Rechnung.zip von Medimops
da ich tatsächlich eine Rechnung von Medimops erwarte, habe ich im Stress einen Mailanhang Rechnung.zip (85 KB) geöffnet
Inhalt: Rechnung.scr
Antivir prüfen lassen: kein Befund
Onlinescanner von jotti.org und virustotal.com die Datei prüfen lassen: kein Schädling
nach späterem Neustart nun nur noch Probleme, z.B.: Firewall spinnt (will Windows Explorer sperren)
Zugriff auf Online-Virenscanner werden alle geblockt
Antivir wird geblockt
OTL Logfiles: Zitat:
OTL Extras logfile created on: 17.06.2013 22:11:32 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Meine Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,03 Gb Available Physical Memory | 51,52% Memory free
2,55 Gb Paging File | 1,68 Gb Available in Paging File | 65,85% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 24,14 Gb Total Space | 1,61 Gb Free Space | 6,68% Space Free | Partition Type: NTFS
Drive D: | 13,13 Gb Total Space | 8,64 Gb Free Space | 65,79% Space Free | Partition Type: NTFS
Computer Name: SCHL-AE9C6D3F42 | User Name: Urfin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-606747145-1580436667-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Programme\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation.)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqste08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP Software Update\hpwucli.exe" = C:\Programme\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Programme\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\AGFEO\Tk-Suite-Basic\tkserver\tkmedia.exe" = C:\Programme\AGFEO\Tk-Suite-Basic\tkserver\tkmedia.exe:*:Enabled:TK-Suite Media Transport -- (AGFEO)
"C:\Programme\AGFEO\Tk-Suite-Basic\tkserver\tksock.exe" = C:\Programme\AGFEO\Tk-Suite-Basic\tkserver\tksock.exe:*:Enabled:TK-Suite Server -- (AGFEO)
"C:\Programme\AGFEO\Tk-Suite-Basic\tools\ctimon.exe" = C:\Programme\AGFEO\Tk-Suite-Basic\tools\ctimon.exe:*:Enabled:TK-Suite Client -- (AGFEO)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!Box Firmware-Update -- (AVM Berlin)
"C:\Programme\In dir das Leben finden\unins000.exe" = C:\Programme\In dir das Leben finden\unins000.exe:*:Enabled:Uninstall -- (Jordan Russell)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\VideoLAN\VLC\vlc.exe" = C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqste08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP Software Update\hpwucli.exe" = C:\Programme\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Programme\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"E:\fsetup.exe" = E:\fsetup.exe:*:Enabled:AVM FSetup Application
"C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper
"C:\Programme\FRITZ!DSL\igdctrl.exe" = C:\Programme\FRITZ!DSL\igdctrl.exe:*:Enabled:igdctrl.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\StCenter.exe" = C:\Programme\FRITZ!DSL\StCenter.exe:*:Enabled:StCenter.exe -- (AVM Berlin)
"C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Programme\FRITZ!DSL\FritzDsl.exe" = C:\Programme\FRITZ!DSL\FritzDsl.exe:*:Enabled:FritzDsl.exe -- (AVM Berlin)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4900_series" = Canon iP4900 series Printer Driver
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.3
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EC62F67-DDFA-434C-9610-1FDF71B8F1D4}" = BPDSoftware_Ini
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5230AAA6-C417-47CA-8028-EF8133B984A6}" = 6000E609a
"{5A065EA0-0EEC-4E94-A2A0-40812576C122}" = Ulead PhotoImpact 10 SE
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{71CEED82-6D60-4DB7-A351-3564A87F7C96}" = 6000E609_eDocs
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7791308C-85FB-43B9-93F2-7DE9CB7D5C4A}" = HP Officejet 6000 E609 Series
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 Test
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90300407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91130407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B093990A-AAF2-44AC-9216-14BB7A2189B6}" = ImageMixer VCD2 LE for FinePix
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 6.3
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{C809442E-31F0-418C-A929-74453B741A7B}" = ProductContext
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE7EB3D-FBD9-4c74-8156-082D055C0354}" = BPDSoftware
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F4BD608A-8296-43DA-A400-1E8432AB1304}" = 6000E609_Help
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FCA0326D-5C80-4979-8CC5-E56FBF524A81}" = SellersBestFriends
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AGFEO TK-Suite Basic" = AGFEO TK-Suite Basic
"ALDI NORD Bestellsoftware" = ALDI NORD Bestellsoftware 4.11.0
"Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice 2.7
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVM ISDN CAPI Port" = AVM ISDN CAPI Port
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Canon iP4900 series Benutzerregistrierung" = Canon iP4900 series Benutzerregistrierung
"Canon iP4900 series On-screen Manual" = Canon iP4900 series On-screen Manual
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"EPSON Photo Print" = EPSON Photo Print
"FreePDF_XP" = FreePDF (Remove only)
"FRITZ! 2.0" = AVM FRITZ!
"GIF Animator" = Microsoft GIF Animator
"GPL Ghostscript 8.60" = GPL Ghostscript 8.60
"GPL Ghostscript 9.04" = GPL Ghostscript
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"In dir das Leben finden_is1" = In dir das Leben finden
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"IrfanView" = IrfanView (remove only)
"KeePass Password Safe_is1" = KeePass Password Safe 1.17
"KompoZer_is1" = KompoZer 0.77
"MFW" = MSE-Faktura
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Opera 11.52.1100" = Opera 11.52
"Opera 12.15.1748" = Opera 12.15
"Shop for HP Supplies" = Shop for HP Supplies
"SiS VGA Driver" = SiS Mirage Graphics
"sp6" = Logitech SetPoint 6.32
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"SpywareBlaster_is1" = SpywareBlaster 4.6
"VLC media player" = VLC media player 2.0.3
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-606747145-1580436667-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Pong Clock" = Pong Clock
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27.05.2013 14:07:13 | Computer Name = SCHL-AE9C6D3F42 | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 28.05.2013 13:37:02 | Computer Name = SCHL-AE9C6D3F42 | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 29.05.2013 07:09:14 | Computer Name = SCHL-AE9C6D3F42 | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 12.06.2013 12:21:42 | Computer Name = SCHL-AE9C6D3F42 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Mfw.exe, Version 1.60.2.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 17.06.2013 15:13:21 | Computer Name = SCHL-AE9C6D3F42 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hdeck.exe, Version 7.1.0.33, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000012b0.
Error - 17.06.2013 15:14:04 | Computer Name = SCHL-AE9C6D3F42 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iwatch.exe, Version 2.2.28.0, fehlgeschlagenes
Modul iwatch.exe, Version 2.2.28.0, Fehleradresse 0x000079bc.
Error - 17.06.2013 15:16:18 | Computer Name = SCHL-AE9C6D3F42 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iwatch.exe, Version 2.2.28.0, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000446da.
Error - 17.06.2013 15:19:18 | Computer Name = SCHL-AE9C6D3F42 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung avscan.exe, Version 13.6.0.1262, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000446da.
Error - 17.06.2013 15:37:28 | Computer Name = SCHL-AE9C6D3F42 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung avscan.exe, Version 13.6.0.1262, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000446da.
Error - 17.06.2013 15:37:32 | Computer Name = SCHL-AE9C6D3F42 | Source = Application Error | ID = 1001
Description = Fehlerhafter Speicherbereich -721842860.
[ System Events ]
Error - 14.06.2013 00:52:40 | Computer Name = SCHL-AE9C6D3F42 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
%%2
Error - 15.06.2013 11:36:49 | Computer Name = SCHL-AE9C6D3F42 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
%%2
Error - 15.06.2013 11:39:25 | Computer Name = SCHL-AE9C6D3F42 | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst NVSvc.
Error - 17.06.2013 00:48:21 | Computer Name = SCHL-AE9C6D3F42 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
%%2
Error - 17.06.2013 00:50:40 | Computer Name = SCHL-AE9C6D3F42 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst HTTP-SSL.
Error - 17.06.2013 00:50:40 | Computer Name = SCHL-AE9C6D3F42 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HTTP-SSL" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 17.06.2013 10:42:48 | Computer Name = SCHL-AE9C6D3F42 | Source = nv | ID = 11141134
Description = Unknown error on !3fdc(127c)
Error - 17.06.2013 15:10:53 | Computer Name = SCHL-AE9C6D3F42 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
%%2
Error - 17.06.2013 15:12:49 | Computer Name = SCHL-AE9C6D3F42 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst HTTP-SSL.
Error - 17.06.2013 15:12:49 | Computer Name = SCHL-AE9C6D3F42 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HTTP-SSL" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
< End of report >
| Zitat:
OTL logfile created on: 17.06.2013 22:11:32 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Meine Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,03 Gb Available Physical Memory | 51,52% Memory free
2,55 Gb Paging File | 1,68 Gb Available in Paging File | 65,85% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 24,14 Gb Total Space | 1,61 Gb Free Space | 6,68% Space Free | Partition Type: NTFS
Drive D: | 13,13 Gb Total Space | 8,64 Gb Free Space | 65,79% Space Free | Partition Type: NTFS
Computer Name: SCHL-AE9C6D3F42 | User Name: Urfin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - D:\Meine Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avscan.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Logishrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
PRC - C:\Programme\FRITZ!DSL\igdctrl.exe (AVM Berlin)
PRC - C:\Programme\AGFEO\Tk-Suite-Basic\tkserver\tksock.exe (AGFEO)
PRC - C:\Programme\AGFEO\Tk-Suite-Basic\tkserver\tkmedia.exe (AGFEO)
PRC - C:\Programme\AGFEO\Tk-Suite-Basic\tools\ctimon.exe (AGFEO)
PRC - C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Programme\Logitech\iTouch\iTouch.exe (Logitech Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Programme\Logitech\SetPointP\Macros\MacroCore.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\AGFEO\Tk-Suite-Basic\tkserver\tkmedia_capi.dll ()
MOD - C:\Programme\AGFEO\Tk-Suite-Basic\tkserver\tkmedia_lib.dll ()
MOD - C:\Programme\AGFEO\Tk-Suite-Basic\tkserver\tkmedia_serial.dll ()
MOD - C:\Programme\AGFEO\Tk-Suite-Basic\tools\styles\qwindowsxpstyle.dll ()
MOD - C:\Programme\AGFEO\Tk-Suite-Basic\tools\qt-mt334.dll ()
MOD - C:\WINDOWS\system32\redmonnt.dll ()
MOD - C:\WINDOWS\system32\AvmSnd.dll ()
========== Services (SafeList) ==========
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (LBTServ) -- C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (wlidsvc) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (IGDCTRL) -- C:\Programme\FRITZ!DSL\igdctrl.exe (AVM Berlin)
SRV - (bgsvcgen) -- C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (smwdm) -- system32\drivers\smwdm.sys File not found
DRV - (senfilt) -- system32\drivers\senfilt.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (NETFRITZ) -- system32\DRIVERS\NETFRITZ.SYS File not found
DRV - (MidiSyn) -- system32\drivers\MidiSyn.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (AsrCDDrv) -- C:\WINDOWS\system32\Drivers\AsrCDDrv.sys File not found
DRV - (ALSysIO) -- C:\DOKUME~1\RDIGER~3\LOKALE~1\Temp\ALSysIO.sys File not found
DRV - (aeaudio) -- system32\drivers\aeaudio.sys File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (VIAHdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (nvgts) -- C:\WINDOWS\system32\drivers\nvgts.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)
DRV - (fpcibase) -- C:\WINDOWS\system32\drivers\fpcibase.sys (AVM Berlin)
DRV - (AVMCOWAN) -- C:\WINDOWS\system32\drivers\avmcowan.sys (AVM GmbH)
DRV - (AVMPORT) -- C:\WINDOWS\system32\drivers\avmport.sys (AVM Berlin)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SiSGbeXP) -- C:\WINDOWS\system32\drivers\SiSGbeXP.sys (Silicon Integrated Systems Corp.)
DRV - (tap0801) -- C:\WINDOWS\system32\drivers\tap0801.sys (The OpenVPN Project)
DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LHidUsbK) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (itchfltr) -- C:\WINDOWS\system32\drivers\itchfltr.sys (Logitech, Inc.)
DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\LHidUsb.sys (Logitech, Inc.)
DRV - (LCcfltr) -- C:\WINDOWS\system32\drivers\LCcfltr.sys (Logitech, Inc.)
DRV - (AVMWAN) -- C:\WINDOWS\system32\drivers\avmwan.sys (AVM GmbH)
DRV - (Asushwio) -- C:\WINDOWS\system32\drivers\ASUSHWIO.SYS ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-606747145-1580436667-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.otto-doerfel.de/
IE - HKU\S-1-5-21-606747145-1580436667-725345543-1004\..\SearchScopes,DefaultScope = {210073B5-670D-4abe-A7CB-83EDBC77BF35}
IE - HKU\S-1-5-21-606747145-1580436667-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-606747145-1580436667-725345543-1004\..\SearchScopes\{210073B5-670D-4ABE-A7CB-83EDBC77BF35}: "URL" = hxxp://search.orbitdownloader.com/ie.php?q={searchTerms}&enc={inputEncoding}
IE - HKU\S-1-5-21-606747145-1580436667-725345543-1004\..\SearchScopes\{32484F1F-EFAA-418D-9DDC-B803F7CBE107}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKU\S-1-5-21-606747145-1580436667-725345543-1004\..\SearchScopes\{E79F798F-DBC8-4F82-B79D-A5DE34837697}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
IE - HKU\S-1-5-21-606747145-1580436667-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: add-to-searchbox%40maltekraus.de:2.0
FF - prefs.js..extensions.enabledAddons: PageRank%40addonfactory.in:2.0
FF - prefs.js..extensions.enabledAddons: spam%40trashmail.net:2.6.2
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7B1dbc4a33-ea62-4330-966c-7bdad3455322%7D:1.0.6.10
FF - prefs.js..extensions.enabledAddons: %7B2e84684e-01d1-4e3e-d672-6a833d883155%7D:0.6.2.2
FF - prefs.js..extensions.enabledAddons: %7B38fc2fbc-9500-46e7-8bc5-b128acd9e143%7D:1.5.1
FF - prefs.js..extensions.enabledAddons: %7B6AC85730-7D0F-4de0-B3FA-21142DD85326%7D:2.8
FF - prefs.js..extensions.enabledAddons: %7Bc151d79e-e61b-4a90-a887-5a46d38fba99%7D:2.8
FF - prefs.js..extensions.enabledAddons: %7Bc7de7360-73a2-4f3a-84f7-23ddd5ef54bb%7D:1.0.2
FF - prefs.js..extensions.enabledAddons: %7Bcca23f23-a2f2-4566-bebd-2699cc7f24b8%7D:3.6.4
FF - prefs.js..extensions.enabledAddons: %7Bcd617375-6743-4ee8-bac4-fbf10f35729e%7D:2.9.4
FF - prefs.js..extensions.enabledAddons: %7B888d99e7-e8b5-46a3-851e-1ec45da1e644%7D:17.0.0
FF - prefs.js..extensions.enabledAddons: %7B53A03D43-5363-4669-8190-99061B2DEBA5%7D:1.5.6
FF - prefs.js..extensions.enabledAddons: remember-passwords%40stanimir-stamenkov.addons.mozilla.org:1.1
FF - prefs.js..extensions.enabledAddons: helper%40savefrom.net:1.79
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.9
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15
FF - prefs.js..extensions.enabledAddons: %7Bfa8476cf-a98c-4e08-99b4-65a69cb4b7d4%7D:1.5.0.4
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: omiazad@msn.com:1.0.5
FF - prefs.js..extensions.enabledItems: tinyurl.addon@fast-chat.co.uk:2.0.0
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1
FF - prefs.js..extensions.enabledItems: {1a86d137-bac3-487e-ba3a-19e01695031b}:0.2.0.5
FF - prefs.js..extensions.enabledItems: {1dbc4a33-ea62-4330-966c-7bdad3455322}:1.0.6.7
FF - prefs.js..extensions.enabledItems: {2e61e246-e640-4c56-b1ed-f146dbed48cd}:1.2.1
FF - prefs.js..extensions.enabledItems: {2e84684e-01d1-4e3e-d672-6a833d883155}:0.5.6.3
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {38fc2fbc-9500-46e7-8bc5-b128acd9e143}:1.4.5
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.4.2
FF - prefs.js..extensions.enabledItems: {61FD08D8-A2CB-46c0-B36D-3F531AC53C12}:1.3.2009110201
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5
FF - prefs.js..extensions.enabledItems: {ba2430e0-5b72-4cac-bc9e-7d1aaca75d3d}:1.6.0
FF - prefs.js..extensions.enabledItems: {c151d79e-e61b-4a90-a887-5a46d38fba99}:2.6.1
FF - prefs.js..extensions.enabledItems: {cca23f23-a2f2-4566-bebd-2699cc7f24b8}:3.6.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {DA3A89AB-2DCA-4a29-8FEA-3C9E79BBF113}:1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}:1.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: silvermelxt@pardal.de:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49
FF - prefs.js..extensions.enabledItems: silvermel@pardal.de:1.3.6
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.15 11:14:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.05.22 09:51:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.05.22 09:50:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2013.05.15 09:15:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.15 11:14:06 | 000,000,000 | ---D | M]
[2010.03.02 17:05:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Extensions
[2010.03.02 17:05:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.06.17 13:10:11 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\d8eq6hy9.default\extensions
[2013.06.17 13:10:11 | 000,000,000 | ---D | M] (Flagfox) -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\d8eq6hy9.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2008.04.04 14:53:17 | 000,000,000 | ---D | M] (Flagfox [de]) -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\d8eq6hy9.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(2)
[2012.11.30 09:05:04 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\d8eq6hy9.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011.03.30 21:06:55 | 000,000,000 | ---D | M] (Remove It Permanently) -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\d8eq6hy9.default\extensions\{1dbc4a33-ea62-4330-966c-7bdad3455322}
[2010.03.27 20:28:07 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\d8eq6hy9.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}(2)
[2012.08.08 17:47:02 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\d8eq6hy9.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2008.04.04 14:53:18 | 000,000,000 | ---D | M] (MR Tech Link Wrapper [de]) -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\d8eq6hy9.default\extensions\{AE7FD9A4-892A-4DE0-B635-4C58D0B0E09F}(2)
[2013.05.29 09:11:42 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\d8eq6hy9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.04.18 14:37:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\d8eq6hy9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
[2012.10.15 07:11:38 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\d8eq6hy9.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.04.15 08:16:47 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\lo4j3r4v.Testprofil\extensions
[2012.07.10 18:19:03 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\yloenhgo.unveränderter Firefox\extensions
[2012.09.25 16:11:20 | 000,025,781 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\d8eq6hy9.default\extensions\add-to-searchbox@maltekraus.de.xpi
[2012.10.19 09:20:13 | 000,003,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\d8eq6hy9.default\extensions\expire-history-by-days@bonardo.net.xpi
[2013.05.10 11:45:13 | 000,101,681 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\d8eq6hy9.default\extensions\helper@savefrom.net.xpi
[2012.09.14 14:20:26 | 000,025,208 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\d8eq6hy9.default\extensions\PageRank@addonfactory.in.xpi
[2013.04.18 08:12:40 | 000,015,177 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\d8eq6hy9.default\extensions\remember-passwords@stanimir-stamenkov.addons.mozilla.org.xpi
[2012.08.08 17:47:02 | 000,217,069 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\d8eq6hy9.default\extensions\spam@trashmail.net.xpi
[2011.12.12 09:33:52 | 000,024,723 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\d8eq6hy9.default\extensions\{2e84684e-01d1-4e3e-d672-6a833d883155}.xpi
[2012.01.14 17:14:45 | 000,008,503 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\d8eq6hy9.default\extensions\{38fc2fbc-9500-46e7-8bc5-b128acd9e143}.xpi
[2012.12.29 14:25:48 | 000,399,507 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\d8eq6hy9.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi
[2012.12.29 14:20:03 | 000,049,203 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\d8eq6hy9.default\extensions\{61FD08D8-A2CB-46c0-B36D-3F531AC53C12}.xpi
[2012.12.26 12:03:57 | 000,030,502 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\d8eq6hy9.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
[2013.03.28 10:43:30 | 000,013,394 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\d8eq6hy9.default\extensions\{ba2430e0-5b72-4cac-bc9e-7d1aaca75d3d}.xpi
[2012.07.13 13:28:11 | 000,111,899 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\d8eq6hy9.default\extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}.xpi
[2012.10.29 08:50:58 | 000,007,873 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\d8eq6hy9.default\extensions\{c7de7360-73a2-4f3a-84f7-23ddd5ef54bb}.xpi
[2011.10.13 09:53:11 | 000,010,634 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\d8eq6hy9.default\extensions\{cca23f23-a2f2-4566-bebd-2699cc7f24b8}.xpi
[2012.11.27 11:37:27 | 000,065,551 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\d8eq6hy9.default\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi
[2013.05.09 08:50:48 | 000,870,680 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\d8eq6hy9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.24 08:43:58 | 000,269,448 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\d8eq6hy9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.06.15 18:47:21 | 000,048,921 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\d8eq6hy9.default\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi
[2009.05.23 15:40:11 | 000,001,904 | ---- | M] () -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\d8eq6hy9.default\searchplugins\bibleservercom-lut.xml
[2011.01.06 19:01:36 | 000,001,820 | ---- | M] () -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\d8eq6hy9.default\searchplugins\bing.xml
[2009.05.12 08:11:00 | 000,001,963 | ---- | M] () -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\d8eq6hy9.default\searchplugins\de-en-beolingus.xml
[2012.09.25 16:15:46 | 000,001,090 | ---- | M] () -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\d8eq6hy9.default\searchplugins\duden-online.xml
[2007.11.11 15:02:08 | 000,001,734 | ---- | M] () -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\d8eq6hy9.default\searchplugins\idealode.xml
[2009.03.23 11:45:05 | 000,002,057 | ---- | M] () -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Mozilla\Firefox\Profiles\d8eq6hy9.default\searchplugins\youtube-videosuche.xml
[2013.05.22 09:50:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.05.22 09:51:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.22 09:51:40 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\D8EQ6HY9.DEFAULT\EXTENSIONS\{1018E4D6-728F-4B20-AD56-37578A4DE76B}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\D8EQ6HY9.DEFAULT\EXTENSIONS\{195A3098-0BD5-4E90-AE22-BA1C540AFD1E}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\D8EQ6HY9.DEFAULT\EXTENSIONS\{1DBC4A33-EA62-4330-966C-7BDAD3455322}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\D8EQ6HY9.DEFAULT\EXTENSIONS\{2E84684E-01D1-4E3E-D672-6A833D883155}.XPI
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\D8EQ6HY9.DEFAULT\EXTENSIONS\{38FC2FBC-9500-46E7-8BC5-B128ACD9E143}.XPI
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\D8EQ6HY9.DEFAULT\EXTENSIONS\{53A03D43-5363-4669-8190-99061B2DEBA5}.XPI
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\D8EQ6HY9.DEFAULT\EXTENSIONS\{6AC85730-7D0F-4DE0-B3FA-21142DD85326}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\D8EQ6HY9.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\D8EQ6HY9.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\D8EQ6HY9.DEFAULT\EXTENSIONS\{C151D79E-E61B-4A90-A887-5A46D38FBA99}.XPI
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\D8EQ6HY9.DEFAULT\EXTENSIONS\{C7DE7360-73A2-4F3A-84F7-23DDD5EF54BB}.XPI
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\D8EQ6HY9.DEFAULT\EXTENSIONS\{CCA23F23-A2F2-4566-BEBD-2699CC7F24B8}.XPI
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\D8EQ6HY9.DEFAULT\EXTENSIONS\{CD617375-6743-4EE8-BAC4-FBF10F35729E}.XPI
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\D8EQ6HY9.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\D8EQ6HY9.DEFAULT\EXTENSIONS\{FA8476CF-A98C-4E08-99B4-65A69CB4B7D4}.XPI
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\D8EQ6HY9.DEFAULT\EXTENSIONS\ADD-TO-SEARCHBOX@MALTEKRAUS.DE.XPI
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\D8EQ6HY9.DEFAULT\EXTENSIONS\HELPER@SAVEFROM.NET.XPI
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\D8EQ6HY9.DEFAULT\EXTENSIONS\PAGERANK@ADDONFACTORY.IN.XPI
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\D8EQ6HY9.DEFAULT\EXTENSIONS\REMEMBER-PASSWORDS@STANIMIR-STAMENKOV.ADDONS.MOZILLA.ORG.XPI
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\D8EQ6HY9.DEFAULT\EXTENSIONS\SPAM@TRASHMAIL.NET.XPI
[2007.04.23 12:48:00 | 000,007,168 | ---- | M] (Panda Software International) -- C:\Programme\mozilla firefox\plugins\libcomm.dll
[2007.05.17 12:01:00 | 000,035,008 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\NanoInst.dll
[2004.08.04 00:57:02 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\npdrmv2.dll
[2005.11.29 17:27:06 | 000,364,544 | ---- | M] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\Programme\mozilla firefox\plugins\npdsplay.dll
[2007.05.16 09:27:00 | 000,098,304 | ---- | M] (Panda Software International) -- C:\Programme\mozilla firefox\plugins\npnanoinstaller.dll
[2007.05.17 12:01:00 | 000,098,304 | ---- | M] (Panda Software International) -- C:\Programme\mozilla firefox\plugins\npnanoscanner.dll
[2004.08.04 00:56:46 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\npwmsdrm.dll
[2007.05.03 12:33:00 | 000,053,248 | ---- | M] (TODO: <Nombre de la compañía>) -- C:\Programme\mozilla firefox\plugins\PSComm.dll
[2007.05.17 12:01:00 | 000,130,152 | ---- | M] (Panda Software) -- C:\Programme\mozilla firefox\plugins\PSNAdBrk.dll
O1 HOSTS File: ([2010.11.04 09:10:29 | 000,000,000 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-606747145-1580436667-725345543-1004\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [EvtMgr6] C:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-606747145-1580436667-725345543-1004..\Run: [Geusekapy] "C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Desofu\pumyf.exe" File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe (AVM Berlin)
O4 - Startup: C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\TK-Suite Client.lnk = C:\Programme\AGFEO\Tk-Suite-Basic\tools\ctimon.exe (AGFEO)
O4 - Startup: C:\Dokumente und Einstellungen\Urfin\Startmenü\Programme\Autostart\FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe (AVM Berlin)
O4 - Startup: C:\Dokumente und Einstellungen\Urfin\Startmenü\Programme\Autostart\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Rüdige = Reg Error: Value error. File not found
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-606747145-1580436667-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 9D 00 00 00 [binary data]
O7 - HKU\S-1-5-21-606747145-1580436667-725345543-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O15 - HKU\S-1-5-21-606747145-1580436667-725345543-1004\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-606747145-1580436667-725345543-1004\..Trusted Ranges: Range78 ([*] in Lokales Intranet)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188071947015 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33E1282E-E25D-4E72-897A-07A8D74305BC}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B28F784A-9BF3-4983-8E9E-5AA8EAE6C6CD}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Urfin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Urfin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003.12.05 10:28:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0bd68e54-564e-11dd-889b-001bb9a2a245}\Shell - "" = AutoRun
O33 - MountPoints2\{0bd68e54-564e-11dd-889b-001bb9a2a245}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0bd68e54-564e-11dd-889b-001bb9a2a245}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL DVR/AutoRun.exe start.exe
O33 - MountPoints2\{fe1b00e5-c54c-11de-8d6c-001bb9af12f9}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.06.17 15:46:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Urfin\Desktop\Rechnung
[2013.06.17 15:28:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Local Settings
[2013.05.22 09:50:00 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2002.03.11 11:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Programme\instmsiw.exe
[2002.03.11 10:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Programme\instmsia.exe
[1997.04.27 23:22:38 | 001,108,016 | R--- | C] (Microsoft Corporation) -- C:\Programme\msgifani.exe
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.06.17 22:06:43 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Urfin\defogger_reenable
[2013.06.17 21:44:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.06.17 21:28:51 | 000,003,086 | ---- | M] () -- C:\WINDOWS\System32\nvAppTimestamps
[2013.06.17 21:11:54 | 000,000,065 | ---- | M] () -- C:\WINDOWS\iTouch.ini
[2013.06.17 21:11:30 | 000,000,604 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2013.06.17 21:10:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.06.17 16:01:53 | 000,001,536 | ---- | M] () -- C:\WINDOWS\MKDEWE.TRN
[2013.06.17 15:45:48 | 000,063,376 | ---- | M] () -- C:\Dokumente und Einstellungen\Urfin\Desktop\Rechnung.zip
[2013.06.17 14:33:00 | 000,000,572 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2013.06.17 06:48:13 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.06.14 18:17:28 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.06.14 18:17:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.06.13 20:53:07 | 000,071,335 | ---- | M] () -- C:\Dokumente und Einstellungen\Urfin\Desktop\Bestellnummer 2016111.pdf
[2013.06.13 08:17:48 | 000,000,030 | ---- | M] () -- C:\WINDOWS\Iedit.INI
[2013.06.12 13:50:21 | 009,089,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013.06.12 07:12:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.06.10 17:40:11 | 000,161,352 | ---- | M] () -- C:\Dokumente und Einstellungen\Urfin\Desktop\Ihr Kundenkonto - momox.de.png
[2013.06.07 11:31:39 | 000,176,325 | ---- | M] () -- C:\Dokumente und Einstellungen\Urfin\Desktop\paypal500a.jpg
[2013.06.07 11:27:44 | 000,133,802 | ---- | M] () -- C:\Dokumente und Einstellungen\Urfin\Desktop\paypal500a.png
[2013.06.07 11:25:30 | 000,152,557 | ---- | M] () -- C:\Dokumente und Einstellungen\Urfin\Desktop\paypal500.png
[2013.06.05 14:45:16 | 000,383,208 | ---- | M] () -- C:\Dokumente und Einstellungen\Urfin\Desktop\fraeser_01.jpg
[2013.06.05 14:44:59 | 000,389,366 | ---- | M] () -- C:\Dokumente und Einstellungen\Urfin\Desktop\fraeser_02.jpg
[2013.05.28 18:33:11 | 000,070,753 | ---- | M] () -- C:\Dokumente und Einstellungen\Urfin\Desktop\Bestellnummer 504705.pdf
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.06.17 22:06:43 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Urfin\defogger_reenable
[2013.06.17 15:45:48 | 000,063,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Urfin\Desktop\Rechnung.zip
[2013.06.13 20:53:07 | 000,071,335 | ---- | C] () -- C:\Dokumente und Einstellungen\Urfin\Desktop\Bestellnummer 2016111.pdf
[2013.06.10 17:40:11 | 000,161,352 | ---- | C] () -- C:\Dokumente und Einstellungen\Urfin\Desktop\Ihr Kundenkonto - momox.de.png
[2013.06.07 11:29:06 | 000,176,325 | ---- | C] () -- C:\Dokumente und Einstellungen\Urfin\Desktop\paypal500a.jpg
[2013.06.07 11:27:44 | 000,133,802 | ---- | C] () -- C:\Dokumente und Einstellungen\Urfin\Desktop\paypal500a.png
[2013.06.07 11:25:30 | 000,152,557 | ---- | C] () -- C:\Dokumente und Einstellungen\Urfin\Desktop\paypal500.png
[2013.06.05 14:45:16 | 000,383,208 | ---- | C] () -- C:\Dokumente und Einstellungen\Urfin\Desktop\fraeser_01.jpg
[2013.06.05 14:44:57 | 000,389,366 | ---- | C] () -- C:\Dokumente und Einstellungen\Urfin\Desktop\fraeser_02.jpg
[2013.05.28 18:33:10 | 000,070,753 | ---- | C] () -- C:\Dokumente und Einstellungen\Urfin\Desktop\Bestellnummer 504705.pdf
[2012.07.09 10:15:59 | 000,015,428 | ---- | C] () -- C:\Dokumente und Einstellungen\Urfin\RefEdit.exd
[2012.06.15 11:07:04 | 000,256,623 | ---- | C] () -- C:\WINDOWS\hpwins24.dat
[2012.06.15 11:07:04 | 000,001,758 | ---- | C] () -- C:\WINDOWS\hpwmdl24.dat
[2012.02.16 08:09:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.10.19 14:55:36 | 001,079,188 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011.10.19 14:55:36 | 001,079,188 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011.10.19 14:55:36 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011.10.19 14:53:30 | 002,287,232 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011.10.19 14:35:02 | 000,012,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\TBPanel.sys
[2011.10.19 12:16:28 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010.11.03 08:36:36 | 009,175,040 | ---- | C] () -- C:\Dokumente und Einstellungen\Urfin\ntuser.bak
[2010.09.19 12:41:12 | 000,001,132 | ---- | C] () -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\mdbu.bin
[2010.08.08 14:09:10 | 000,002,758 | ---- | C] () -- C:\Programme\Deutsch.lng
[2010.08.08 14:08:52 | 000,002,553 | ---- | C] () -- C:\Programme\Suomi.lng
[2010.08.08 14:08:40 | 000,003,027 | ---- | C] () -- C:\Programme\Français.lng
[2010.08.08 14:08:20 | 000,002,920 | ---- | C] () -- C:\Programme\Italiano.lng
[2010.08.08 14:08:04 | 000,002,946 | ---- | C] () -- C:\Programme\Español.lng
[2010.08.08 14:07:50 | 000,003,127 | ---- | C] () -- C:\Programme\Nederlands.lng
[2009.04.24 17:02:14 | 000,451,928 | ---- | C] () -- C:\Programme\setup.exe
[2009.04.24 17:01:52 | 140,387,071 | ---- | C] () -- C:\Programme\openofficeorg1.cab
[2009.04.24 17:01:34 | 009,819,136 | ---- | C] () -- C:\Programme\openofficeorg31.msi
[2009.04.23 18:29:54 | 000,000,336 | ---- | C] () -- C:\Programme\setup.ini
[2008.10.04 18:15:26 | 000,002,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Urfin\secedit.INTEG.RAW
[2008.09.30 17:48:38 | 009,776,640 | ---- | C] () -- C:\Programme\openofficeorg30.msi
[2008.09.30 09:59:25 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\Urfin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008.09.11 20:25:03 | 000,473,478 | ---- | C] () -- C:\Dokumente und Einstellungen\Urfin\jap.conf
[2008.05.29 22:56:14 | 000,037,375 | ---- | C] () -- C:\Programme\openoffice.org-xsltfilter.cab
[2008.05.29 22:56:13 | 002,678,080 | ---- | C] () -- C:\Programme\openoffice.org-writer.cab
[2008.05.29 22:56:04 | 000,207,388 | ---- | C] () -- C:\Programme\openoffice.org-testtool.cab
[2008.05.29 22:56:02 | 002,504,975 | ---- | C] () -- C:\Programme\openoffice.org-pyuno.cab
[2008.05.29 22:55:44 | 000,052,152 | ---- | C] () -- C:\Programme\openoffice.org-onlineupdate.cab
[2008.05.29 22:55:43 | 001,209,478 | ---- | C] () -- C:\Programme\openoffice.org-math.cab
[2008.05.29 22:55:39 | 000,118,910 | ---- | C] () -- C:\Programme\openoffice.org-javafilter.cab
[2008.05.29 22:55:38 | 001,395,007 | ---- | C] () -- C:\Programme\openoffice.org-impress.cab
[2008.05.29 22:55:32 | 000,086,870 | ---- | C] () -- C:\Programme\openoffice.org-graphicfilter.cab
[2008.05.29 22:55:31 | 001,046,365 | ---- | C] () -- C:\Programme\openoffice.org-draw.cab
[2008.05.29 22:55:31 | 000,002,769 | ---- | C] () -- C:\Programme\openoffice.org-emailmerge.cab
[2008.05.29 22:55:26 | 002,031,954 | ---- | C] () -- C:\Programme\openoffice.org-core09.cab
[2008.05.29 22:55:19 | 000,305,784 | ---- | C] () -- C:\Programme\openoffice.org-core08.cab
[2008.05.29 22:55:13 | 004,249,333 | ---- | C] () -- C:\Programme\openoffice.org-core07.cab
[2008.05.29 22:55:02 | 028,871,584 | ---- | C] () -- C:\Programme\openoffice.org-core06.cab
[2008.05.29 22:51:04 | 018,634,513 | ---- | C] () -- C:\Programme\openoffice.org-core05.cab
[2008.05.29 22:50:07 | 016,503,595 | ---- | C] () -- C:\Programme\openoffice.org-core04.cab
[2008.05.29 22:49:16 | 009,117,929 | ---- | C] () -- C:\Programme\openoffice.org-core03.cab
[2008.05.29 22:48:55 | 003,861,568 | ---- | C] () -- C:\Programme\openoffice.org-core02.cab
[2008.05.29 22:48:42 | 015,099,632 | ---- | C] () -- C:\Programme\openoffice.org-core01.cab
[2008.05.29 22:48:11 | 004,871,833 | ---- | C] () -- C:\Programme\openoffice.org-calc.cab
[2008.05.29 22:47:53 | 001,912,368 | ---- | C] () -- C:\Programme\openoffice.org-base.cab
[2008.05.29 22:47:46 | 000,043,005 | ---- | C] () -- C:\Programme\openoffice.org-activex.cab
[2008.05.29 22:47:43 | 004,376,576 | ---- | C] () -- C:\Programme\openofficeorg24.msi
[2007.09.10 21:43:32 | 003,393,576 | ---- | C] () -- C:\Programme\openofficeorg4.cab
[2007.09.10 21:43:08 | 067,385,271 | ---- | C] () -- C:\Programme\openofficeorg3.cab
[2007.09.10 21:35:48 | 017,643,012 | ---- | C] () -- C:\Programme\openofficeorg2.cab
[2007.09.10 21:32:55 | 004,366,848 | ---- | C] () -- C:\Programme\openofficeorg23.msi
[2007.08.28 13:11:27 | 000,052,224 | ---- | C] () -- C:\Dokumente und Einstellungen\Urfin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.08.25 23:36:41 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\addr_file.html
[2006.02.01 19:58:50 | 002,455,873 | ---- | C] () -- C:\Programme\SETUP.DAT
========== ZeroAccess Check ==========
[2008.10.01 09:15:00 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2007.04.21 13:08:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
[2006.01.30 14:48:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2010.09.14 09:09:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Aldi Nord Fotoservice
[2012.05.05 12:33:03 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\CanonBJ
[2013.05.03 07:29:51 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\CanonIJEGV
[2012.05.05 12:33:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\CanonIJWSpt
[2012.10.23 09:38:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\FreePDF
[2011.10.20 22:27:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\ISDNWatch
[2011.12.22 19:11:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\mediDOK
[2012.11.29 19:54:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\TEMP
[2007.08.27 21:57:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Ulead Systems
[2010.09.20 09:04:01 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2004.05.28 17:54:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\FRITZ!
[2009.04.29 10:12:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService.NT-AUTORITÄT\Anwendungsdaten\FRITZ!
[2012.05.05 12:38:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Canon
[2010.01.04 09:45:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\CD-LabelPrint
[2012.11.06 16:08:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Dropbox
[2007.10.22 19:26:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\EPSON
[2009.10.19 17:49:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\FreeCAD
[2012.10.23 09:38:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\FreePDF
[2013.06.15 19:28:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\FRITZ!
[2007.12.11 11:46:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\FUJIFILM
[2012.07.09 08:14:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Garmin
[2009.01.15 12:31:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\GrabPro
[2009.08.24 17:09:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\JonDo
[2010.04.13 08:35:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\KeePass
[2008.12.08 19:09:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\KompoZer
[2011.10.22 14:53:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Leadertech
[2007.09.05 22:07:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Nvu
[2008.12.30 18:40:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\OpenOffice.org
[2009.05.11 08:50:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\OpenWith.org Cache
[2007.08.25 23:13:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Opera
[2012.07.24 17:34:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Oracle
[2010.03.02 17:05:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Thunderbird
[2007.08.27 21:57:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Ulead Systems
[2009.03.23 10:00:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Windows Search
[2009.09.11 17:18:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Urfin\Anwendungsdaten\Xilisoft
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\dllhost.exe:�SummaryInformation
@Alternate Data Stream - 105 bytes -> C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\TEMP:5C321E34
< End of report >
| |
Bitte lesen:
