| |
| |||||||
Log-Analyse und Auswertung: Windows XP Avast: Win32:Evo-gen [Susp]Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.08.2014, 00:23
| #1 |
 | ![Windows XP Avast: Win32:Evo-gen [Susp] - Standard](images/icons/icon1.gif){kind=icon} Windows XP Avast: Win32:Evo-gen [Susp] Hallo! Ich weiß, dass Windows XP schon veraltet ist, aber auf diesem Rechner läuft eigentlich so vieles das ich benötige und bisher gabe es keine Probleme. Ich hoffe, dass Windows XP hier auch noch unterstützt wird.... Begonnen hat alles mit einem Problem meiner Palm-Software, dass beim Synchronisieren ein Fehler bei der Datei EASNotify.dll gemeldet wurde. Ich habe auch schon mehrfach versucht, das System auf einen früheren Zeitpunkt zurückzusetzen - leider immer ohne Erfolg. Es kam immer die Meldung, dass auf diesen Zeitpunkt nicht aufgesetzt werden kann! Das beunruhigt mich eigentlich auch sehr... Installiert ist das Windows XP SP3 mit allen bis zuletzt vorhandenen Updates. Als AV verwende ich AVAST Free Antivirus 2014. Hier ein Auszug aus dem Avast Virus Container: (leider keine Downloadmöglichkeit gefunden und Strg-C funktioniert auch nicht) Name / Ursprünglicher Ort / Letzte Änderung / Transferzeit / Virus regjster.exe / C:\Programme\Palm / 08.08.2005 11:36:14 / 19.08.2014 20:33:02 / Win32:Evo-gen [Susp] Hier meine Logfiles: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:26 on 19/08/2014 (gb63)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Habe ich dadurch jetzt was auf meinem PC zerstört? Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2014 01
Ran by gb63 (administrator) on GB-HOME on 19-08-2014 21:28:36
Running from C:\Dokumente und Einstellungen\Gerhard\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Cisco Systems, Inc.) C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(AVAST Software) C:\Programme\Alwil Software\Avast5\AvastSvc.exe
(Broadcom Corporation.) C:\Programme\Belkin\Bluetooth Software\bin\btwdins.exe
(Oracle Corporation) C:\Programme\Java\jre7\bin\jqs.exe
(Prolific Technology Inc.) C:\WINDOWS\system32\IoctlSvc.exe
(Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Skype Technologies S.A.) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Programme\TeamViewer\Version9\TeamViewer_Service.exe
(TomTom) C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
(VMware, Inc.) C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe
(VMware, Inc.) C:\WINDOWS\system32\vmnat.exe
(VMware, Inc.) C:\Programme\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\WINDOWS\system32\vmnetdhcp.exe
(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
(InstallShield Software Corporation) C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
(Hewlett-Packard) C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
() C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
(shbox.de) C:\Programme\FreePDF_XP\fpassist.exe
(VMware, Inc.) C:\Programme\VMware\VMware Player\hqtray.exe
(RealNetworks, Inc.) C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
(Sony Corporation) C:\Programme\Sony\Content Transfer\ContentTransferWMDetector.exe
(AVAST Software) C:\Programme\Alwil Software\Avast5\avastui.exe
(Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Programme\HP\HP Software Update\hpwuschd2.exe
(Broadcom Corporation.) C:\Programme\Belkin\Bluetooth Software\BTTray.exe
(PalmSource, Inc) C:\Programme\Palm\Hotsync.exe
(Logitech, Inc.) C:\Programme\Logitech\SetPoint\SetPoint.exe
(Microsoft Corporation) C:\Programme\Windows Desktop Search\WindowsSearch.exe
(Microsoft Corporation) C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Logitech, Inc.) C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
Winlogon\Notify\ckpNotify: C:\WINDOWS\SYSTEM32\ckpNotify.dll (Check Point Software Technologies)
Winlogon\Notify\LBTWlgn: c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk
ShortcutTarget: BTTray.lnk -> C:\Programme\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HotSync.lnk
ShortcutTarget: HotSync.lnk -> C:\Programme\Palm\Hotsync.exe (PalmSource, Inc)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HOTSYNCSHORTCUTNAME.lnk
ShortcutTarget: HOTSYNCSHORTCUTNAME.lnk -> C:\Programme\Palm\Hotsync.exe (PalmSource, Inc)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Programme\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Dokumente und Einstellungen\Gerhard\Startmenü\Programme\Autostart\Microsoft Outlook.lnk
ShortcutTarget: Microsoft Outlook.lnk -> C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation)
Startup: C:\Dokumente und Einstellungen\Gerhard\Startmenü\Programme\Autostart\Tintenwarnungen überwachen - HP Photosmart 5520 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Photosmart 5520 series.lnk -> C:\Programme\HP\HP Photosmart 5520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Programme\Alwil Software\Avast5\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://ie.search.msn.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {D3779843-5AAF-4907-98F1-01BC045E878C} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {D3779843-5AAF-4907-98F1-01BC045E878C} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Programme\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: IEExtension.VDownloaderBHO -> {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} -> C:\WINDOWS\SYSTEM32\mscoree.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name -> {ffbb88a9-c663-4b9b-9170-70fa0a5a2786} -> No File
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} hxxp://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} hxxp://viesh-win0032.pdrive.local/CitrixSessionInit/ICAWEB/de/ica32/wficat.cab
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://mas.voestalpine.com/vdesk/terminal/urxvpn.cab#version=7000,2013,918,512
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://mas.voestalpine.com/vdesk/terminal/f5tunsrv.cab#version=7000,2013,426,1901
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://mas.voestalpine.com/vdesk/terminal/InstallerControl.cab#version=7000,2013,0426,1915
DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} https://mas.voestalpine.com/vdesk/terminal/f5InspectionHost.cab#version=7000,2013,0426,1847
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://www.bitdefender.de/scan_de/scan8/oscan8.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} https://mas.voestalpine.com/vdesk/terminal/urTermProxy.cab#version=6020,2009,0312,0403
DPF: {7E0FDFBB-87D4-43A1-9AD4-41F0EA8AFF7B} https://citrix.pdrive.com/net6helper.cab
DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} https://mas.voestalpine.com/vdesk/terminal/vdeskctrl.cab#Version=7000,2013,0426,1859
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://mas.voestalpine.com/vdesk/terminal/urxshost.cab#version=7000,2013,426,1858
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://engine.netanday.it/ajax_webcam/codec/AMC.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://mas.voestalpine.com/vdesk/terminal/urxhost.cab#version=7000,2013,426,1913
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} https://mas.voestalpine.com/policy/download_binary.php/win32/f5syschk.cab#Version=7000,2013,0426,1901
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ras-eu.besi.com/dana-cached/sc/JuniperSetupClient.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\programme\sap\frontend\sapgui\saphtmlp.dll (SAP AG, Walldorf)
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\programme\sap\frontend\sapgui\saphtmlp.dll (SAP AG, Walldorf)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog9 09 C:\Programme\VMware\VMware Player\vsocklib.dll [338480] (VMware, Inc.)
Winsock: Catalog9 10 C:\Programme\VMware\VMware Player\vsocklib.dll [338480] (VMware, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Gerhard\Anwendungsdaten\Mozilla\Firefox\Profiles\j2pymkyq.default-1402502459187
FF DefaultSearchEngine: Google.at
FF SelectedSearchEngine: Google.at
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @Citrix.com/npican -> C:\Programme\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Programme\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Programme\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Programme\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin: @real.com/nppl3260;version=6.0.12.709 -> c:\programme\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.709 -> c:\programme\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.709 -> c:\programme\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programme\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programme\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: vitzo.com/VDownloader -> C:\Programme\VDownloader\Addons\npVDownloader.dll No File
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\confmgr.dll ()
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\ctxlogging.dll ()
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\msvcm80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\msvcp80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\msvcr80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: F5 Networks Host Plugin - C:\Dokumente und Einstellungen\Gerhard\Anwendungsdaten\Mozilla\Firefox\Profiles\j2pymkyq.default-1402502459187\Extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52} [2014-06-23]
FF Extension: Skype Click to Call - C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-22]
FF Extension: Java Console - C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-07-22]
FF Extension: Java Console - C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-07-22]
FF Extension: Java Console - C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-07-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-08-18]
FF HKLM\...\Firefox\Extensions: [support@vdownloader.com] - C:\Programme\VDownloader\Addons\FireFox
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Programme\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Programme\Alwil Software\Avast5\WebRep\FF [2011-04-24]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eoccbpoodnckjdnackiffhjfkogfhnhh] - C:\Programme\VDownloader\Addons\Chrome.crx []
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Programme\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-07-04]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Programme\Alwil Software\Avast5\AvastSvc.exe [50344 2014-07-04] (AVAST Software)
R2 btwdins; C:\Programme\Belkin\Bluetooth Software\bin\btwdins.exe [266295 2006-06-07] (Broadcom Corporation.) [File not signed]
S2 gupdate1c9b5f28f2902f4; C:\Programme\Google\Update\GoogleUpdate.exe [133104 2009-04-05] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [133104 2009-04-05] (Google Inc.)
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Programme\Java\jre7\bin\jqs.exe [182696 2014-08-11] (Oracle Corporation)
S3 LBTServ; C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe [121360 2009-02-19] (Logitech, Inc.)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [119408 2014-07-22] (Mozilla Foundation)
S3 NBService; C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe [800040 2008-04-08] (Nero AG)
S3 NetSvc; C:\Programme\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel(R) Corporation) [File not signed]
S3 NMIndexingService; C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
R2 PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 SDScannerService; C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Skype C2C Service; C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
S2 SkypeUpdate; C:\Programme\Skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
S3 SR_Service; C:\Programme\CheckPoint\SecuRemote\bin\SR_Service.exe [110691 2006-04-09] (Check Point Software Technologies) [File not signed]
S3 SR_WatchDog; C:\Programme\CheckPoint\SecuRemote\bin\SR_WatchDog.exe [36964 2006-04-09] (Check Point Software Technologies) [File not signed]
R2 TeamViewer9; C:\Programme\TeamViewer\Version9\TeamViewer_Service.exe [5341536 2013-12-17] (TeamViewer GmbH)
R2 TomTomHOMEService; C:\Programme\TomTom HOME 2\TomTomHOMEService.exe [93040 2014-06-05] (TomTom)
S3 ufad-ws60; C:\Programme\VMware\VMware Player\vmware-ufad.exe [191024 2009-10-12] (VMware, Inc.)
R2 VMAuthdService; C:\Programme\VMware\VMware Player\vmware-authd.exe [113200 2010-01-22] (VMware, Inc.)
R2 VMnetDHCP; C:\WINDOWS\system32\vmnetdhcp.exe [334384 2010-01-22] (VMware, Inc.)
R2 VMUSBArbService; C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe [563760 2010-01-22] (VMware, Inc.)
R2 VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [395824 2010-01-22] (VMware, Inc.)
R2 vpnagent; C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [493248 2009-10-09] (Cisco Systems, Inc.)
S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [82380 2009-04-23] (Oak Technology Inc.) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-04] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-04] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-04] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-04] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-07-04] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-04] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-04] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-04] ()
R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [329901 2006-06-07] (Broadcom Corporation.) [File not signed]
S3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [30459 2006-06-07] (Broadcom Corporation.) [File not signed]
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [855018 2006-06-07] (Broadcom Corporation.) [File not signed]
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [149028 2006-06-07] (Broadcom Corporation.) [File not signed]
S3 btwhid; C:\WINDOWS\System32\DRIVERS\btwhid.sys [47811 2006-06-07] (Broadcom Corporation.) [File not signed]
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [67384 2006-06-07] (Broadcom Corporation.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R2 CP_OMDRV; C:\WINDOWS\System32\drivers\omdrv.sys [36400 2006-04-09] (Check Point Software Technologies) [File not signed]
R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2005-09-08] (Sonic Solutions) [File not signed]
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5628 2005-08-25] (Sonic Solutions) [File not signed]
R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2005-09-08] (Sonic Solutions) [File not signed]
R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86524 2005-09-08] (Sonic Solutions) [File not signed]
R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2005-09-08] (Sonic Solutions) [File not signed]
R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2005-09-08] (Sonic Solutions) [File not signed]
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-08-25] (Sonic Solutions) [File not signed]
R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2005-09-08] (Sonic Solutions) [File not signed]
R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2005-09-08] (Sonic Solutions) [File not signed]
R0 DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [89264 2005-09-12] (Sonic Solutions) [File not signed]
R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions) [File not signed]
S3 f5ipfw; C:\WINDOWS\system32\drivers\urfltw2k.sys [11664 2013-09-17] (F5 Networks, Inc.)
R3 FW1; C:\WINDOWS\System32\DRIVERS\fw.sys [2234320 2006-04-09] (Check Point Software Technologies)
R2 hcmon; C:\WINDOWS\system32\drivers\hcmon.sys [32304 2010-01-22] (VMware, Inc.)
S3 Jukebox3; C:\WINDOWS\System32\DRIVERS\ctpdusb.sys [16880 2004-09-30] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 Net6IM; C:\WINDOWS\System32\DRIVERS\net6im51.sys [46448 2007-07-13] (Citrix Systems, Inc.)
R1 PQNTDrv; C:\WINDOWS\system32\Drivers\PQNTDrv.sys [4228 2002-09-16] (PowerQuest Corporation) [File not signed]
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1047816 2005-11-16] (SigmaTel, Inc.)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
R3 urvpndrv; C:\WINDOWS\System32\DRIVERS\covpndrv.sys [37456 2013-04-01] (F5 Networks, Inc.)
R3 vmkbd; C:\WINDOWS\system32\drivers\VMkbd.sys [23216 2010-01-22] (VMware, Inc.)
R3 VMnetAdapter; C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys [16560 2010-01-22] (VMware, Inc.)
R2 VMnetBridge; C:\WINDOWS\System32\DRIVERS\vmnetbridge.sys [32688 2010-01-22] (VMware, Inc.)
R2 VMnetuserif; C:\WINDOWS\system32\drivers\vmnetuserif.sys [26288 2010-01-22] (VMware, Inc.)
R2 vmx86; C:\WINDOWS\system32\Drivers\vmx86.sys [854192 2010-01-22] (VMware, Inc.)
R2 VNASC; C:\WINDOWS\System32\DRIVERS\vnasc.sys [109072 2006-04-09] (Check Point Software Technologies)
R2 VPN-1; C:\WINDOWS\System32\drivers\vpn.sys [671472 2006-04-09] (Check Point Software Technologies) [File not signed]
R2 vstor2-ws60; C:\Programme\VMware\VMware Player\vstor2-ws60.sys [22448 2009-10-12] (VMware, Inc.)
S3 dsNcAdpt; system32\DRIVERS\dsNcAdpt.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 PalmUSBD; system32\drivers\PalmUSBD.sys [X]
S1 SABKUTIL; \??\C:\Programme\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [X]
S3 SABProcEnum; \??\C:\Programme\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-19 21:28 - 2014-08-19 21:29 - 00030868 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\FRST.txt
2014-08-19 21:28 - 2014-08-19 21:28 - 00000000 ____D () C:\FRST
2014-08-19 21:27 - 2014-08-19 21:28 - 01093632 _____ (Farbar) C:\Dokumente und Einstellungen\Gerhard\Desktop\FRST.exe
2014-08-19 21:26 - 2014-08-19 21:27 - 00000248 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\defogger_enable.log
2014-08-19 21:26 - 2014-08-19 21:26 - 00000476 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\defogger_disable.log
2014-08-19 21:25 - 2014-08-19 21:25 - 00050477 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\Defogger.exe
2014-08-19 21:02 - 2014-08-19 21:02 - 01101648 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\HijackThis - CHIP-Installer.exe
2014-08-19 20:46 - 2014-08-19 20:46 - 00000000 ____D () C:\WINDOWS\Hewlett-Packard
2014-08-18 16:00 - 2014-08-19 20:46 - 00000000 ____D () C:\Dokumente und Einstellungen\Gerhard\Lokale Einstellungen\Anwendungsdaten\Adobe
2014-08-13 19:55 - 2014-07-30 19:12 - 00454443 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140813-195521.backup
2014-08-11 12:16 - 2014-08-11 12:16 - 00000000 ____D () C:\Programme\Gemeinsame Dateien\Java
2014-08-11 12:15 - 2014-08-11 12:15 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-08-11 12:15 - 2014-08-11 12:15 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-08-11 12:15 - 2014-08-11 12:15 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-08-11 12:15 - 2014-08-11 12:15 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-08-11 12:15 - 2014-08-11 12:15 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-08-11 12:15 - 2014-08-11 12:15 - 00000000 ____D () C:\Programme\Java
2014-08-11 12:15 - 2014-08-11 12:15 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Java
2014-07-30 19:12 - 2014-07-29 19:54 - 00454441 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140730-191201.backup
2014-07-22 18:58 - 2014-07-22 18:58 - 00000000 ____D () C:\Programme\Mozilla Firefox
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-19 21:29 - 2014-08-19 21:28 - 00030868 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\FRST.txt
2014-08-19 21:29 - 2006-03-13 22:58 - 00000000 ____D () C:\Dokumente und Einstellungen\Gerhard\Lokale Einstellungen\Temp
2014-08-19 21:28 - 2014-08-19 21:28 - 00000000 ____D () C:\FRST
2014-08-19 21:28 - 2014-08-19 21:27 - 01093632 _____ (Farbar) C:\Dokumente und Einstellungen\Gerhard\Desktop\FRST.exe
2014-08-19 21:27 - 2014-08-19 21:26 - 00000248 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\defogger_enable.log
2014-08-19 21:26 - 2014-08-19 21:26 - 00000476 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\defogger_disable.log
2014-08-19 21:26 - 2006-03-13 22:58 - 00000000 ____D () C:\Dokumente und Einstellungen\Gerhard
2014-08-19 21:25 - 2014-08-19 21:25 - 00050477 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\Defogger.exe
2014-08-19 21:11 - 2009-06-24 22:06 - 00001090 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-19 21:02 - 2014-08-19 21:02 - 01101648 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\HijackThis - CHIP-Installer.exe
2014-08-19 20:49 - 2012-07-06 07:50 - 00000358 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-08-19 20:49 - 2012-03-30 17:49 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-19 20:49 - 2010-01-20 16:28 - 01572788 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-19 20:49 - 2008-02-01 11:06 - 00000000 ____D () C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\VMware
2014-08-19 20:49 - 2008-02-01 11:05 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VMware
2014-08-19 20:49 - 2004-08-13 14:40 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-19 20:48 - 2014-05-02 19:37 - 00000636 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-08-19 20:48 - 2014-03-28 20:18 - 00000226 _____ () C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Benachrichtigung – Anmeldung.job
2014-08-19 20:48 - 2010-03-14 20:11 - 00000274 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2999297034-267916414-2314848737-1005.job
2014-08-19 20:48 - 2010-01-20 16:33 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-19 20:48 - 2010-01-20 16:33 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-08-19 20:48 - 2009-06-24 22:06 - 00001086 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-19 20:47 - 2007-09-26 21:49 - 01627968 _____ () C:\WINDOWS\system32\ckpNotify.log
2014-08-19 20:47 - 2004-08-13 15:00 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-19 20:46 - 2014-08-19 20:46 - 00000000 ____D () C:\WINDOWS\Hewlett-Packard
2014-08-19 20:46 - 2014-08-18 16:00 - 00000000 ____D () C:\Dokumente und Einstellungen\Gerhard\Lokale Einstellungen\Anwendungsdaten\Adobe
2014-08-19 20:46 - 2014-05-03 16:04 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\HP
2014-08-19 20:46 - 2013-08-15 11:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-19 20:46 - 2006-03-14 03:14 - 00000000 ____D () C:\Programme\Palm
2014-08-19 20:46 - 2006-03-14 03:10 - 00000000 ____D () C:\Dokumente und Einstellungen\Gerhard\Startmenü\Programme\Palm
2014-08-19 20:46 - 2004-08-13 14:47 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
2014-08-19 20:46 - 2004-08-13 14:47 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2014-08-19 20:46 - 2004-08-13 14:47 - 00000000 ____D () C:\Programme
2014-08-19 20:45 - 2012-11-20 07:44 - 00393216 _____ () C:\WINDOWS\system32\config\VPN.evt
2014-08-19 20:45 - 2010-01-20 16:33 - 00032600 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-19 20:28 - 2006-03-14 03:10 - 00001595 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\Palm Desktop.lnk
2014-08-19 20:23 - 2006-03-14 01:04 - 00000000 ____D () C:\Transfer
2014-08-18 16:27 - 2006-03-13 22:58 - 00000300 ___SH () C:\Dokumente und Einstellungen\Gerhard\ntuser.ini
2014-08-18 16:02 - 2009-10-30 14:03 - 00000000 ____D () C:\Dokumente und Einstellungen\Gerhard\Lokale Einstellungen\Anwendungsdaten\FreePDF_XP
2014-08-18 16:02 - 2009-10-30 12:58 - 00015721 _____ () C:\fpRedmon.log
2014-08-18 13:23 - 2012-03-30 17:49 - 00699568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-08-18 13:23 - 2011-05-13 17:18 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-08-18 13:22 - 2014-05-03 16:04 - 00000000 ____D () C:\Dokumente und Einstellungen\Gerhard\Anwendungsdaten\HpUpdate
2014-08-13 18:28 - 2006-03-13 23:24 - 96303304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-11 19:18 - 2011-08-15 12:07 - 00000000 ____D () C:\Dokumente und Einstellungen\Gerhard\Anwendungsdaten\Skype
2014-08-11 18:12 - 2012-11-17 15:35 - 00000276 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-08-11 12:16 - 2014-08-11 12:16 - 00000000 ____D () C:\Programme\Gemeinsame Dateien\Java
2014-08-11 12:15 - 2014-08-11 12:15 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-08-11 12:15 - 2014-08-11 12:15 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-08-11 12:15 - 2014-08-11 12:15 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-08-11 12:15 - 2014-08-11 12:15 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-08-11 12:15 - 2014-08-11 12:15 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-08-11 12:15 - 2014-08-11 12:15 - 00000000 ____D () C:\Programme\Java
2014-08-11 12:15 - 2014-08-11 12:15 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Java
2014-08-10 13:21 - 2008-06-03 19:56 - 00000000 ____D () C:\Dokumente und Einstellungen\Gerhard\Anwendungsdaten\Mp3tag
2014-08-09 18:35 - 2007-09-26 21:49 - 00000000 __SHD () C:\WINDOWS\CSC
2014-08-09 12:00 - 2014-02-23 19:49 - 00000718 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\calibre - E-book management.lnk
2014-08-09 12:00 - 2014-02-23 19:49 - 00000000 ____D () C:\Programme\Calibre2
2014-08-09 12:00 - 2014-02-23 19:49 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\calibre - E-book Management
2014-08-08 08:37 - 2011-08-15 12:07 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
2014-08-07 12:43 - 2014-05-02 19:37 - 00000000 ____D () C:\Programme\Spybot - Search & Destroy 2
2014-08-04 08:25 - 2006-03-14 01:04 - 00000000 ____D () C:\Temp
2014-08-01 16:53 - 2010-03-14 20:11 - 00000282 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2999297034-267916414-2314848737-1005.job
2014-07-30 19:12 - 2014-08-13 19:55 - 00454443 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140813-195521.backup
2014-07-29 19:54 - 2014-07-30 19:12 - 00454441 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140730-191201.backup
2014-07-29 19:53 - 2006-03-14 04:21 - 00000000 ____D () C:\Dokumente und Einstellungen\Gerhard\SapWorkDir
2014-07-28 10:31 - 2008-06-12 17:32 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-07-25 07:26 - 2010-11-14 12:04 - 00000000 ____D () C:\Programme\Microsoft Silverlight
2014-07-24 18:03 - 2010-11-14 12:04 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Silverlight
2014-07-23 18:19 - 2012-04-25 10:40 - 00000000 ____D () C:\Programme\Mozilla Maintenance Service
2014-07-22 18:58 - 2014-07-22 18:58 - 00000000 ____D () C:\Programme\Mozilla Firefox
2014-07-21 17:53 - 2014-02-23 19:49 - 00000000 ____D () C:\Dokumente und Einstellungen\Gerhard\Anwendungsdaten\calibre
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
Wenn ich auf das Fenster klicke habe ich nur die Sanduhr und im Fenstertitel steht "(Keine Rückmeldung)". Ist eine so lange Laufzeit normal? Danke schon mal für Eure Unterstützung! Ich habe leider keine Funktion zum Editieren meines Beitrages gefunden.... Nach über 1 Stunde Laufzeit hier der GMER-Log: GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-20 00:23:24
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 WDC_WD2500JS-75NCB1 rev.10.02E01 232,83GB
Running: 5leezu75.exe; Driver: C:\DOKUME~1\GB63\LOKALE~1\Temp\fwldqpog.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xB058FBA6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xB0590684]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xB05D4D80]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xB059C6F8]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xB059C744]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xB059C8DE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xB05D4734]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xB059C666]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xB059C788]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xB059C6AE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xB0590BBA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xB059C898]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xB0591472]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xB058FC0C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xB05D5446]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xB05D56FC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xB0594C68]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xB05D52B1]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xB05D511C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xB058F7F8]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xB0905ED0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xB058FC72]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xB059505E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xB0591F5A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xB059C722]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xB059C766]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xB059C902]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xB05D4A90]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xB059C68C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xB0594560]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xB059C816]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xB059C6D6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xB059494C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xB059C8BC]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xB0905C6E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xB05D4F97]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xB0591DCE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xB05D4DE9]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xB0591924]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xB0913E1A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xB05D3D77]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xB058FCD8]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xB058FD3E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xB05912EC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xB058F892]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xB058FA64]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xB05D554D]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xB058F9F2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xB059163C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xB059179E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xB058FAEC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xB059112A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xB05912CC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xB058FDA4]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xB05906E0]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2E0C 805046F4 2 Bytes [F8, F7]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F4C 80504834 4 Bytes [E9, 4D, 5D, B0]
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD4 805048BC 12 Bytes [D8, FC, 58, B0, 3E, FD, 58, ...] {FDIVR ST0, ST4; POP EAX; MOV AL, 0x3e; STD ; POP EAX; MOV AL, 0xec; ADC BL, [ECX-0x50]}
.text ntkrnlpa.exe!ZwCallbackReturn + 307C 80504964 12 Bytes [3C, 16, 59, B0, 9E, 17, 59, ...]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64DC 4 Bytes CALL B059262B \SystemRoot\system32\drivers\aswSnx.sys
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\svchost.exe[288] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[352] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[352] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Alwil Software\Avast5\AvastUI.exe[400] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Alwil Software\Avast5\AvastUI.exe[400] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Programme\Alwil Software\Avast5\AvastUI.exe[400] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[444] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[444] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[536] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[536] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Belkin\Bluetooth Software\bin\btwdins.exe[612] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Belkin\Bluetooth Software\bin\btwdins.exe[612] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[628] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[628] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[828] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[828] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe[848] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe[848] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Java\jre7\bin\jqs.exe[852] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Java\jre7\bin\jqs.exe[852] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Alwil Software\Avast5\AvastSvc.exe[928] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Alwil Software\Avast5\AvastSvc.exe[928] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Programme\Alwil Software\Avast5\AvastSvc.exe[928] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\IoctlSvc.exe[1004] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\IoctlSvc.exe[1004] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1076] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1076] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[1276] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[1276] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[1288] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Spybot - Search & Destroy 2\SDTray.exe[1308] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Spybot - Search & Destroy 2\SDTray.exe[1308] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\RunDll32.exe[1336] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\RunDll32.exe[1336] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1356] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1356] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\SYSTEM32\winlogon.exe[1384] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\SYSTEM32\winlogon.exe[1384] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1428] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1428] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1440] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1440] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1672] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1672] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1740] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1740] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1772] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1772] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Hp\HP Software Update\HPWuSchd2.exe[1920] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Hp\HP Software Update\HPWuSchd2.exe[1920] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1984] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1984] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2028] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2028] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Windows Desktop Search\WindowsSearch.exe[2040] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Windows Desktop Search\WindowsSearch.exe[2040] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2072] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2072] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2132] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2132] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2200] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\TeamViewer\Version9\TeamViewer_Service.exe[2236] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\TeamViewer\Version9\TeamViewer_Service.exe[2236] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Palm\Hotsync.exe[2332] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Palm\Hotsync.exe[2332] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!??2@YAPAXI@Z 77BF9CC5 5 Bytes JMP 0A93C080 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!??3@YAXPAX@Z 77BF9CDD 5 Bytes JMP 0A93C0E0 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 77BF9D9F 5 Bytes JMP 0A93C110 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!_aligned_offset_malloc 77BF9DAF 5 Bytes JMP 0A93BFE0 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!_aligned_free 77BF9E33 5 Bytes JMP 0A93C0E0 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!_aligned_malloc 77BF9E52 5 Bytes JMP 0A93BFC0 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!_aligned_offset_realloc 77BF9E6E 5 Bytes JMP 0A93C020 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!_aligned_realloc 77BF9FC6 5 Bytes JMP 0A93C000 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!_expand 77BF9FE5 5 Bytes JMP 0A93BFA0 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!_heapadd 77BFBC9F 5 Bytes JMP 0A93C160 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!_heapchk 77BFBCB3 5 Bytes JMP 0A93C170 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!_heapset + 1 77BFBD83 4 Bytes JMP 0A93C191 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!_heapmin 77BFBD8C 5 Bytes JMP 0A93C260 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!_heapused 77BFBE3A 5 Bytes JMP 0A93C230 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!_heapwalk 77BFBE4D 5 Bytes JMP 0A93C1A0 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!_msize 77BFBF6C 5 Bytes JMP 0A93BEB0 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!calloc 77BFC0C3 5 Bytes JMP 0A93BE50 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!free 77BFC21B 5 Bytes JMP 0A93C0E0 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!malloc 77BFC407 5 Bytes JMP 0A93BE10 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!realloc 77BFC437 5 Bytes JMP 0A93BE90 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\TomTom HOME 2\TomTomHOMEService.exe[2336] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\TomTom HOME 2\TomTomHOMEService.exe[2336] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe[2376] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe[2376] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE[2476] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE[2476] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\vmnat.exe[2524] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\vmnat.exe[2524] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\SearchIndexer.exe[2556] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\SearchIndexer.exe[2556] kernel32.dll!WriteFile 7C8112FF 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL
.text C:\WINDOWS\system32\SearchIndexer.exe[2556] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\VMware\VMware Player\vmware-authd.exe[2672] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\VMware\VMware Player\vmware-authd.exe[2672] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Belkin\Bluetooth Software\BTTray.exe[2860] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Belkin\Bluetooth Software\BTTray.exe[2860] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2872] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2872] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\vmnetdhcp.exe[3020] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\vmnetdhcp.exe[3020] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\stsystra.exe[3408] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\stsystra.exe[3408] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[3432] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[3432] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3480] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3480] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[3576] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[3576] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3788] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3788] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Logitech\SetPoint\SetPoint.exe[3860] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Logitech\SetPoint\SetPoint.exe[3860] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3868] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3868] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\FreePDF_XP\fpassist.exe[3916] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\FreePDF_XP\fpassist.exe[3916] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\VMware\VMware Player\hqtray.exe[3996] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\VMware\VMware Player\hqtray.exe[3996] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[4016] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[4016] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Sony\Content Transfer\ContentTransferWMDetector.exe[4028] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Sony\Content Transfer\ContentTransferWMDetector.exe[4028] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Dokumente und Einstellungen\Gerhard\Desktop\5leezu75.exe[5432] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Dokumente und Einstellungen\Gerhard\Desktop\5leezu75.exe[5432] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys
Device \Driver\usbehci \Device\USBPDO-0 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-1 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-2 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-3 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-4 hcmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys
Device \Driver\usbhub \Device\USBPDO-6 ctxusbm.sys
Device \Driver\usbhub \Device\USBPDO-6 hcmon.sys
Device \Driver\usbhub \Device\USBPDO-7 ctxusbm.sys
Device \Driver\usbhub \Device\USBPDO-7 hcmon.sys
Device \Driver\usbhub \Device\00000078 ctxusbm.sys
Device \Driver\usbhub \Device\00000078 hcmon.sys
Device \Driver\usbhub \Device\00000079 ctxusbm.sys
Device \Driver\usbhub \Device\00000079 hcmon.sys
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys
Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys
Device \Driver\usbhub \Device\0000007a ctxusbm.sys
Device \Driver\usbhub \Device\0000007a hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys
Device \Driver\usbhub \Device\0000007b ctxusbm.sys
Device \Driver\usbhub \Device\0000007b hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys
Device \Driver\usbhub \Device\0000007c ctxusbm.sys
Device \Driver\usbhub \Device\0000007c hcmon.sys
Device \Driver\usbehci \Device\USBFDO-4 hcmon.sys
Device \FileSystem\Fastfat \Fat AC55ED20
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Irgendwas ist da schon komisch.... Nachdem ich diese 3 Programm für die Logs installiert und ausgeführt habe (FRST habe ich abgebrochen, da keine Rückmeldung nach 1 Stunde) habe ich mal meinen PC neu gestartet. Das dauert jetzt EWIG und ich habe eine permanenten CPU-Auslastung von über 50 % !!!! Was ist da jetzt passiert? Auch das Hochfahren meines PCs und bis man angemeldet ist und die Maus reagiert dauert jetzt auf einmal EWIG (ca. 10 Minuten)! Das kann doch nicht normal sein... :-(( |
|
20.08.2014, 00:39
| #2 |
| Ruhe in Frieden † 2019     | Windows XP Avast: Win32:Evo-gen [Susp] Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist. Nein, ist nicht normal, ich denke dass GMER dir da was verstellt hat. Lass uns das zuerst nachschauen Schritt 1 Drücke die  + R Taste, schreibe "notepad" in das Ausführen Fenster und drücke OK.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument: Code:
ATTFilter >checkDMA.txt 2>&1 (
reg query "HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0"
reg query "HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}" /s
)
notepad checkDMA.txt
__________________ |
|
20.08.2014, 00:52
| #3 |
| | Windows XP Avast: Win32:Evo-gen [Susp] Hallo Sandra!
__________________Schön von Dir zu hören ;-) Hier das erste Ergebnis: Code:
ATTFilter
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0
DMAEnabled REG_DWORD 0x3
Driver REG_SZ atapi
HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}
Class REG_SZ hdc
<NO NAME> REG_SZ IDE ATA/ATAPI-Controller
Icon REG_SZ -9
Installer32 REG_SZ SysSetup.Dll,HdcClassInstaller
TroubleShooter-0 REG_SZ hcp://help/tshoot/tsdrive.htm
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0003
InfPath REG_SZ oem4.inf
InfSection REG_SZ intelide
ProviderName REG_SZ Intel
DriverDateData REG_BINARY 000092D1B9FDC401
DriverDate REG_SZ 1-19-2005
DriverVersion REG_SZ 7.0.0.1014
MatchingDeviceId REG_SZ pci\ven_8086&dev_27c0
DriverDesc REG_SZ Intel(R) 82801GB Serial ATA Storage Controllers - 27C0
MasterOnMask REG_DWORD 0x80
MasterOnConfigOffset REG_DWORD 0x41
SlaveOnMask REG_DWORD 0x80
SlaveOnConfigOffset REG_DWORD 0x43
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0004
InfPath REG_SZ oem4.inf
InfSection REG_SZ intelide
ProviderName REG_SZ Intel
DriverDateData REG_BINARY 000092D1B9FDC401
DriverDate REG_SZ 1-19-2005
DriverVersion REG_SZ 7.0.0.1014
MatchingDeviceId REG_SZ pci\ven_8086&dev_27df
DriverDesc REG_SZ Intel(R) 82801GB Ultra ATA Storage Controllers - 27DF
MasterOnMask REG_DWORD 0x80
MasterOnConfigOffset REG_DWORD 0x41
SlaveOnMask REG_DWORD 0x80
SlaveOnConfigOffset REG_DWORD 0x43
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0005
EnumPropPages32 REG_SZ storprop.dll,IdePropPageProvider
InfPath REG_SZ mshdc.inf
InfSection REG_SZ atapi_Inst_primary
ProviderName REG_SZ Microsoft
DriverDateData REG_BINARY 008062C5C001C101
DriverDate REG_SZ 7-1-2001
DriverVersion REG_SZ 5.1.2600.2180
MatchingDeviceId REG_SZ primary_ide_channel
DriverDesc REG_SZ Primärer IDE-Kanal
MasterDeviceType REG_DWORD 0x1
SlaveDeviceType REG_DWORD 0x0
SlaveDeviceDetectionTimeout REG_DWORD 0x1
MasterDeviceTimingMode REG_DWORD 0x10
MasterDeviceTimingModeAllowed REG_DWORD 0x1f
MasterIdDataCheckSum REG_DWORD 0x1e84e
SlaveDeviceTimingMode REG_DWORD 0x0
UserMasterDeviceTimingModeAllowed REG_DWORD 0xffffffff
SlaveDeviceTimingModeAllowed REG_DWORD 0xffffffff
UserSlaveDeviceTimingModeAllowed REG_DWORD 0xffffffff
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0006
EnumPropPages32 REG_SZ storprop.dll,IdePropPageProvider
InfPath REG_SZ mshdc.inf
InfSection REG_SZ atapi_Inst_secondary
ProviderName REG_SZ Microsoft
DriverDateData REG_BINARY 008062C5C001C101
DriverDate REG_SZ 7-1-2001
DriverVersion REG_SZ 5.1.2600.2180
MatchingDeviceId REG_SZ secondary_ide_channel
DriverDesc REG_SZ Sekundärer IDE-Kanal
MasterDeviceType REG_DWORD 0x0
SlaveDeviceType REG_DWORD 0x0
MasterDeviceTimingMode REG_DWORD 0x0
SlaveDeviceTimingMode REG_DWORD 0x0
MasterDeviceTimingModeAllowed REG_DWORD 0xffffffff
UserMasterDeviceTimingModeAllowed REG_DWORD 0xffffffff
SlaveDeviceTimingModeAllowed REG_DWORD 0xffffffff
UserSlaveDeviceTimingModeAllowed REG_DWORD 0xffffffff
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0007
EnumPropPages32 REG_SZ storprop.dll,IdePropPageProvider
InfPath REG_SZ mshdc.inf
InfSection REG_SZ atapi_Inst_primary
ProviderName REG_SZ Microsoft
DriverDateData REG_BINARY 008062C5C001C101
DriverDate REG_SZ 7-1-2001
DriverVersion REG_SZ 5.1.2600.2180
MatchingDeviceId REG_SZ primary_ide_channel
DriverDesc REG_SZ Primärer IDE-Kanal
MasterDeviceType REG_DWORD 0x2
SlaveDeviceType REG_DWORD 0x2
MasterDeviceTimingMode REG_DWORD 0x2010
MasterDeviceTimingModeAllowed REG_DWORD 0xffffffff
MasterIdDataCheckSum REG_DWORD 0x1d092
SlaveDeviceTimingMode REG_DWORD 0x2010
SlaveDeviceTimingModeAllowed REG_DWORD 0xffffffff
SlaveIdDataCheckSum REG_DWORD 0xc69f
UserMasterDeviceTimingModeAllowed REG_DWORD 0xffffffff
UserSlaveDeviceTimingModeAllowed REG_DWORD 0xffffffff
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties
Error: Access is denied in the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties
|
|
20.08.2014, 01:01
| #4 |
| Ruhe in Frieden † 2019 | Windows XP Avast: Win32:Evo-gen [Susp] Ok, mache nun bitte dieses und berichte mir, wie sich der Rechner verhält Schritt 1 HDD-Controller-Treiber zurücksetzen nach Scan mit GMER (Originalwebseite und mit freundlicher Genehmigung von Hans-Georg Michna)
|
|
20.08.2014, 01:11
| #5 |
| | Windows XP Avast: Win32:Evo-gen [Susp] Hi Sandra, na diese Zusammenarbeit fängt schon sehr positiv an! :-)) Windows ist wieder wesentlich schneller beim Hochfahren! Nur das Anmelden dauert dann noch etwas länger - aber insgesamt VIEL SCHNELLER als zuletzt! D A N K E !!! Und jetzt? LG |
|
20.08.2014, 01:18
| #6 |
| Ruhe in Frieden † 2019 | Windows XP Avast: Win32:Evo-gen [Susp] Das ist doch schön  Ist die Datei von Palm jetzt in der Quarantäne von Avast? Versuche bitte nochmals ein Log mit FRST zu erstellen, lösche die FRST und lade sie erneut runter. Ich geh erstmal etwas schlafen und melde mich dann spätestens heute abend wieder hier
__________________ --> Windows XP Avast: Win32:Evo-gen [Susp] |
|
20.08.2014, 06:32
| #7 |
| | Windows XP Avast: Win32:Evo-gen [Susp] 1. Die Datei register.exe habe ich aus der Quarantäne zurückgeholt, da es sich um keinen Virus handeln kann! Avast hat diese Datei auch direkt von der Installations-CD als virusbehaftet erkannt - das kann ja nicht stimmen. Trotzdem glaube ich aber, dass sich ein Virus auf meinem Computer befindet... 2. FRST habe ich neu runtergeladen und ausgeführt - läuft aber wieder im Fenster mit "keine Rückmeldung" zum Zeitpunkt "Processing Files: Extra check...". Im Taskmanager sehe ich auch keinen aktiven Prozess dazu. Wie lange läuft denn so ein Scan im "Normalfall"? Oder sollte ich einfach länger Geduld haben und da kommt irgendwann ein Ergebnis? Ich höre aber auch keine Bewegung auf der Festplatte.... 3. Hier jetzt die neue FRST-Datei FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:19-08-2014
Ran by gb63 (administrator) on GB-HOME on 20-08-2014 02:23:52
Running from C:\Dokumente und Einstellungen\GB63\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Cisco Systems, Inc.) C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(AVAST Software) C:\Programme\Alwil Software\Avast5\AvastSvc.exe
(Broadcom Corporation.) C:\Programme\Belkin\Bluetooth Software\bin\btwdins.exe
(Prolific Technology Inc.) C:\WINDOWS\system32\IoctlSvc.exe
(Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
(InstallShield Software Corporation) C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
(Hewlett-Packard) C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
(shbox.de) C:\Programme\FreePDF_XP\fpassist.exe
(VMware, Inc.) C:\Programme\VMware\VMware Player\hqtray.exe
(RealNetworks, Inc.) C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
(Sony Corporation) C:\Programme\Sony\Content Transfer\ContentTransferWMDetector.exe
() C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
(AVAST Software) C:\Programme\Alwil Software\Avast5\avastui.exe
(Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Programme\HP\HP Software Update\hpwuschd2.exe
(Skype Technologies S.A.) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Broadcom Corporation.) C:\Programme\Belkin\Bluetooth Software\BTTray.exe
(PalmSource, Inc) C:\Programme\Palm\Hotsync.exe
(Logitech, Inc.) C:\Programme\Logitech\SetPoint\SetPoint.exe
(TeamViewer GmbH) C:\Programme\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(TomTom) C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
(VMware, Inc.) C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe
(Logitech, Inc.) C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe
(VMware, Inc.) C:\WINDOWS\system32\vmnat.exe
(VMware, Inc.) C:\Programme\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\WINDOWS\system32\vmnetdhcp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\Programme\Windows Desktop Search\WindowsSearch.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\WINDOWS\stsystra.exe [339968 2005-03-23] (SigmaTel, Inc.)
HKLM\...\Run: [ATIPTA] => C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-08-05] (ATI Technologies, Inc.)
HKLM\...\Run: [ISUSScheduler] => C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe [81920 2005-06-10] (InstallShield Software Corporation)
HKLM\...\Run: [NeroFilterCheck] => C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe [570664 2008-05-28] (Nero AG)
HKLM\...\Run: [Share-to-Web Namespace Daemon] => C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [69632 2002-04-17] (Hewlett-Packard)
HKLM\...\Run: [FreePDF Assistant] => C:\Programme\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\WINDOWS\KHALMNPR.EXE [76304 2008-12-19] (Logitech, Inc.)
HKLM\...\Run: [VMware hqtray] => C:\Programme\VMware\VMware Player\hqtray.exe [64048 2010-01-22] (VMware, Inc.)
HKLM\...\Run: [TkBellExe] => C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [202256 2010-03-14] (RealNetworks, Inc.)
HKLM\...\Run: [ContentTransferWMDetector.exe] => C:\Programme\Sony\Content Transfer\ContentTransferWMDetector.exe [583016 2009-11-19] (Sony Corporation)
HKLM\...\Run: [APSDaemon] => C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Programme\Alwil Software\Avast5\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM\...\Run: [QuickTime Task] => C:\Programme\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SDTray] => C:\Programme\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] => C:\Programme\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
Winlogon\Notify\ckpNotify: C:\WINDOWS\SYSTEM32\ckpNotify.dll (Check Point Software Technologies)
Winlogon\Notify\LBTWlgn: c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk
ShortcutTarget: BTTray.lnk -> C:\Programme\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HotSync.lnk
ShortcutTarget: HotSync.lnk -> C:\Programme\Palm\Hotsync.exe (PalmSource, Inc)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HOTSYNCSHORTCUTNAME.lnk
ShortcutTarget: HOTSYNCSHORTCUTNAME.lnk -> C:\Programme\Palm\Hotsync.exe (PalmSource, Inc)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Programme\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Dokumente und Einstellungen\Gerhard\Startmenü\Programme\Autostart\Microsoft Outlook.lnk
ShortcutTarget: Microsoft Outlook.lnk -> C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation)
Startup: C:\Dokumente und Einstellungen\Gerhard\Startmenü\Programme\Autostart\Tintenwarnungen überwachen - HP Photosmart 5520 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Photosmart 5520 series.lnk -> C:\Programme\HP\HP Photosmart 5520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Programme\Alwil Software\Avast5\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://ie.search.msn.com
SearchScopes: HKCU - {D3779843-5AAF-4907-98F1-01BC045E878C} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Programme\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: IEExtension.VDownloaderBHO -> {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} -> C:\WINDOWS\SYSTEM32\mscoree.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} hxxp://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} hxxp://viesh-win0032.pdrive.local/CitrixSessionInit/ICAWEB/de/ica32/wficat.cab
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://mas.voestalpine.com/vdesk/terminal/urxvpn.cab#version=7000,2013,918,512
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://mas.voestalpine.com/vdesk/terminal/f5tunsrv.cab#version=7000,2013,426,1901
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://mas.voestalpine.com/vdesk/terminal/InstallerControl.cab#version=7000,2013,0426,1915
DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} https://mas.voestalpine.com/vdesk/terminal/f5InspectionHost.cab#version=7000,2013,0426,1847
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://www.bitdefender.de/scan_de/scan8/oscan8.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} https://mas.voestalpine.com/vdesk/terminal/urTermProxy.cab#version=6020,2009,0312,0403
DPF: {7E0FDFBB-87D4-43A1-9AD4-41F0EA8AFF7B} https://citrix.pdrive.com/net6helper.cab
DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} https://mas.voestalpine.com/vdesk/terminal/vdeskctrl.cab#Version=7000,2013,0426,1859
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://mas.voestalpine.com/vdesk/terminal/urxshost.cab#version=7000,2013,426,1858
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://engine.netanday.it/ajax_webcam/codec/AMC.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://mas.voestalpine.com/vdesk/terminal/urxhost.cab#version=7000,2013,426,1913
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} https://mas.voestalpine.com/policy/download_binary.php/win32/f5syschk.cab#Version=7000,2013,0426,1901
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ras-eu.besi.com/dana-cached/sc/JuniperSetupClient.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\programme\sap\frontend\sapgui\saphtmlp.dll (SAP AG, Walldorf)
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\programme\sap\frontend\sapgui\saphtmlp.dll (SAP AG, Walldorf)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Gerhard\Anwendungsdaten\Mozilla\Firefox\Profiles\llybtok0.default-1408492564937
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @Citrix.com/npican -> C:\Programme\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Programme\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Programme\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Programme\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin: @real.com/nppl3260;version=6.0.12.709 -> c:\programme\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.709 -> c:\programme\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.709 -> c:\programme\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programme\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programme\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: vitzo.com/VDownloader -> C:\Programme\VDownloader\Addons\npVDownloader.dll No File
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\confmgr.dll ()
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\ctxlogging.dll ()
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\msvcm80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\msvcp80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\msvcr80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-22]
FF Extension: Java Console - C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-07-22]
FF Extension: Java Console - C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-07-22]
FF Extension: Java Console - C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-07-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-08-18]
FF HKLM\...\Firefox\Extensions: [support@vdownloader.com] - C:\Programme\VDownloader\Addons\FireFox
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Programme\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Programme\Alwil Software\Avast5\WebRep\FF [2011-04-24]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eoccbpoodnckjdnackiffhjfkogfhnhh] - C:\Programme\VDownloader\Addons\Chrome.crx []
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Programme\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-07-04]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Programme\Alwil Software\Avast5\AvastSvc.exe [50344 2014-07-04] (AVAST Software)
R2 btwdins; C:\Programme\Belkin\Bluetooth Software\bin\btwdins.exe [266295 2006-06-07] (Broadcom Corporation.) [File not signed]
S2 gupdate1c9b5f28f2902f4; C:\Programme\Google\Update\GoogleUpdate.exe [133104 2009-04-05] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [133104 2009-04-05] (Google Inc.)
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 LBTServ; C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe [121360 2009-02-19] (Logitech, Inc.)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [119408 2014-07-22] (Mozilla Foundation)
S3 NBService; C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe [800040 2008-04-08] (Nero AG)
S3 NetSvc; C:\Programme\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel(R) Corporation) [File not signed]
S3 NMIndexingService; C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
R2 PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 SDScannerService; C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Skype C2C Service; C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
S2 SkypeUpdate; C:\Programme\Skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
S3 SR_Service; C:\Programme\CheckPoint\SecuRemote\bin\SR_Service.exe [110691 2006-04-09] (Check Point Software Technologies) [File not signed]
S3 SR_WatchDog; C:\Programme\CheckPoint\SecuRemote\bin\SR_WatchDog.exe [36964 2006-04-09] (Check Point Software Technologies) [File not signed]
R2 TeamViewer9; C:\Programme\TeamViewer\Version9\TeamViewer_Service.exe [5341536 2013-12-17] (TeamViewer GmbH)
R2 TomTomHOMEService; C:\Programme\TomTom HOME 2\TomTomHOMEService.exe [93040 2014-06-05] (TomTom)
S3 ufad-ws60; C:\Programme\VMware\VMware Player\vmware-ufad.exe [191024 2009-10-12] (VMware, Inc.)
R2 VMAuthdService; C:\Programme\VMware\VMware Player\vmware-authd.exe [113200 2010-01-22] (VMware, Inc.)
R2 VMnetDHCP; C:\WINDOWS\system32\vmnetdhcp.exe [334384 2010-01-22] (VMware, Inc.)
R2 VMUSBArbService; C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe [563760 2010-01-22] (VMware, Inc.)
R2 VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [395824 2010-01-22] (VMware, Inc.)
R2 vpnagent; C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [493248 2009-10-09] (Cisco Systems, Inc.)
S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [82380 2009-04-23] (Oak Technology Inc.) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-04] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-04] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-04] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-04] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-07-04] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-04] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-04] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-04] ()
R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [329901 2006-06-07] (Broadcom Corporation.) [File not signed]
S3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [30459 2006-06-07] (Broadcom Corporation.) [File not signed]
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [855018 2006-06-07] (Broadcom Corporation.) [File not signed]
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [149028 2006-06-07] (Broadcom Corporation.) [File not signed]
S3 btwhid; C:\WINDOWS\System32\DRIVERS\btwhid.sys [47811 2006-06-07] (Broadcom Corporation.) [File not signed]
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [67384 2006-06-07] (Broadcom Corporation.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R2 CP_OMDRV; C:\WINDOWS\System32\drivers\omdrv.sys [36400 2006-04-09] (Check Point Software Technologies) [File not signed]
R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2005-09-08] (Sonic Solutions) [File not signed]
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5628 2005-08-25] (Sonic Solutions) [File not signed]
R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2005-09-08] (Sonic Solutions) [File not signed]
R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86524 2005-09-08] (Sonic Solutions) [File not signed]
R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2005-09-08] (Sonic Solutions) [File not signed]
R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2005-09-08] (Sonic Solutions) [File not signed]
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-08-25] (Sonic Solutions) [File not signed]
R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2005-09-08] (Sonic Solutions) [File not signed]
R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2005-09-08] (Sonic Solutions) [File not signed]
R0 DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [89264 2005-09-12] (Sonic Solutions) [File not signed]
R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions) [File not signed]
S3 f5ipfw; C:\WINDOWS\system32\drivers\urfltw2k.sys [11664 2013-09-17] (F5 Networks, Inc.)
R3 FW1; C:\WINDOWS\System32\DRIVERS\fw.sys [2234320 2006-04-09] (Check Point Software Technologies)
R2 hcmon; C:\WINDOWS\system32\drivers\hcmon.sys [32304 2010-01-22] (VMware, Inc.)
S3 Jukebox3; C:\WINDOWS\System32\DRIVERS\ctpdusb.sys [16880 2004-09-30] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 Net6IM; C:\WINDOWS\System32\DRIVERS\net6im51.sys [46448 2007-07-13] (Citrix Systems, Inc.)
R1 PQNTDrv; C:\WINDOWS\system32\Drivers\PQNTDrv.sys [4228 2002-09-16] (PowerQuest Corporation) [File not signed]
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1047816 2005-11-16] (SigmaTel, Inc.)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
R3 urvpndrv; C:\WINDOWS\System32\DRIVERS\covpndrv.sys [37456 2013-04-01] (F5 Networks, Inc.)
R3 vmkbd; C:\WINDOWS\system32\drivers\VMkbd.sys [23216 2010-01-22] (VMware, Inc.)
R3 VMnetAdapter; C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys [16560 2010-01-22] (VMware, Inc.)
R2 VMnetBridge; C:\WINDOWS\System32\DRIVERS\vmnetbridge.sys [32688 2010-01-22] (VMware, Inc.)
R2 VMnetuserif; C:\WINDOWS\system32\drivers\vmnetuserif.sys [26288 2010-01-22] (VMware, Inc.)
R2 vmx86; C:\WINDOWS\system32\Drivers\vmx86.sys [854192 2010-01-22] (VMware, Inc.)
R2 VNASC; C:\WINDOWS\System32\DRIVERS\vnasc.sys [109072 2006-04-09] (Check Point Software Technologies)
R2 VPN-1; C:\WINDOWS\System32\drivers\vpn.sys [671472 2006-04-09] (Check Point Software Technologies) [File not signed]
R2 vstor2-ws60; C:\Programme\VMware\VMware Player\vstor2-ws60.sys [22448 2009-10-12] (VMware, Inc.)
S3 dsNcAdpt; system32\DRIVERS\dsNcAdpt.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 PalmUSBD; system32\drivers\PalmUSBD.sys [X]
S1 SABKUTIL; \??\C:\Programme\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [X]
S3 SABProcEnum; \??\C:\Programme\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-20 02:23 - 2014-08-20 02:24 - 00032254 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\FRST.txt
2014-08-20 02:22 - 2014-08-20 02:22 - 01093632 _____ (Farbar) C:\Dokumente und Einstellungen\Gerhard\Desktop\FRST.exe
2014-08-20 02:02 - 2014-08-20 02:03 - 00003083 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\resetdma.vbs
2014-08-20 01:51 - 2014-08-20 01:51 - 00004758 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\checkDMA.txt
2014-08-20 01:51 - 2014-08-20 01:51 - 00000198 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\batch.bat
2014-08-20 01:28 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-08-20 01:26 - 2014-08-20 01:26 - 01361671 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\adwcleaner_3.307.exe
2014-08-20 00:48 - 2014-08-20 00:48 - 00000000 ____D () C:\WINDOWS\Hewlett-Packard
2014-08-20 00:23 - 2014-08-20 00:23 - 00043989 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\Gmer.log
2014-08-19 21:44 - 2014-08-19 21:44 - 00380416 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\5leezu75.exe
2014-08-19 21:28 - 2014-08-20 02:23 - 00000000 ____D () C:\FRST
2014-08-19 21:26 - 2014-08-19 21:27 - 00000248 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\defogger_enable.log
2014-08-19 21:26 - 2014-08-19 21:26 - 00000476 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\defogger_disable.log
2014-08-19 21:25 - 2014-08-19 21:25 - 00050477 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\Defogger.exe
2014-08-19 21:02 - 2014-08-19 21:02 - 01101648 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\HijackThis - CHIP-Installer.exe
2014-08-18 16:00 - 2014-08-20 00:48 - 00000000 ____D () C:\Dokumente und Einstellungen\Gerhard\Lokale Einstellungen\Anwendungsdaten\Adobe
2014-08-13 19:55 - 2014-07-30 19:12 - 00454443 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140813-195521.backup
2014-08-11 12:16 - 2014-08-11 12:16 - 00000000 ____D () C:\Programme\Gemeinsame Dateien\Java
2014-08-11 12:15 - 2014-08-11 12:15 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-08-11 12:15 - 2014-08-11 12:15 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-08-11 12:15 - 2014-08-11 12:15 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-08-11 12:15 - 2014-08-11 12:15 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-08-11 12:15 - 2014-08-11 12:15 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-08-11 12:15 - 2014-08-11 12:15 - 00000000 ____D () C:\Programme\Java
2014-08-11 12:15 - 2014-08-11 12:15 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Java
2014-07-30 19:12 - 2014-07-29 19:54 - 00454441 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140730-191201.backup
2014-07-22 18:58 - 2014-07-22 18:58 - 00000000 ____D () C:\Programme\Mozilla Firefox
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-20 02:24 - 2014-08-20 02:23 - 00032254 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\FRST.txt
2014-08-20 02:24 - 2006-03-13 22:58 - 00000000 ____D () C:\Dokumente und Einstellungen\Gerhard\Lokale Einstellungen\Temp
2014-08-20 02:23 - 2014-08-19 21:28 - 00000000 ____D () C:\FRST
2014-08-20 02:22 - 2014-08-20 02:22 - 01093632 _____ (Farbar) C:\Dokumente und Einstellungen\Gerhard\Desktop\FRST.exe
2014-08-20 02:12 - 2012-07-06 07:50 - 00000358 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-08-20 02:11 - 2009-06-24 22:06 - 00001090 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-20 02:08 - 2010-01-20 16:28 - 01588625 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-20 02:07 - 2008-02-01 11:06 - 00000000 ____D () C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\VMware
2014-08-20 02:07 - 2008-02-01 11:05 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VMware
2014-08-20 02:07 - 2004-08-13 14:40 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-20 02:06 - 2014-05-02 19:37 - 00000636 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-08-20 02:06 - 2014-03-28 20:18 - 00000226 _____ () C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Benachrichtigung – Anmeldung.job
2014-08-20 02:06 - 2010-03-14 20:11 - 00000274 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2999297034-267916414-2314848737-1005.job
2014-08-20 02:06 - 2010-01-20 16:33 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-20 02:06 - 2010-01-20 16:33 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-08-20 02:06 - 2009-06-24 22:06 - 00001086 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-20 02:05 - 2007-09-26 21:49 - 01629876 _____ () C:\WINDOWS\system32\ckpNotify.log
2014-08-20 02:05 - 2004-08-13 15:00 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-20 02:04 - 2012-11-20 07:44 - 00393216 _____ () C:\WINDOWS\system32\config\VPN.evt
2014-08-20 02:04 - 2010-01-20 16:33 - 00032570 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-20 02:04 - 2006-03-13 22:58 - 00000300 ___SH () C:\Dokumente und Einstellungen\Gerhard\ntuser.ini
2014-08-20 02:03 - 2014-08-20 02:02 - 00003083 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\resetdma.vbs
2014-08-20 01:51 - 2014-08-20 01:51 - 00004758 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\checkDMA.txt
2014-08-20 01:51 - 2014-08-20 01:51 - 00000198 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\batch.bat
2014-08-20 01:48 - 2012-03-30 17:49 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-20 01:44 - 2006-03-13 22:58 - 00000000 ___RD () C:\Dokumente und Einstellungen\Gerhard\Startmenü\Programme\Autostart
2014-08-20 01:32 - 2014-02-21 21:27 - 00000000 ____D () C:\AdwCleaner
2014-08-20 01:32 - 2006-03-13 22:58 - 00000000 ____D () C:\Dokumente und Einstellungen\Gerhard
2014-08-20 01:26 - 2014-08-20 01:26 - 01361671 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\adwcleaner_3.307.exe
2014-08-20 00:49 - 2006-03-14 03:14 - 00000000 ____D () C:\Programme\Palm
2014-08-20 00:49 - 2006-03-14 03:10 - 00000000 ____D () C:\Dokumente und Einstellungen\Gerhard\Startmenü\Programme\Palm
2014-08-20 00:49 - 2004-08-13 14:47 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2014-08-20 00:48 - 2014-08-20 00:48 - 00000000 ____D () C:\WINDOWS\Hewlett-Packard
2014-08-20 00:48 - 2014-08-18 16:00 - 00000000 ____D () C:\Dokumente und Einstellungen\Gerhard\Lokale Einstellungen\Anwendungsdaten\Adobe
2014-08-20 00:48 - 2014-05-03 16:04 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\HP
2014-08-20 00:48 - 2013-08-15 11:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-20 00:48 - 2004-08-13 14:47 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
2014-08-20 00:48 - 2004-08-13 14:47 - 00000000 ____D () C:\Programme
2014-08-20 00:30 - 2014-05-02 19:37 - 00000608 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-08-20 00:23 - 2014-08-20 00:23 - 00043989 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\Gmer.log
2014-08-19 22:55 - 2006-03-14 03:10 - 00001595 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\Palm Desktop.lnk
2014-08-19 21:44 - 2014-08-19 21:44 - 00380416 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\5leezu75.exe
2014-08-19 21:27 - 2014-08-19 21:26 - 00000248 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\defogger_enable.log
2014-08-19 21:26 - 2014-08-19 21:26 - 00000476 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\defogger_disable.log
2014-08-19 21:25 - 2014-08-19 21:25 - 00050477 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\Defogger.exe
2014-08-19 21:02 - 2014-08-19 21:02 - 01101648 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\HijackThis - CHIP-Installer.exe
2014-08-19 20:23 - 2006-03-14 01:04 - 00000000 ____D () C:\Transfer
2014-08-18 16:02 - 2009-10-30 14:03 - 00000000 ____D () C:\Dokumente und Einstellungen\Gerhard\Lokale Einstellungen\Anwendungsdaten\FreePDF_XP
2014-08-18 16:02 - 2009-10-30 12:58 - 00015721 _____ () C:\fpRedmon.log
2014-08-18 13:23 - 2012-03-30 17:49 - 00699568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-08-18 13:23 - 2011-05-13 17:18 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-08-18 13:22 - 2014-05-03 16:04 - 00000000 ____D () C:\Dokumente und Einstellungen\Gerhard\Anwendungsdaten\HpUpdate
2014-08-13 18:28 - 2006-03-13 23:24 - 96303304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-11 19:18 - 2011-08-15 12:07 - 00000000 ____D () C:\Dokumente und Einstellungen\Gerhard\Anwendungsdaten\Skype
2014-08-11 18:12 - 2012-11-17 15:35 - 00000276 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-08-11 12:16 - 2014-08-11 12:16 - 00000000 ____D () C:\Programme\Gemeinsame Dateien\Java
2014-08-11 12:15 - 2014-08-11 12:15 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-08-11 12:15 - 2014-08-11 12:15 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-08-11 12:15 - 2014-08-11 12:15 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-08-11 12:15 - 2014-08-11 12:15 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-08-11 12:15 - 2014-08-11 12:15 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-08-11 12:15 - 2014-08-11 12:15 - 00000000 ____D () C:\Programme\Java
2014-08-11 12:15 - 2014-08-11 12:15 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Java
2014-08-10 13:21 - 2008-06-03 19:56 - 00000000 ____D () C:\Dokumente und Einstellungen\Gerhard\Anwendungsdaten\Mp3tag
2014-08-09 18:35 - 2007-09-26 21:49 - 00000000 __SHD () C:\WINDOWS\CSC
2014-08-09 12:00 - 2014-02-23 19:49 - 00000718 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\calibre - E-book management.lnk
2014-08-09 12:00 - 2014-02-23 19:49 - 00000000 ____D () C:\Programme\Calibre2
2014-08-09 12:00 - 2014-02-23 19:49 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\calibre - E-book Management
2014-08-08 08:37 - 2011-08-15 12:07 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
2014-08-07 12:43 - 2014-05-02 19:37 - 00000000 ____D () C:\Programme\Spybot - Search & Destroy 2
2014-08-04 08:25 - 2006-03-14 01:04 - 00000000 ____D () C:\Temp
2014-08-01 16:53 - 2010-03-14 20:11 - 00000282 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2999297034-267916414-2314848737-1005.job
2014-07-30 19:12 - 2014-08-13 19:55 - 00454443 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140813-195521.backup
2014-07-29 19:54 - 2014-07-30 19:12 - 00454441 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140730-191201.backup
2014-07-29 19:53 - 2006-03-14 04:21 - 00000000 ____D () C:\Dokumente und Einstellungen\Gerhard\SapWorkDir
2014-07-28 10:31 - 2008-06-12 17:32 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-07-25 07:26 - 2010-11-14 12:04 - 00000000 ____D () C:\Programme\Microsoft Silverlight
2014-07-24 18:03 - 2010-11-14 12:04 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Silverlight
2014-07-23 18:19 - 2012-04-25 10:40 - 00000000 ____D () C:\Programme\Mozilla Maintenance Service
2014-07-22 18:58 - 2014-07-22 18:58 - 00000000 ____D () C:\Programme\Mozilla Firefox
2014-07-21 17:53 - 2014-02-23 19:49 - 00000000 ____D () C:\Dokumente und Einstellungen\Gerhard\Anwendungsdaten\calibre
Some content of TEMP:
====================
C:\Dokumente und Einstellungen\Gerhard\Lokale Einstellungen\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
Warum funktioniert eigentlich auf meinem PC die Systemwiederherstellung nicht? Ganz egal welchen Sicherungszeitpunkt ich auswähle - es kommt dann immer beim neuerlichen Hochfahren die Meldung, dass nicht neu aufgesetzt werden konnte! :-( Jetzt habe ich FRST nochmals probiert - und siehe da - nach wenigen Minuten hatte ich das Ergebnis! Hier bitte die Addition.txt: FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:19-08-2014
Ran by Gerhard at 2014-08-20 07:29:21
Running from C:\Dokumente und Einstellungen\GB63\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee VirusScan (Disabled - Up to date) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AAC Decoder (HKLM\...\{AEF9DC35ADDF4825B049ACBFD1C6EB37}) (Version: 7.1.0 - DivX, Inc.)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader for Palm OS, 3.05 (HKCU\...\Adobe Reader for Palm OS) (Version: - )
Adobe Reader XI (11.0.08) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AFPL Ghostscript 8.54 (HKLM\...\AFPL Ghostscript 8.54) (Version: - )
AFPL Ghostscript Fonts (HKLM\...\AFPL Ghostscript Fonts) (Version: - )
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.162-050803a2-025672C-Dell - )
ATI Systemsteuerung (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5160 - )
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
AXIS Media Control Embedded (HKLM\...\AXIS Media Control Embedded) (Version: - )
Belkin Bluetooth Software (HKLM\...\{3F4EC965-28EF-45C3-B063-04B25D4E9679}) (Version: 5.1.0.1700 - WIDCOMM, Inc.)
BIG-IP Edge Client Components (All Users) (HKLM\...\F5 Networks Client Components) (Version: 70.2013.0426.1915 - F5 Networks, Inc.)
calibre (HKLM\...\{DD649DA2-BBD9-4247-85DD-E04F7C1E8552}) (Version: 1.48.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Check Point VPN-1 SecureClient NGX R60 HFA1 (HKLM\...\{9FCF2FC0-8268-11D4-A313-0006290D766E}) (Version: - )
Cisco AnyConnect VPN Client (HKLM\...\{2A6355EB-273D-4368-9DB6-FB99EBA9FABD}) (Version: 2.4.0202 - Cisco Systems, Inc.)
Citrix Authentication Manager (Version: 5.0.0.60597 - Citrix Systems, Inc.) Hidden
Citrix Receiver (DV) (Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HDX Flash-Umleitung) (Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 14.0.0.91 - Citrix Systems, Inc.)
Citrix Receiver (USB) (Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
Citrix Receiver Inside (Version: 3.4.0.45902 - Citrix Systems, Inc.) Hidden
Citrix Receiver Updater (Version: 4.0.0.45893 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
Citrix Secure Access Client (HKLM\...\Net6 Vpn) (Version: - Citrix Systems)
Citrix Web Client (HKLM\...\Citrix Web Client) (Version: - )
Citrix XenApp Web Plugin (HKLM\...\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}) (Version: 11.0.0.5357 - Citrix Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Content Transfer (HKLM\...\{CFADE4AF-C0CF-4A04-A776-741318F1658F}) (Version: 1.3.0.23190 - Sony Corporation)
Creative Jukebox Driver (HKLM\...\Creative Jukebox Driver) (Version: - )
Creative Removable Disk Manager (HKLM\...\Creative Removable Disk Manager) (Version: - )
Creative Zen Micro (HKLM\...\{D944236D-7992-41D6-8257-930B5832F1CC}) (Version: 1.0 - )
Creative-Systeminformationen (HKLM\...\SysInfo) (Version: - )
Dell CinePlayer (HKLM\...\{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}) (Version: 3.0 - Dell)
Dell Driver Reset Tool (HKLM\...\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}) (Version: 1.02.0000 - Dell Inc.)
Dell Media Experience (HKLM\...\{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}) (Version: 3.1 - Dell)
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Ihr Firmenname)
DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.9.1 - DivX, Inc.)
DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Player (HKLM\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.2.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.)
DivX Plus Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 2.0.0 - DivX,Inc.)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)
DMX Update (HKLM\...\{C41F4616-44B6-4E8D-BFC7-4267862A2CE1}) (Version: - )
Documents To Go (HKLM\...\{EB807EB6-5179-48B7-98D4-7B4934A57A81}) (Version: 7.006.940 - DataViz Inc.)
foobar2000 v1.1.8 (HKLM\...\foobar2000) (Version: 1.1.8 - Peter Pawlowski)
Free YouTube Download version 3.2.19.1219 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.19.1219 - DVDVideoSoft Ltd.)
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version: - )
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
H.264 Decoder (HKLM\...\{A96E97134CA649888820BCDE5E300BBD}) (Version: 1.1.0 - DivX, Inc.)
Hotfix für Windows Internet Explorer 7 (KB947864) (Version: 1 - Microsoft Corporation) Hidden
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo and Imaging 1.2.1 - Scanjet 4500c Series (HKLM\...\{C0FC80E9-8172-4F02-87F5-7642DBFFEAB4}) (Version: 1.2.1.0000 - {&Tahoma8}Hewlett-Packard)
HP Photosmart 5520 series - Grundlegende Software für das Gerät (HKLM\...\{88EFC235-396D-4A12-96AE-48C3451A0F79}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 5520 series Hilfe (HKLM\...\{640A03B3-4E6B-4440-A350-E6A8D6348F12}) (Version: 27.0.0 - Hewlett Packard)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel(R) PRO Network Connections Drivers (HKLM\...\PROSet) (Version: - )
Intel(R) PROSet for Wired Connections (HKLM\...\{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}) (Version: 9.20.0000 - Dell)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Juniper Networks Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 2.0.0.3217 - Juniper Networks)
Juniper Terminal Services Client (HKCU\...\Juniper_Term_Services) (Version: 6.4.0.14343 - Juniper Networks)
Kaspersky Online Scanner (HKLM\...\Kaspersky Online Scanner) (Version: 5.0 - Kaspersky Lab)
KhalInstallWrapper (Version: 4.72.40 - Logitech) Hidden
K-Lite Codec Pack 4.7.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 4.7.0 - )
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.72 - Logitech)
MCU (Version: 1.00.0000 - Dell) Hidden
Medieval CUE Splitter (HKLM\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
MetaFrame Presentation Server Web Client for Win32 (HKLM\...\Citrix ICA Web Client) (Version: - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU (HKLM\...\{C314CE45-3392-3B73-B4E1-139CD41CA933}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU (HKLM\...\{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Visio Professional 2003 (HKLM\...\{90510407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Plus! für Windows XP (HKLM\...\{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}) (Version: 1.00.00.0554 - Microsoft Corporation)
Microsoft redistributable runtime DLLs VS2005 SP1(x86) (HKLM\...\{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}) (Version: 8.0.50727.762 - SAP)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works 7.0 (HKLM\...\{EDDDC607-91D9-4758-9F57-265FDCD8A772}) (Version: 07.02.0702 - Microsoft Corporation)
Mindjet MindManager Viewer 7 (HKLM\...\{C720FA29-E544-4D07-8A25-E83D2311B0DF}) (Version: 7.0.472 - Mindjet LLC)
MKV Splitter (HKLM\...\{AAC389499AEF40428987B3D30CFC76C9}) (Version: 1.0.1 - DivX, Inc.)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mp3tag v2.61a (HKLM\...\Mp3tag) (Version: v2.61a - Florian Heidenreich)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
MSXML4.0 redistributable (HKLM\...\{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}) (Version: 4.0.0.0 - SAP)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
Nero 7 Premium (HKLM\...\{98EFD8F0-08DE-48DB-B922-A2EBAB711031}) (Version: 7.03.1151 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
NWZ-S750 WALKMAN Guide (HKLM\...\{B7B4C7E0-078F-42D6-90B2-001400795416}) (Version: 2.1.0.17210 - Sony Corporation)
Online Plug-in (Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
Palm (HKLM\...\{ADAED43C-BBD9-42C5-8B21-F4FBFA81E3C3}) (Version: 4.1.0420 - Palm, Inc.)
PartitionMagic (Version: 8.00.000 - PowerQuest) Hidden
Pocket Tunes 3.1.8 (HKLM\...\Pocket Tunes) (Version: - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
PowerQuest PartitionMagic 8.0 (HKLM\...\InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}) (Version: 8.00.000 - PowerQuest)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealPlayer (HKLM\...\RealPlayer 12.0) (Version: - RealNetworks)
RealUpgrade 1.0 (Version: 1.0.0 - RealNetworks, Inc.) Hidden
Roxio DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 5.2.0 - Roxio)
Roxio MyDVD LE (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.6 - Roxio)
Roxio RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.4 - Roxio)
Roxio RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.4 - Roxio)
Roxio RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.4 - Roxio)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.1500.0 - SAMSUNG Electronics Co., Ltd.)
SAP Enterprise Central Component 6.0, SR1 German (HKLM\...\SAP Enterprise Central Component 6.0, SR1 German) (Version: - )
SAP GUI 7.10 (HKLM\...\SAPGUI710) (Version: 7.10 Compilation 4 - SAP AG)
Self-Service Plug-in (Version: 4.0.0.40674 - Citrix Systems, Inc.) Hidden
ShareIns (Version: 1.00.0000 - Hewlett-Packard) Hidden
Sicherheitsupdate für Windows Internet Explorer 7 (KB928090) (Version: 20070117.120000 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Internet Explorer 7 (KB929969) (Version: 20061222.120000 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Internet Explorer 7 (KB931768) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Internet Explorer 7 (KB933566) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Internet Explorer 7 (KB937143) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Internet Explorer 7 (KB939653) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Internet Explorer 7 (KB942615) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Internet Explorer 7 (KB944533) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Internet Explorer 7 (KB950759) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Internet Explorer 7 (KB960714) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Internet Explorer 7 (KB963027) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Internet Explorer 7 (KB969897) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Internet Explorer 7 (KB972260) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Internet Explorer 7 (KB974455) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Internet Explorer 7 (KB976325) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Internet Explorer 8 (KB2183461) (HKLM\...\KB2183461-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2360131) (HKLM\...\KB2360131-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2416400) (HKLM\...\KB2416400-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2482017) (HKLM\...\KB2482017-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2497640) (HKLM\...\KB2497640-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531) (HKLM\...\KB2510531-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2530548) (HKLM\...\KB2530548-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2544521) (HKLM\...\KB2544521-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2559049) (HKLM\...\KB2559049-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2586448) (HKLM\...\KB2586448-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2618444) (HKLM\...\KB2618444-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2647516) (HKLM\...\KB2647516-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2675157) (HKLM\...\KB2675157-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2699988) (HKLM\...\KB2699988-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2722913) (HKLM\...\KB2722913-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2744842) (HKLM\...\KB2744842-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2761465) (HKLM\...\KB2761465-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2792100) (HKLM\...\KB2792100-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2797052) (HKLM\...\KB2797052-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2799329) (HKLM\...\KB2799329-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2809289) (HKLM\...\KB2809289-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2817183) (HKLM\...\KB2817183-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2829530) (HKLM\...\KB2829530-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2838727) (HKLM\...\KB2838727-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2846071) (HKLM\...\KB2846071-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2847204) (HKLM\...\KB2847204-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2862772) (HKLM\...\KB2862772-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2870699) (HKLM\...\KB2870699-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2879017) (HKLM\...\KB2879017-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2888505) (HKLM\...\KB2888505-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2898785) (HKLM\...\KB2898785-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2909210) (HKLM\...\KB2909210-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2909921) (HKLM\...\KB2909921-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2925418) (HKLM\...\KB2925418-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2936068) (HKLM\...\KB2936068-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2964358) (HKLM\...\KB2964358-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961) (HKLM\...\KB971961-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB976325) (HKLM\...\KB976325-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB978207) (HKLM\...\KB978207-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB981332) (HKLM\...\KB981332-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB982381) (HKLM\...\KB982381-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player 10 (KB911565) (Version: - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows XP (KB2847311) (HKLM\...\KB2847311) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862152) (HKLM\...\KB2862152) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862330) (HKLM\...\KB2862330) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862335) (HKLM\...\KB2862335) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2864063) (HKLM\...\KB2864063) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2868038) (HKLM\...\KB2868038) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2868626) (HKLM\...\KB2868626) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876217) (HKLM\...\KB2876217) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876315) (HKLM\...\KB2876315) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876331) (HKLM\...\KB2876331) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2883150) (HKLM\...\KB2883150) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2892075) (HKLM\...\KB2892075) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2893294) (HKLM\...\KB2893294) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2893984) (HKLM\...\KB2893984) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2898715) (HKLM\...\KB2898715) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2900986) (HKLM\...\KB2900986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2914368) (HKLM\...\KB2914368) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2916036) (HKLM\...\KB2916036) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2922229) (HKLM\...\KB2922229) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2929961) (HKLM\...\KB2929961) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2930275) (HKLM\...\KB2930275) (Version: 1 - Microsoft Corporation)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.3.11079 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Snagit 9.1.3 (HKLM\...\{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}) (Version: 9.1.3.16 - TechSmith Corporation)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
Switch Sound File Converter (HKLM\...\Switch) (Version: - NCH Software)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
TomTom HOME (HKLM\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
tools-windows (Version: 8.1.4.11056 - VMware, Inc.) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update für Windows Internet Explorer 7 (KB976749) (Version: 1 - Microsoft Corporation) Hidden
Update für Windows Internet Explorer 8 (KB975364) (HKLM\...\KB975364-IE8) (Version: 1 - Microsoft Corporation)
Update für Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update für Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
vcredist_x86 (HKLM\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 1.0.0 - SAP)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VMware Player (HKLM\...\VMware_Player) (Version: 3.0.1.11056 - VMware, Inc)
VMware Player (Version: 3.0.1.11056 - VMware, Inc.) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20061107.210142 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
WinRAR 5.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinZip (HKLM\...\WinZip) (Version: 8.1 SR-1 (5266g) - WinZip Computing, Inc.)
WM Recorder (HKLM\...\WM Recorder14.10.1) (Version: 14.10.1 - AllAlex, Inc)
xp-AntiSpy 3.96-6 (HKLM\...\xp-AntiSpy) (Version: - Christian Taubenheim)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{0BBFE402-CCA1-4f64-9322-13B66D841049}\InprocServer32 -> C:\Dokumente und Einstellungen\Gerhard\Lokale Einstellungen\Anwendungsdaten\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSWord.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{12630C47-7373-4463-8C38-EF1F45D08BB8}\InprocServer32 -> C:\Programme\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{149EE4A0-EE69-11D2-AC32-006008E3F0A2}\InprocServer32 -> C:\Programme\Palm\ComConduit.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{149EE4A0-EE69-11D2-AC32-006008E3F0A2}\localserver32 -> C:\Programme\Palm\ComConduit.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{149EE4A1-EE69-11D2-AC32-006008E3F0A2}\InprocServer32 -> C:\Programme\Palm\ComConduit.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{149EE4A1-EE69-11D2-AC32-006008E3F0A2}\localserver32 -> C:\Programme\Palm\ComConduit.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{164A4365-064D-494D-92C8-9303A5080157}\InprocServer32 -> C:\Programme\Palm\SgCalendar.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{188047CE-0F0A-11D7-8331-00C04FA03755}\localserver32 -> C:\Programme\Palm\QuickInstall.exe (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{1C43DF3D-E1C6-473E-9627-D7638EF63690}\InprocServer32 -> C:\Programme\Palm\DmConduit.dll (PalmSource Inc)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{1D67C047-F016-11D6-831E-00C04FA03755}\InprocServer32 -> C:\Programme\Palm\PictPreview.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{1FFD7892-06E4-4A0A-941E-BC966900C883}\InprocServer32 -> C:\Programme\Palm\PhotoDesktop\Media.ocx (Palm, Inc. developed by ArcSoft, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{209DAEB8-0F02-11D7-8331-00C04FA03755}\localserver32 -> C:\Programme\Palm\QuickInstall.exe (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{25D005BF-FE63-4cce-AA25-CE952B1D9381}\InprocServer32 -> C:\Dokumente und Einstellungen\Gerhard\Lokale Einstellungen\Anwendungsdaten\TechSmith\SnagIt\Accessories\{638B203F-8FB6-49ec-A139-AB8C530F0CAB}\MSPowerPoint.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{28B8F788-271C-4618-9F55-4B1B40E6DF16}\InprocServer32 -> C:\Programme\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{28DC33AE-D0A8-40A7-A9EA-5F6598207496}\InprocServer32 -> C:\Programme\Palm\ComDirect.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{2CE29E35-35AA-455F-894F-F70BE74DB639}\InprocServer32 -> C:\Programme\Palm\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{2E0C66AC-5A87-4AFF-AC9F-93B33D43E4ED}\InprocServer32 -> C:\Programme\Palm\SgDateAlarm.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{3193996D-1AC8-11D4-80CC-00C04FA03755}\InprocServer32 -> C:\Programme\Palm\AlarmSvr.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{3597288E-FF31-49C2-A58A-EA88F3CEDD42}\InprocServer32 -> C:\Programme\Palm\SgCalendar.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{3B33746E-C60D-4213-9438-B36424338150}\InprocServer32 -> C:\Programme\Palm\ComDirect.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{3B52D512-935F-11D6-82D4-00C04FA03755}\InprocServer32 -> C:\Programme\Palm\PRouter.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{3CF39B9A-0CF8-4792-A918-67573260BDBE}\InprocServer32 -> C:\Programme\Palm\PhotoDesktop\Media.ocx (Palm, Inc. developed by ArcSoft, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{4054F903-7C40-43D0-8ACE-3F5D73A9890C}\InprocServer32 -> C:\Programme\Palm\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{43F73EA1-92AE-11D6-82D3-00C04FA03755}\InprocServer32 -> C:\Programme\Palm\PRouter.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{496038FA-3891-4827-AFCD-A7B13B9FF75A}\InprocServer32 -> C:\Programme\Palm\PhotoDesktop\PhotosPlugIn.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Programme\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{49EB4C90-AE3D-4846-A719-F775FFEE600A}\InprocServer32 -> C:\Programme\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{54050FBB-F2AE-404b-8BFD-7EE3EC784A52}\InprocServer32 -> C:\Dokumente und Einstellungen\Gerhard\Lokale Einstellungen\Anwendungsdaten\TechSmith\SnagIt\Accessories\{18AA4E21-D540-4a3a-9F9F-E6DE33D6F253}\MSExcel.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{57B98049-D96F-471B-942B-6B05CB2CFE0A}\InprocServer32 -> C:\Programme\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{5AA15E20-EE68-11D2-AC32-006008E3F0A2}\InprocServer32 -> C:\Programme\Palm\ComConduit.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{61B7A221-D11F-4702-B5C0-79C492A726B9}\InprocServer32 -> C:\Programme\Palm\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{6357BCA7-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Programme\Palm\DefaultPlugin.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{6357BCB6-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Programme\Palm\PqiIcon.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{6357BCB9-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Programme\Palm\PqiIcon.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{6357BCBC-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Programme\Palm\PqiIcon.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{6357BCBE-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Programme\Palm\PqiIcon.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{6600B26A-CCCE-4EF9-870E-DAB97E489CDF}\InprocServer32 -> C:\Programme\Palm\SgDateAlarm.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{660AF3D0-0EC6-4285-8447-B286B724687B}\InprocServer32 -> C:\Programme\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{6B1948B3-9547-42F8-9B37-7AA9768134C4}\InprocServer32 -> C:\Dokumente und Einstellungen\Gerhard\Lokale Einstellungen\Anwendungsdaten\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSWord.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{72440244-25C1-11D4-80D7-00C04FA03755}\localserver32 -> C:\Programme\Palm\AlarmApp.exe (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{7433EB64-25C1-11D4-80D7-00C04FA03755}\localserver32 -> C:\Programme\Palm\AlarmApp.exe (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{74A3F9EA-25C1-11D4-80D7-00C04FA03755}\localserver32 -> C:\Programme\Palm\AlarmApp.exe (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{75C8163F-59DF-4C9D-BC00-D0419B2CED5B}\InprocServer32 -> C:\Programme\Palm\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{763F9014-A89C-11D6-82E7-00C04FA03755}\localserver32 -> C:\Programme\Palm\QuickInstall.exe (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{7686FC59-EA6F-11D5-823E-00C04FA03755}\InprocServer32 -> C:\Programme\Palm\InstServ.dll (Palm, Inc)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{78547CB6-2D08-47F4-A1EB-AF576A33E433}\InprocServer32 -> C:\Programme\Palm\SgContacts.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{7D11ED93-A77D-41FA-8EA5-5B39BC29E7F9}\InprocServer32 -> C:\Programme\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{7DEBC7E0-FA1F-11D2-AC32-006008E3F0A2}\InprocServer32 -> C:\Programme\Palm\ComDirect.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{7DEBC7E4-FA1F-11D2-AC32-006008E3F0A2}\InprocServer32 -> C:\Programme\Palm\ComDirect.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{7DEBC7E6-FA1F-11D2-AC32-006008E3F0A2}\InprocServer32 -> C:\Programme\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{7DEBC7E7-FA1F-11D2-AC32-006008E3F0A2}\InprocServer32 -> C:\Programme\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{7DEBC7E9-FA1F-11D2-AC32-006008E3F0A2}\InprocServer32 -> C:\Programme\Palm\ComDirect.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{80C297AB-A0CB-4CE4-A5F1-36EB810BE047}\InprocServer32 -> C:\Programme\Palm\ComDirect.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{831B49E8-91A6-11D5-820F-00C04FA03755}\InprocServer32 -> C:\Programme\Palm\ExpenseExt.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{831B49E9-91A6-11D5-820F-00C04FA03755}\InprocServer32 -> C:\Programme\Palm\ExpenseExt.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{868C6D64-8B98-11D5-8209-00C04FA03755}\InprocServer32 -> C:\Programme\Palm\NotePadExt.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{868C6D65-8B98-11D5-8209-00C04FA03755}\InprocServer32 -> C:\Programme\Palm\NotePadExt.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{87001487-8B8A-4C40-BFEF-036F5BD5BAA3}\InprocServer32 -> C:\Programme\Palm\PhotoDesktop\PhotosPlugIn.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{8DEBF92B-1EC4-11D4-80D0-00C04FA03755}\localserver32 -> C:\Programme\Palm\AlarmApp.exe (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{92DA540D-FCC0-442C-8F82-7F6C1DBD66C8}\InprocServer32 -> C:\Programme\Palm\SgMemos.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Programme\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{A0C20550-9476-407C-BFB0-3C84C2639AE6}\InprocServer32 -> C:\Programme\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{A13FAF1A-6069-40A4-AD5F-110EFA282490}\InprocServer32 -> C:\Programme\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{A4C43001-108F-48E8-B2FF-F174977EDF03}\InprocServer32 -> C:\Programme\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{A50DA40C-59F7-40A6-B2D1-748493584E9C}\InprocServer32 -> C:\Programme\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{A545EB9B-B12D-4BA6-8110-1D61A3566A93}\InprocServer32 -> C:\Programme\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{A61F01A5-CD25-4780-A3B9-041172CD6450}\InprocServer32 -> C:\Programme\Palm\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{AB40E4E0-0F0C-11D7-8331-00C04FA03755}\localserver32 -> C:\Programme\Palm\QuickInstall.exe (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{AD74B184-E73A-4565-A38C-1329A29C7260}\InprocServer32 -> C:\Programme\Palm\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{AF04C884-2C5F-430F-97ED-6E127F47046C}\InprocServer32 -> C:\Programme\Palm\DmConduit.dll (PalmSource Inc)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{AF478991-F6B0-40E8-856B-E80BE0677AFC}\InprocServer32 -> C:\Programme\Palm\SgTasks.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{B2565128-0F22-11D7-8331-00C04FA03755}\InprocServer32 -> C:\Programme\Palm\PRouter.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{B2F7AF3C-0CA7-4EAE-BBBF-A748FBC500DD}\InprocServer32 -> C:\Programme\Palm\SgMemos.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{B416D295-53BA-4E16-8D54-B80281643A8A}\InprocServer32 -> C:\Programme\Palm\ComDirect.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{B53B7736-61FA-4EF3-8989-B83C80979D89}\InprocServer32 -> C:\Programme\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{B9BF9DA9-1746-4C14-B53C-1826F81EAE0B}\InprocServer32 -> C:\Programme\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{BD73860F-5142-44C9-B7C4-26CD2AB55477}\InprocServer32 -> C:\Programme\Palm\ComDirect.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{BE1B5231-A3E2-11D6-82E3-00C04FA03755}\localserver32 -> C:\Programme\Palm\QuickInstall.exe (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{BE1B5233-A3E2-11D6-82E3-00C04FA03755}\InprocServer32 -> C:\Programme\Palm\PRouter.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{BE1B5235-A3E2-11D6-82E3-00C04FA03755}\InprocServer32 -> C:\Programme\Palm\PRouter.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{BE44897A-EB38-11D5-823F-00C04FA03755}\InprocServer32 -> C:\Programme\Palm\RegServ.dll ()
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{C0010C26-F44B-4BE2-9D65-04D3934C5E46}\InprocServer32 -> C:\Programme\Palm\SgTasks.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{C11BCF07-4F91-4748-956E-2B4FFC9401C5}\InprocServer32 -> C:\Programme\Palm\SgContacts.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{C2775C61-2C1C-4D50-A5E6-4814620116CD}\InprocServer32 -> C:\Programme\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{C3DB9DF7-64EC-46EC-86C4-27668ABA9777}\InprocServer32 -> C:\Programme\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{D75FA101-6942-47DF-88DF-353F30D35682}\InprocServer32 -> C:\Programme\Palm\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{D79AC66C-BDB2-4028-B79A-F1465F8FBB56}\InprocServer32 -> C:\Programme\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{DCDA65F9-134B-4333-BCA0-809306CB2F55}\InprocServer32 -> C:\Programme\Palm\DmConduit.dll (PalmSource Inc)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{DD7731C5-1E16-4087-A57F-FEDCFBD8EB2B}\InprocServer32 -> C:\Programme\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{DEF0B543-775C-4963-A116-DF304EE2C4DA}\InprocServer32 -> C:\Programme\Palm\DmConduit.dll (PalmSource Inc)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{DFD4C164-AE18-11D6-82EC-00C04FA03755}\localserver32 -> C:\Programme\Palm\QuickInstall.exe (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{E5A0FEE6-087B-4E48-BE06-5E1A1EF5E116}\InprocServer32 -> C:\Programme\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{E851CFC8-5724-406D-9B36-11A44E72EA11}\InprocServer32 -> C:\Programme\Palm\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{EACEB807-2AB5-11D4-88DE-00C0F05ABB4B}\localserver32 -> C:\Programme\Palm\AlarmApp.exe (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{EE469827-4ED9-443B-9FB0-EFA81FEA6646}\InprocServer32 -> C:\Programme\Palm\Components\DelDups.dll ( Palm, Inc)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{F0905939-16C0-4D2E-8F4F-73A4BEDEBE73}\InprocServer32 -> C:\Programme\Palm\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{F1523FBD-0E09-4E8F-A952-B053B118FAAE}\InprocServer32 -> C:\Programme\Palm\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-2999297034-267916414-2314848737-1005_Classes\CLSID\{F21AC7C7-D6F5-11D6-8306-00C04FA03755}\InprocServer32 -> C:\Programme\Palm\PRouter.dll (Palm, Inc.)
==================== Restore Points =========================
28-07-2014 06:53:53 Systemprüfpunkt
29-07-2014 17:06:35 Systemprüfpunkt
30-07-2014 17:29:22 Systemprüfpunkt
01-08-2014 06:10:56 Systemprüfpunkt
03-08-2014 08:04:48 Systemprüfpunkt
03-08-2014 09:43:41 Installed calibre
03-08-2014 09:45:15 Removed calibre
04-08-2014 09:54:22 Systemprüfpunkt
07-08-2014 07:33:39 Systemprüfpunkt
08-08-2014 08:00:18 Systemprüfpunkt
09-08-2014 09:59:24 Installed calibre
09-08-2014 10:01:07 Removed calibre
11-08-2014 06:33:50 Systemprüfpunkt
11-08-2014 10:14:20 Java 7 Update 60 wird entfernt
11-08-2014 10:15:04 Java 7 Update 67 wird installiert
12-08-2014 18:06:31 Systemprüfpunkt
13-08-2014 16:27:51 Software Distribution Service 3.0
18-08-2014 11:22:34 HP Update wurde entfernt.
18-08-2014 11:22:50 HP Update wurde installiert.
19-08-2014 18:38:55 Wiederherstellungsvorgang
19-08-2014 18:44:13 Wiederherstellungsvorgang
19-08-2014 18:49:29 Wiederherstellungsvorgang
19-08-2014 22:54:43 Wiederherstellungsvorgang
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2004-08-13 14:40 - 2014-08-13 19:55 - 00454443 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com
127.0.0.1 171203.com
127.0.0.1 17-plus.com
127.0.0.1 www.1800searchonline.com
127.0.0.1 1800searchonline.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Programme\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Programme\Alwil Software\Avast5\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Benachrichtigung – Anmeldung.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Programme\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Programme\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2999297034-267916414-2314848737-1005.job => C:\Programme\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2999297034-267916414-2314848737-1005.job => C:\Programme\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Programme\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Programme\Spybot - Search & Destroy 2\SDScan.exe
==================== Loaded Modules (whitelisted) =============
2010-02-07 11:54 - 2014-07-04 19:59 - 00301152 _____ () C:\Programme\Alwil Software\Avast5\aswProperty.dll
2014-08-19 20:45 - 2014-08-19 20:45 - 02799616 _____ () C:\Programme\Alwil Software\Avast5\defs\14081900\algo.dll
2009-10-30 12:57 - 2008-02-25 23:23 - 00116224 _____ () C:\WINDOWS\system32\redmonnt.dll
2014-05-02 19:37 - 2014-04-25 14:11 - 00109400 _____ () C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-05-02 19:37 - 2014-04-25 14:11 - 00416600 _____ () C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl
2014-05-02 19:37 - 2014-04-25 14:11 - 00167768 _____ () C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-05-02 19:37 - 2012-08-23 10:38 - 00574840 _____ () C:\Programme\Spybot - Search & Destroy 2\sqlite3.dll
2014-05-02 19:37 - 2012-04-03 17:06 - 00565640 _____ () C:\Programme\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2010-01-22 22:57 - 2010-01-22 22:57 - 00970288 _____ () C:\Programme\VMware\VMware Player\libxml2.dll
2010-01-22 22:56 - 2010-01-22 22:56 - 00068656 _____ () C:\Programme\VMware\VMware Player\zlib1.dll
2002-04-17 10:49 - 2002-04-17 10:49 - 00024576 _____ () C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
2002-04-17 10:49 - 2002-04-17 10:49 - 00077824 _____ () C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
2013-10-25 08:14 - 2014-07-04 19:59 - 19329904 _____ () C:\Programme\Alwil Software\Avast5\libcef.dll
2006-06-07 18:07 - 2006-06-07 18:07 - 00053248 _____ () C:\Programme\Belkin\Bluetooth Software\btkeyind.dll
2004-06-09 14:27 - 2004-06-09 14:27 - 00233472 _____ () C:\Programme\Palm\HSLANG.DLL
2007-04-19 13:53 - 2009-08-05 10:45 - 00106312 _____ () C:\Programme\Microsoft Office\OFFICE11\OUTLCTL.DLL
2014-07-22 18:58 - 2014-07-22 18:58 - 03800688 _____ () C:\Programme\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WdfLoadGroup => ""=""
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: ConnectionCenter => "C:\Programme\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: MSKDetectorExe => C:\Programme\McAfee\SpamKiller\MSKDetct.exe /uninstall
MSCONFIG\startupreg: NWEReboot =>
MSCONFIG\startupreg: QuickTime Task => "C:\Programme\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: Redirector => "C:\Programme\Citrix\ICA Client\redirector.exe" /startup
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/19/2014 09:28:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\GERHARD\DESKTOP\FRST.EXE> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (08/19/2014 09:28:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\GERHARD\DESKTOP\FRST.EXE> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (08/19/2014 08:52:15 PM) (Source: Windows Search Service) (EventID: 3024) (User: )
Description: Die Aktualisierung kann nicht gestartet werden, da kein Zugriff auf die Inhaltsquellen bestand. Beheben Sie die Fehler, und starten Sie die Aktualisierung erneut.
Kontext: Windows Anwendung, SystemIndex Katalog
Error: (08/19/2014 08:43:59 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Der Inhaltsindex kann nicht gelesen werden. (0xc0041800)
Error: (08/19/2014 08:43:59 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindex kann nicht gelesen werden. (0xc0041800)
Error: (08/19/2014 08:43:59 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindex kann nicht gelesen werden. (0xc0041800)
Error: (08/19/2014 08:43:59 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Der Suchdienst hat beschädigte Datendateien im Index erkannt. Der Dienst versucht, dieses Problem durch Neuerstellung des Index automatisch zu beheben.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
0xc0041801 (0xc0041801)
Error: (08/18/2014 04:18:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <J:\DOKUMENTE UND EINSTELLUNGEN\GERHARD\EIGENE DATEIEN\CALIBRE-BIBLIOTHEK\METADATA.DB-JOURNAL> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (08/18/2014 04:18:38 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <J:\DOKUMENTE UND EINSTELLUNGEN\GERHARD\EIGENE DATEIEN\CALIBRE-BIBLIOTHEK\METADATA.DB-JOURNAL> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (08/11/2014 07:51:44 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <J:\DOKUMENTE UND EINSTELLUNGEN\GERHARD\EIGENE DATEIEN\CALIBRE-BIBLIOTHEK\METADATA.DB-JOURNAL> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
System errors:
=============
Error: (08/20/2014 06:36:20 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Lbd
SABKUTIL
Error: (08/20/2014 06:36:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (08/20/2014 06:36:18 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D 2 Security Center Service.
Error: (08/20/2014 02:07:46 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Lbd
SABKUTIL
Error: (08/20/2014 02:07:42 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst vpnagent.
Error: (08/20/2014 02:07:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (08/20/2014 02:07:41 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D 2 Security Center Service.
Error: (08/20/2014 02:07:41 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst vpnagent.
Error: (08/20/2014 01:38:17 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Lbd
SABKUTIL
Error: (08/20/2014 01:38:01 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst vpnagent.
Microsoft Office Sessions:
=========================
Error: (08/19/2014 09:28:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\DOKUMENTE UND EINSTELLUNGEN\GERHARD\DESKTOP\FRST.EXE
Error: (08/19/2014 09:28:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\DOKUMENTE UND EINSTELLUNGEN\GERHARD\DESKTOP\FRST.EXE
Error: (08/19/2014 08:52:15 PM) (Source: Windows Search Service) (EventID: 3024) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Error: (08/19/2014 08:43:59 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung
Details:
Der Inhaltsindex kann nicht gelesen werden. (0xc0041800)
Error: (08/19/2014 08:43:59 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindex kann nicht gelesen werden. (0xc0041800)
Error: (08/19/2014 08:43:59 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindex kann nicht gelesen werden. (0xc0041800)
Search.TripoliIndexer
Error: (08/19/2014 08:43:59 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
0xc0041801 (0xc0041801)
Error: (08/18/2014 04:18:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
J:\DOKUMENTE UND EINSTELLUNGEN\GERHARD\EIGENE DATEIEN\CALIBRE-BIBLIOTHEK\METADATA.DB-JOURNAL
Error: (08/18/2014 04:18:38 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
J:\DOKUMENTE UND EINSTELLUNGEN\GERHARD\EIGENE DATEIEN\CALIBRE-BIBLIOTHEK\METADATA.DB-JOURNAL
Error: (08/11/2014 07:51:44 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
J:\DOKUMENTE UND EINSTELLUNGEN\GERHARD\EIGENE DATEIEN\CALIBRE-BIBLIOTHEK\METADATA.DB-JOURNAL
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz
Percentage of memory in use: 44%
Total physical RAM: 2046.07 MB
Available physical RAM: 1137.53 MB
Total Pagefile: 3938.7 MB
Available Pagefile: 3136.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1937.18 MB
==================== Drives ================================
Drive c: (Lokaler Datenträger) (Fixed) (Total:48.83 GB) (Free:6.39 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive j: (DELL) (Fixed) (Total:91.92 GB) (Free:4.2 GB) NTFS
Drive k: (DELL Musik) (Fixed) (Total:89.02 GB) (Free:5.25 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.8 GB) (Disk ID: 23F12D67)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)
Partition 4: (Not Active) - (Size=180.9 GB) - (Type=OF Extended)
==================== End Of Log ============================
--- --- --- Liebe Grüße |
|
20.08.2014, 11:08
| #8 | |
| Ruhe in Frieden † 2019 | Windows XP Avast: Win32:Evo-gen [Susp] Hallo, ja das ist auch eine sehr allgemeine Vermutung von Avast, dass in der Datei was bösartiges stecken könnte. Hat der Adwarecleaner etwas gefunden? Du hast zwei Antivirenprogramme auf deinem Rechner aktiv. Da kann die Performance des Rechners und auch die Funktionalität der AVs drunter leiden, bitte deinstalliere eins davon. Zitat:
Woran machst du deine Vermutung fest, dass dein System infiziert sein könnte? Kannst du mir bezüglich der Systemwiederherstellung die genaue Fehlermeldung posten? Hast du das Antivirenprogramm währenddessen abgeschaltet, probiere es mal mit ausgeschalteten Antivirenprogramm. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} hxxp://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.ca
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} hxxp://downloads.ewido.net/ewidoOnlineScan.cab
AlternateDataStreams: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
|
|
20.08.2014, 23:02
| #9 |
| | Windows XP Avast: Win32:Evo-gen [Susp] Hallo Sandra, 1. Adwarecleaner hat ein paar Kleinigkeiten entdeckt, ich kann aber leider das Logfile nicht finden... 2. Ich habe auch in der FRST Addition.txt gesehen, dass es McAfee auf meinem Computer gibt. Ich kann dieses Programm aber im Taskmanager nicht finden und auch nicht unter Systemsteuerung/Software. Somit kann ich das leider nicht löschen... 3. Die Datei 5leezu75.exe ist mir bekannt. Das ist GMER, so wie ich es von Eurer Seite unter Punkt 3 (Dateiname zufällig) heruntergeladen habe. 4. Es ist nur so ein "Bauchgefühl", da Avast immer wieder Viren gemeldet hat, die anscheinend manchmal von Sekundärseiten (also Seiten, die sich im Hintergrund automatisch öffnen) gekommen sind. Ich wollte halt mal auf Nummer sicher gehen und von einem Profi (gibt es keine weibliche Version oder?) meinen PC begutachten lassen. 5. Systemwiederherstellung: Ich wähle ein Datum mit einem "Systemprüfpunkt" aus. Dann kommt eine Hinweismeldung "Die Änderungen, die an (den) Datenträger(n) O: L: L:\ L:\ L:\ vorgenommen wurden, können nicht rückgängig gemacht werden, weil der Datenträger von der Systemwiederherstellungsüberwachung ausgeschlossen, ausgeschaltet oder entfernt wurde. Klicken Sie auf "Weiter" um den Computer auf diesen Zeitpunkt wieder herzustellen". Danach kommt ein Balken mit "Daten werden wiederhergestellt...". Nach dem neuerlichen Hochfahren und Anmelden kommt ein Popup von der Systemwiederherstellung "Der Computer kann nicht wie folgt wiederhergestellt werden: Freitag, 01.August 2014, Systemprüfpunkt. Es wurden keine Änderungen am Computer durchgeführt." Ganz egal welches des verfügbaren Daten ich auch wähle, es kommt immer diese Meldung. Jetzt habe ich auch ein bisschen Bauchweh, wenn ich unter Deiner Anleitung hier verschiedene Dinge durchführe, denn ich habe keine Möglichkeit das rückgängig zu machen! 5. Fixlog.txt Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:19-08-2014
Ran by GB63 at 2014-08-20 23:48:10 Run:1
Running from C:\Dokumente und Einstellungen\GB63\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} hxxp://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.ca
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} hxxp://downloads.ewido.net/ewidoOnlineScan.cab
AlternateDataStreams: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
*****************
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}" => Key deleted successfully.
"HKCR\CLSID\{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{193C772A-87BE-4B19-A7BB-445B226FE9A1}" => Key deleted successfully.
"HKCR\CLSID\{193C772A-87BE-4B19-A7BB-445B226FE9A1}" => Key not found.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP => ":DFC5A2B2" ADS removed successfully.
==== End of Fixlog ====
|
|
20.08.2014, 23:14
| #11 |
| | Windows XP Avast: Win32:Evo-gen [Susp] Nein, mache ich sofort... Nein leider nicht, aber jetzt! Der Balken "Daten werden wiederhergestellt..." war jetzt viel schneller bei 100%. Aber noch der neuerlichen Anmeldung kam wieder das Fenster wie oben beschrieben... :-( |
|
21.08.2014, 23:26
| #12 |
| Ruhe in Frieden † 2019 | Windows XP Avast: Win32:Evo-gen [Susp] Hallo, bitte schaue einmal in der Ereignisanzeige von XP nach, ob du dort weitere Informationen darüber findet: Schritt 1 Klicke auf den Windowsstartbutton -->Systemsteuerung -->Verwaltung -->Ereignisanzeige dort hast du mehrere Unterpunkte, klicke diese durch und gucke dann auf der rechten Seite nach, ob du Einträge findest die die Systemwiederherstellung betreffen, poste mir die Meldungen |
|
22.08.2014, 06:48
| #13 |
| | Windows XP Avast: Win32:Evo-gen [Susp] Hallo, in der Rubrik "Anwendung" habe ich zum Zeitpunkt meines Wiederaufsetzens folgendes gefunden: Type Fehler, Quelle Windows Search Service, Kategorie Gatherer, Ereignis 3013 Code:
ATTFilter Eintrag <J:\DOKUMENTE UND EINSTELLUNGEN\GB63\EIGENE DATEIEN\CALIBRE-BIBLIOTHEK\METADATA.DB-JOURNAL> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Weitere Informationen über die Hilfe- und Supportdienste erhalten Sie unter hxxp://go.microsoft.com/fwlink/events.asp.
Typ Fehler, Quelle Service Control Manager, Ereignis 7011, 7009, 7000, 7026 Code:
ATTFilter Betreffend Ereignis 7011:
Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst vpnagent.
Weitere Informationen über die Hilfe- und Supportdienste erhalten Sie unter hxxp://go.microsoft.com/fwlink/events.asp.
Betreffend Ereignis 7009:
Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D 2 Security Center Service.
Weitere Informationen über die Hilfe- und Supportdienste erhalten Sie unter hxxp://go.microsoft.com/fwlink/events.asp.
Betreffend Ereignis 7000:
Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Weitere Informationen über die Hilfe- und Supportdienste erhalten Sie unter hxxp://go.microsoft.com/fwlink/events.asp.
Betreffend Ereignis 7026:
Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Lbd
SABKUTIL
Weitere Informationen über die Hilfe- und Supportdienste erhalten Sie unter hxxp://go.microsoft.com/fwlink/events.asp.
Ach ja - einmal habe ich unter "Anwendung" auch das gefunden: Code:
ATTFilter Die Aktualisierung kann nicht gestartet werden, da kein Zugriff auf die Inhaltsquellen bestand. Beheben Sie die Fehler, und starten Sie die Aktualisierung erneut.
Kontext: Windows Anwendung, SystemIndex Katalog
Weitere Informationen über die Hilfe- und Supportdienste erhalten Sie unter hxxp://go.microsoft.com/fwlink/events.asp.
Ich denke das alles hilft da auch nicht weiter - oder? :-(( |
|
22.08.2014, 12:24
| #14 |
| Ruhe in Frieden † 2019 | Windows XP Avast: Win32:Evo-gen [Susp] Naja, wir machen hier grad Ausschlussdiagnostik, das hilft schon weiter. Ich denke nicht, dass das ein Problem ist, was von Malware kommt. Probiere bitte im abgesicherten Modus ob du dort eine Systemwiederherstellung machen kannst. Wir können so feststellen, ob vll ein Treiberkonflikt oder Probleme mit Programmen auf dem Rechner vorliegen, die die Ausführung der Wiederherstellung verhindern. Folge dazu dieser Anleitung |
|
24.08.2014, 10:57
| #15 |
| | Windows XP Avast: Win32:Evo-gen [Susp] Hallo Sandra, ich habe jetzt mal die Systemwiederherstellung im abgesicherten Modus probiert, genauso wie in dem Hinweis beschrieben. Es hat diesmal sehr lange gedauert, bis der Balken auf 100% war, beim neuerlichen Anmelden kam allerdings wieder genau die selbe Meldung wie am 21.08. unter Punkt 5 beschrieben.... :-( So wie es aussieht, habe ich also keine Möglichkeit meinen PC auf einen früheren Stand wiederaufzusetzen.... LG |
|
![Windows XP Avast: Win32:Evo-gen [Susp]](iconimages/log-analyse-auswertung/windows-xp-avast-win32-evo-gen-susp_ltr.gif)
Linear-Darstellung
