11.20071207 - Acer Inc.)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.12.36 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM\...\{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}) (Version: 9.0.16.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.7.609 - Adobe Systems, Inc.)
AIO_Scan (Version: 90.0.222.000 - Hewlett-Packard) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - )
Amazon MP3-Downloader 1.0.9 (HKLM\...\Amazon MP3-Downloader) (Version: - )
AutoCAD Mechanical 2012 (HKLM\...\AutoCAD Mechanical 2012) (Version: 16.0.49.0 - Autodesk)
AutoCAD Mechanical 2012 (Version: 16.0.49.0 - Autodesk) Hidden
AutoCAD Mechanical 2012 Language Pack - Deutsch (Version: 16.0.49.0 - Autodesk) Hidden
Autodesk Content Service (HKLM\...\{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}) (Version: 2.0.90 - Autodesk)
Autodesk Design Review 2008 (HKLM\...\{FCF3DFF4-CB33-4343-9878-DEEC6D131DF8}) (Version: 4.0.0 - Autodesk, Inc.)
Autodesk Design Review 2010 (HKLM\...\Autodesk Design Review 2010) (Version: 10.0.0.108 - Autodesk, Inc.)
Autodesk Design Review 2010 (Version: 10.0.0.108 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion 2012 (HKLM\...\Autodesk Inventor Fusion 2012) (Version: 1.0.0.79 - Autodesk, Inc.)
Autodesk Inventor Fusion 2012 (Version: 1.0.0.79 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion 2012 Language Pack (Version: 1.0.0.79 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion plug-in for AutoCAD 2012 (HKLM\...\Autodesk Inventor Fusion Plugin for AutoCAD 2012) (Version: 0.0.1.138 - Autodesk)
Autodesk Inventor Fusion Plugin for AutoCAD 2012 (Version: 0.0.1.138 - Autodesk) Hidden
Autodesk Inventor Fusion Plugin Language Pack for AutoCAD 2012 (Version: 0.0.1.138 - Autodesk) Hidden
Autodesk Material Library 2012 (HKLM\...\{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}) (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2012 (HKLM\...\{65420DC9-306E-4371-905F-F4DC3B418E52}) (Version: 2.5.0.8 - Autodesk)
Autodesk Navisworks 2012 2004-6 DWG File Reader Runtimes (HKLM\...\{8C3B5851-5A51-4FF6-A3C8-3422EE2D0109}) (Version: 1.0.0 - Autodesk)
Autodesk Navisworks 2012 32 bit Exporter Plug-ins (HKLM\...\Autodesk Navisworks 2012 32 bit Exporter Plug-ins) (Version: 9.0.69.686 - Autodesk)
Autodesk Navisworks 2012 32 bit Exporter Plug-ins (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks 2012 32 bit Exporter Plug-ins Language Pack (Deutsch) (HKLM\...\{5EDF1B95-251E-0407-8232-38B90D666EE2}) (Version: 9.0.69.324 - Autodesk)
Autodesk Navisworks Freedom 2012 (HKLM\...\Autodesk Navisworks Freedom 2012) (Version: 9.0.69.686 - Autodesk)
Autodesk Navisworks Freedom 2012 (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks Freedom 2012 Language Pack (Deutsch) (HKLM\...\{4C5EBB8E-FE25-0407-ABF9-653822766EF5}) (Version: 9.0.69.324 - Autodesk)
Autodesk Navisworks Manage 2012 - 2004 DWG File Reader (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks Manage 2012 - 2005 DWG File Reader (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks Manage 2012 - 2006 DWG File Reader (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks Manage 2012 - 2007 DWG File Reader (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks Manage 2012 - 2008 DWG File Reader (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks Manage 2012 - 2009 DWG File Reader (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks Manage 2012 - 2010 DWG File Reader (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks Manage 2012 - 2011 DWG File Reader (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks Manage 2012 - 2012 DWG File Reader (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks Manage 2012 (HKLM\...\Autodesk Navisworks Manage 2012) (Version: 9.0.69.686 - Autodesk)
Autodesk Navisworks Manage 2012 (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks Manage 2012 Language Pack (Deutsch) (HKLM\...\{55533772-CCA4-0407-9D08-4BF031E3EE32}) (Version: 9.0.69.324 - Autodesk)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.4.672 - Avira)
Broadcom Gigabit Integrated Controller (HKLM\...\{FC57FC53-104C-415C-98D7-B05E659461A9}) (Version: 10.50.08 - Broadcom Corporation)
Brother MFL-Pro Suite DCP-145C (HKLM\...\{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Business Contact Manager für Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Cisco Systems VPN Client 5.0.06.0110 (HKLM\...\{08B785C1-3893-4154-B53B-F5D341D0AAAA}) (Version: 5.0.6 - Cisco Systems, Inc.)
Classic Menu 3.x for Office 2007 (HKLM\...\{409ECFF1-9CC7-43A8-B28A-B7F0B7CB04D1}_is1) (Version: - Addintools)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (Version: 90.0.146.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destination Component (Version: 090.000.091.086 - Hewlett-Packard) Hidden
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM\...\Dev-C++) (Version: - )
DeviceDiscovery (Version: 90.0.205.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.3.22 - DivX, LLC)
DJ_AIO_ProductContext (Version: 90.0.236.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (Version: 90.0.222.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (Version: 90.0.222.000 - Hewlett-Packard) Hidden
Driver Detective (HKLM\...\{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}) (Version: 7.0.0 - PC Drivers HeadQuarters)
Dropbox (HKCU\...\Dropbox) (Version: 1.2.51 - Dropbox, Inc.)
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version: - )
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
F4100 (Version: 90.0.222.000 - Hewlett-Packard) Hidden
F4100_doccd (Version: 90.0.222.000 - Hewlett-Packard) Hidden
F4100_Help (Version: 90.0.222.000 - Hewlett-Packard) Hidden
FARO LS 1.1.406.58 (HKLM\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
Free YouTube to MP3 Converter version 3.11.35.1031 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.35.1031 - DVDVideoSoft Ltd.)
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version: - )
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version: - )
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version: - )
HI-TECH C51-lite V9.60PL0 (HKLM\...\HC51 9.60PL0) (Version: 9.60 - HI-TECH Software)
HI-TECH PICC lite V9.60PL0 (HKLM\...\PICC 9.60PL0) (Version: 9.60 - HI-TECH Software)
HP Customer Participation Program 9.0 (HKLM\...\HPExtendedCapabilities) (Version: 9.0 - HP)
HP Deskjet All-In-One Software 9.0 (HKLM\...\{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}) (Version: 9.0 - HP)
HP Imaging Device Functions 9.0 (HKLM\...\HP Imaging Device Functions) (Version: 9.0 - HP)
HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
HP Photosmart Essential2.01 (Version: 1.01.0000 - Hewlett-Packard) Hidden
HP Smart Web Printing (HKLM\...\{415CDA53-9100-476F-A7B2-476691E117C7}) (Version: 2.15.7.0 - Ihr Firmenname)
HP Solution Center 9.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 9.0 - HP)
HP Update (HKLM\...\{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}) (Version: 4.000.006.003 - Hewlett-Packard)
HPProductAssistant (Version: 90.0.146.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Ihr Firmenname)
ICQ7.4 (HKLM\...\{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}) (Version: 7.4 - ICQ)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
ITI SimulationX 3.4 (HKLM\...\ITI SimulationX 3.4) (Version: 3.4.404.55 - ITI GmbH)
ITI SimulationX 3.4 (Version: 3.4.404.55 - ITI GmbH) Hidden
Japanese Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-5760-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
Java 2 Runtime Environment, SE v1.4.2_05 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142050}) (Version: 1.4.2_05 - Sun Microsystems, Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Join Air (HKLM\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.1 - ZTE Corporation)
Launch Manager (HKLM\...\LManager) (Version: - )
LightScribe 1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (Version: 90.0.146.000 - Hewlett-Packard) Hidden
McAfee Security Scan (HKLM\...\McAfee Security Scan) (Version: - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Age of Empires II (HKLM\...\Age of Empires 2.0) (Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{FDE96E86-7780-431C-92F7-679C6A7CEC51}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0407-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Microsoft WSE 3.0 (HKLM\...\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}) (Version: 3.0.5305.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
National Instruments-Software (HKLM\...\NI Uninstaller) (Version: - National Instruments)
NI Circuit Design Suite 10.1 Core (Version: 10.1.197 - National Instruments) Hidden
NI Circuit Design Suite 10.1 Edu Licenses (Version: 10.1.197 - National Instruments) Hidden
NI Circuit Design Suite 10.1 Education (Version: 10.1.197 - National Instruments) Hidden
NI DN 2.0 installer (Version: 2.00.49154 - National Instruments) Hidden
NI EULA Depot (Version: 2.51.88 - National Instruments) Hidden
NI Help Assistant (Version: 1.0.10 - National Instruments) Hidden
NI LabVIEW Real-Time FIFO for Runtime (Version: 8.2.74.0 - National Instruments) Hidden
NI LabVIEW Real-Time FIFO for Runtime (Version: 8.5.264.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 8.2.1 (Version: 8.2.379.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 8.5.1 (Version: 8.5.306.0 - National Instruments) Hidden
NI LabWindows/CVI 8.1.1 Run-Time Engine (Version: 8.1.1361 - National Instruments) Hidden
NI License Manager (Version: 3.2.1026 - National Instruments) Hidden
NI Logos 4.9.1 (Version: 4.9.105.0 - National Instruments) Hidden
NI Logos XT Support (Version: 4.9.44.0 - National Instruments) Hidden
NI Math Kernel Libraries (Version: 1.0.861.0 - National Instruments) Hidden
NI MDF Support (Version: 2.51.88 - National Instruments) Hidden
NI MetaSuite Installer (Version: 2.51.93 - National Instruments) Hidden
NI Service Locator (Version: 8.5.160.0 - National Instruments) Hidden
NI TDMS (Version: 1.1.286.0 - National Instruments) Hidden
NI Uninstaller (Version: 2.51.88 - National Instruments) Hidden
NI Update Service 1.0 (Version: 1.0.254.0 - National Instruments) Hidden
NI Update Service Extras 1.0 (Version: 1.0.257.0 - National Instruments) Hidden
NI USI 1.5.0 (Version: 1.5.03128 - National Instruments) Hidden
NI VC2005MSMs x86 (Version: 8.01.2 - National Instruments) Hidden
Nokia Connectivity Cable Driver (HKLM\...\{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}) (Version: 7.0.2.0 - Nokia)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.0.8.2 - Nokia)
Nokia PC Suite (Version: 7.0.8.2 - Nokia) Hidden
NTI Backup NOW! 4.7 (HKLM\...\InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}) (Version: 1.00.0000 - NewTech Infosystems)
NTI Backup NOW! 4.7 (Version: 1.00.0000 - NewTech Infosystems) Hidden
NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden
NTI Shadow (HKLM\...\InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}) (Version: 3.7.6.37 - NewTech Infosystems)
NTI Shadow (Version: 3.7.6.37 - NewTech Infosystems) Hidden
OpenOffice.org 3.1 (HKLM\...\{D765F1CE-5AE5-4C47-B134-AE58AC474740}) (Version: 3.1.9399 - OpenOffice.org)
PaperPort Image Printer (HKLM\...\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PC Connectivity Solution (HKLM\...\{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}) (Version: 8.22.4.0 - Nokia)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.32.3730a.0 - CyberLink Corporation)
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5543 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Scan (Version: 9.0.0.0 - Hewlett-Packard) Hidden
ScanSoft PaperPort 11 (HKLM\...\{7A8FF745-BBC5-482B-88E4-18D3178249A9}) (Version: 11.1.0000 - Nuance Communications, Inc.)
SCwin_April201004-03 (Version: 2000.11.28 - SOLAR-COMPUTER GmbH) Hidden
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SOLAR-COMPUTER-Software (HKLM\...\SOLAR-COMPUTER-Software) (Version: - )
SolutionCenter (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Status (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.15.0 - Synaptics)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}) (Version: 2.00.0002 - Texas Instruments Inc.)
TIPCI (Version: 2.00.0002 - Texas Instruments Inc.) Hidden
Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
TrayApp (Version: 90.0.146.000 - Hewlett-Packard) Hidden
TuneUp Utilities 2008 (HKLM\...\{5888428E-699C-4E71-BF71-94EE06B497DA}) (Version: 7.0.7991 - TuneUp Software)
UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B7EF38F7-1D58-4085-A9A4-0F6C69A5AA1E}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VBA (2701.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
VLC media player 0.9.9 (HKLM\...\VLC media player) (Version: 0.9.9 - VideoLAN Team)
WebReg (Version: 90.0.146.000 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software 6.1.0.2000 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.1.0.2000 - Broadcom Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Nokia Modem (05/22/2008 3.8) (HKLM\...\C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD) (Version: 05/22/2008 3.8 - Nokia)
Windows-Treiberpaket - Nokia Modem (05/22/2008 7.00.0.1) (HKLM\...\9CD348AE9C64C4B939B624E8E24F3903EFDFC82B) (Version: 05/22/2008 7.00.0.1 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) (HKLM\...\3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F) (Version: 10/12/2007 6.85.4.0 - Nokia)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Wolfram Mathematica 7 (M-WIN-L 7.0.0 1148351) (HKLM\...\M-WIN-L 7.0.0 1148351_is1) (Version: 7.0.0 - Wolfram Research, Inc.)
Wolfram Notebook Indexer 2.0 (HKLM\...\{C260343B-6282-42A2-939F-1FF7E503F608}) (Version: 2.17.34091 - Wolfram Research)
==================== Restore Points =========================
01-06-2014 18:45:08 Geplanter Prüfpunkt
03-06-2014 16:10:02 Windows Update
05-06-2014 19:23:05 Geplanter Prüfpunkt
09-06-2014 11:41:56 Windows Update
11-06-2014 19:30:14 Geplanter Prüfpunkt
12-06-2014 16:22:02 Windows Update
13-06-2014 18:00:58 Geplanter Prüfpunkt
14-06-2014 11:49:43 Geplanter Prüfpunkt
16-06-2014 16:26:25 Geplanter Prüfpunkt
17-06-2014 16:43:29 Windows Update
19-06-2014 04:56:30 Geplanter Prüfpunkt
19-06-2014 18:08:18 zoek.exe restore point
==================== Hosts content: ==========================
2006-11-02 12:23 - 2014-06-19 17:37 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1F2C8526-DD5D-4840-96D9-2CA30A29F2F6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4257226603-2756161322-550577746-1003UA => C:\Users\Nino\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-18] (Google Inc.)
Task: {2F42B42E-8675-4E00-BF7B-65412847518D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-12] (Adobe Systems Incorporated)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3DD0E0B1-A409-4E7E-B238-7157DBEB32E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-06] (Google Inc.)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {4AB13B90-3AA7-406C-8474-F9E19733295D} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {561C5E75-6A15-4E5D-832D-AB8474C9DB6F} - System32\Tasks\{3E3E5669-F14D-4C70-A717-4878AFE47DB1} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.0.158/de/eula
Task: {796764E4-B0B6-42FD-8917-1C8B1A65C2F4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-06] (Google Inc.)
Task: {93D14E32-3894-4ECD-AA08-7934BAF63A64} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4257226603-2756161322-550577746-1003Core => C:\Users\Nino\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-18] (Google Inc.)
Task: {AB3F5269-22D2-474B-A197-4E0374595526} - System32\Tasks\1-Klick-Wartung => C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-08-21] (TuneUp Software GmbH)
Task: {C5C7D163-BF3C-4347-A4CB-19BF49F48DC6} - System32\Tasks\{FC7763AD-81ED-4BAC-BFF7-CFAC70F59F5C} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.0.158/de/privacy
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\1-Klick-Wartung.job => C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4257226603-2756161322-550577746-1003Core.job => C:\Users\Nino\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4257226603-2756161322-550577746-1003UA.job => C:\Users\Nino\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{CFFA0713-7CE4-4E47-A2F3-3D61073123BF}.job => C:\Windows\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) =============
2008-12-05 00:46 - 2008-09-16 21:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2011-07-26 21:42 - 2010-06-17 21:56 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2011-02-02 14:08 - 2011-02-02 14:08 - 00018656 _____ () C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
2009-08-23 21:41 - 2009-08-23 21:41 - 00197424 _____ () C:\Windows\system32\vpnapi.dll
2008-07-26 05:11 - 2007-11-27 18:54 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2008-07-26 05:11 - 2007-11-27 15:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2010-03-28 08:51 - 2009-08-31 10:43 - 00241664 _____ () C:\Program Files\Join Air\AssistantServices.exe
2008-07-26 05:09 - 2007-02-13 06:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
2008-07-26 05:09 - 2007-02-13 06:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\IERYETF.dll
2008-07-26 05:10 - 2007-12-19 18:09 - 00024576 _____ () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
2008-07-26 05:10 - 2007-12-19 18:09 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll
2008-07-26 05:10 - 2007-12-19 18:08 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll
2008-01-03 02:00 - 2008-01-03 02:00 - 00227888 _____ () C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
2008-07-26 13:49 - 2003-06-07 23:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2010-03-28 08:51 - 2009-08-31 10:43 - 00132608 _____ () C:\Program Files\Join Air\UIExec.exe
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:D282699C
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
Name: Microsoft-6zu4-Adapter #2
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Microsoft-ISATAP-Adapter #3
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Microsoft-ISATAP-Adapter
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Microsoft-ISATAP-Adapter #4
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Microsoft-ISATAP-Adapter #5
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Microsoft-ISATAP-Adapter #6
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/19/2014 08:39:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/19/2014 07:31:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/19/2014 06:34:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/19/2014 06:24:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/19/2014 05:03:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/19/2014 06:01:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/18/2014 11:11:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/18/2014 10:48:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/18/2014 10:37:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/18/2014 05:45:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (06/19/2014 08:39:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/19/2014 08:39:18 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT-AUTORITÄT)
Description: 2147942402
Error: (06/19/2014 08:20:59 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
Error: (06/19/2014 08:20:58 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
Error: (06/19/2014 08:20:57 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
Error: (06/19/2014 08:20:56 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
Error: (06/19/2014 08:20:56 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
Error: (06/19/2014 07:31:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/19/2014 07:31:01 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT-AUTORITÄT)
Description: 2147942402
Error: (06/19/2014 06:34:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Microsoft Office Sessions:
=========================
Error: (02/15/2011 00:30:47 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 74 seconds with 60 seconds of active time. This session ended with a crash.
Error: (01/11/2010 10:29:03 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 21 seconds with 0 seconds of active time. This session ended with a crash.
Error: (01/10/2010 02:04:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6324.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash.
Error: (01/10/2010 01:58:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6324.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.
Error: (01/10/2010 01:58:24 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6324.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.
Error: (01/10/2010 01:58:10 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6324.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.
Error: (11/12/2008 09:16:54 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 8 seconds with 0 seconds of active time. This session ended with a crash.
Error: (10/16/2008 00:29:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 480 seconds with 180 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-06-19 20:50:48.463
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-19 20:50:48.221
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-19 20:50:47.960
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-19 20:50:47.671
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-19 20:42:35.984
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-19 19:51:20.412
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-19 19:51:20.173
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-19 19:51:19.932
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-19 19:51:19.693
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-19 19:46:09.081
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 45%
Total physical RAM: 3061.68 MB
Available physical RAM: 1682.75 MB
Total Pagefile: 6332.39 MB
Available Pagefile: 4587.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907.42 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:223.12 GB) (Free:41.68 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:3.01 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 9AA4CFAF)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=223 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Geändert von NinoW (19.06.2014 um 20:27 Uhr) |
|
20.06.2014, 13:20
| #2 |
| /// TB-Ausbilder   | PC hat eigenmächtig Internetseite h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad geöffnet Noch Probleme mit der Seite nach den folgenden Schritten? Wenn ja, in welchem Browser?
__________________Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern. Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
FF Extension: {572ae458-3f7c-4678-aa10-b22b5979d2c1} - C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\Extensions\{572ae458-3f7c-4678-aa10-b22b5979d2c1}.xpi [2013-10-30]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
C:\Users\Nino\CTX.DAT
Reboot:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
|
| Themen zu PC hat eigenmächtig Internetseite h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad geöffnet |
| 4d36e972-e325-11ce-bfc1-08002be10318, 98uj8.de, antivirus, association, avira, computer, converter, desktop, device driver, dvdvideosoft ltd., education, email, excel, firefox, flash player, google, home, homepage, langsam, launch, logfile, microsoft-6zu4-adapter, mozilla, mp3, national, popup, realtek, registry, required, rundll, safer networking, server, software, svchost.exe, system, watch4.de, windows |
Hybrid-Darstellung
