Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.11.2012, 16:03   #1
masin
 
Firefox staret automatisch http://ad.adserverplus.com/  mit leerem Fenster - Standard

Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster



Hallo zusammen, in der Hoffnung, dass ich als Neuling nicht irgend eine Regel übersehen habe, will ich mein Problem schildern:
Seit einigen Tagen öffnet Firefox an schwer reproduzierbaren Stellen das vielzitierte Fenster hxxp://ad.adserverplus.com/. Das Fenster ist allerdings leer; eine Besonderheit, die mir in dieser Form bei den anderen Beiträgen nicht so aufgefallen ist.
Heute bin ich auf eure (sehr übersichtlich und verständlich aufgebaute) Website gestoßen und habe folgendes abgearbeitet:

1. Malwarebytes gestartet ==> alles sauber
2. Defogger gestartet ==> In Bruchteilen einer Sekunde erschien die Meldung "Finished" also offensichtlich auch hier alles ok.
3. Habe OTL laufen lassen ==> die beiden Logs folgen unten.

Da ich Windows 7 (64 bit) habe, habe ich weiter nichts unternommen, füge die beiden Dateien ein und warte auf eure Reaktion.

Im voraus schon besten Dank!

Masin

OTL.txt:

OTL logfile created on: 10.11.2012 16:16:56 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Downloads\firefox\Trojaner-Board
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

5,96 Gb Total Physical Memory | 3,80 Gb Available Physical Memory | 63,75% Memory free
11,92 Gb Paging File | 9,36 Gb Available in Paging File | 78,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 205,97 Gb Total Space | 127,29 Gb Free Space | 61,80% Space Free | Partition Type: NTFS
Drive D: | 425,58 Gb Total Space | 261,32 Gb Free Space | 61,40% Space Free | Partition Type: NTFS
Drive E: | 554,98 Gb Total Space | 382,46 Gb Free Space | 68,91% Space Free | Partition Type: NTFS
Drive I: | 662,53 Gb Total Space | 368,80 Gb Free Space | 55,67% Space Free | Partition Type: NTFS

Computer Name: HDS-NEU | User Name: Hans-Dieter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - E:\Downloads\firefox\Trojaner-Board\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - E:\Downloads\windows\Desktop\dsksve8\DeskSave.exe ()
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe ()
PRC - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
PRC - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
PRC - C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe ()
PRC - C:\Program Files (x86)\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe (Deutsche Telekom AG)
PRC - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
PRC - C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files (x86)\Microsoft Location Finder\LocationFinder.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - E:\Downloads\windows\Desktop\dsksve8\DeskSave.exe ()
MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll ()
MOD - C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtCore4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtSvg4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtGUI4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtXml4.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe (G Data Software AG)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (syncagentsrv) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (GDFwSvc) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe (G Data Software AG)
SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
SRV - (AVKService) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (OS Selector) -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe ()
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG)
DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG)
DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG)
DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman) -- C:\Windows\SysNative\drivers\tdrpman.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (vididr) -- C:\Windows\SysNative\drivers\vididr.sys (Acronis)
DRV:64bit: - (vidsflt67) -- C:\Windows\SysNative\drivers\vsflt67.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (fltsrv) -- C:\Windows\SysNative\drivers\fltsrv.sys (Acronis)
DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (NBVol) -- C:\Windows\SysNative\drivers\NBVol.sys (Nero AG)
DRV:64bit: - (NBVolUp) -- C:\Windows\SysNative\drivers\NBVolUp.sys (Nero AG)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (FPCIBASE) -- C:\Windows\SysNative\drivers\fpcibase.sys (AVM Berlin)
DRV:64bit: - (AVMCOWAN) -- C:\Windows\SysNative\drivers\avmcowan.sys (AVM GmbH)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (Null) -- C:\Windows\SysWow64\NULL ()
DRV - (PCDSRVC{1E208CE0-FB7451FF-06020200}_0) -- c:\Programme\Dell Support Center\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D1 E6 22 1C E7 BC CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: {bb6bc1bb-f824-4702-90cd-35e2fb24f25d}:1.5.1.1
FF - prefs.js..extensions.enabledAddons: fb_add_on@avm.de:1.6.3
FF - prefs.js..extensions.enabledAddons: {BCC877E7-7F3F-4632-8338-DAEE4475DE35}:0.20
FF - prefs.js..extensions.enabledAddons: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.2.2
FF - prefs.js..extensions.enabledAddons: maps@ovi.com:5.10.3.0
FF - prefs.js..extensions.enabledAddons: {906305f7-aafc-45e9-8bbd-941950a84dad}:1.1.11215.1124
FF - prefs.js..extensions.enabledAddons: bbrs_002@blabbers.com:1.0.5
FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=7878efc5-99c2-42ac-b1f9-c47325604a69&searchtype=ds&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files (x86)\dradio-Recorder\npphonostarDetectNP.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.30 17:57:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.07 10:43:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@shopping-preise.de: C:\Users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\extensions\mail@shopping-preise.de [2012.11.06 14:18:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\extensions\firejump@firejump.net [2012.11.06 14:18:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\extensions\extension@preispilot.com
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.30 17:57:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012.10.11 13:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Extensions
[2012.10.11 13:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.11.07 17:04:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions
[2012.10.08 17:38:41 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012.09.25 17:42:52 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2012.09.25 17:42:51 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com
[2012.09.25 17:42:51 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions\fb_add_on@avm.de
[2012.11.06 14:18:32 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions\firejump@firejump.net
[2012.11.06 14:18:32 | 000,000,000 | ---D | M] (Shopping-preise.de) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions\mail@shopping-preise.de
[2012.10.18 14:35:29 | 000,000,000 | ---D | M] (Nokia Maps 3D browser plugin) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions\maps@ovi.com
[2012.11.07 17:04:18 | 000,111,107 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\extension@preispilot.com.xpi
[2012.09.25 18:46:06 | 000,009,282 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\{BCC877E7-7F3F-4632-8338-DAEE4475DE35}.xpi
[2012.07.26 07:33:30 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.30 16:28:53 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591 b_expire
[2012.09.02 16:51:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\170f337942c410233f577de5778810a 6_expire
[2012.09.09 07:48:52 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1bcf5a8f2429c4942ad539ef2c5df33 6_expire
[2012.11.10 15:04:43 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\292124057d00cb0fa73db6b90d07965 8_expire
[2012.11.10 15:04:45 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2a86ac4f3322238b4f27d14a0983927 5_expire
[2012.08.12 13:25:14 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2e74403c227112bec523796d5a77d77 e_expire
[2012.08.20 15:20:50 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b507b6d0186efd3615b9b9233c5f70 8_expire
[2012.11.10 16:05:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b6b74d5a92c729ce36a9d055d3db8e 9_expire
[2012.08.23 12:06:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3d0187861633ce04b8c224f2475a283 7_expire
[2012.08.29 13:10:56 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4ad053d40dfa5cab7948e9251df6e3d 9_expire
[2012.11.06 17:05:49 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41 f_expire
[2012.10.21 12:48:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5f4ce27504a73ff97d1936c597c769e 5_expire
[2012.09.04 19:07:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\61e2ae11ba3d1cbe8887ea80f192e29 9_expire
[2012.11.10 16:09:55 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6ff6ea009817b27df633b37777d528c d_expire
[2012.09.05 06:43:58 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ccfda3ab1ab5bbc5d7af38840ba022 b_expire
[2012.11.10 16:05:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ffbb13aa6f702b0cafab391f90d1db 7_expire
[2012.08.20 07:06:52 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\9803c283e94e743374151c4bbe60a5d f_expire
[2012.11.10 16:05:17 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a38dbdd1af07f4236d43e8fd995f57a 6_expire
[2012.11.10 15:04:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a4cc6ab573e4a5fee2a418e22d3c14d c_expire
[2012.09.20 13:18:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a74277a9a3c0203a3093f810f43fbc1 1_expire
[2012.08.27 14:03:20 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\b5bc7084382de95cb69790e5d10db33 8_expire
[2012.11.10 15:04:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bf73732e1f0b76bac435293ba388057 9_expire
[2012.10.31 16:32:39 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c6d8337e4b016a68fdbb60b29e7d254 d_expire
[2012.08.20 07:06:52 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52 b_expire
[2012.08.13 09:31:54 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d2458fd784f4eb7cff549c598cd1465 1_expire
[2012.08.26 14:33:28 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d83bb387de1d7c4401815e133de06c6 b_expire
[2012.08.28 10:26:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\dc6668d28979688b1e2066d1dcaef0f 6_expire
[2012.10.31 16:32:39 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\df4525cd4117d8ae1c7453b13975924 2_expire
[2012.09.20 13:18:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e02b35320e5111f1b626466c13c70a0 a_expire
[2012.08.25 15:29:22 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e7215b147326809c45f6cf095227462 4_expire
[2012.11.10 15:04:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e72174145ae7671ff95578a2089c26b 2_expire
[2012.11.10 15:04:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e426427 1_expire
[2012.11.10 15:04:45 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece5f266221b5245c6e3d7e27ddee96 3_expire
[2012.10.21 12:48:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece71b71690fad200cbed95871ef4bb 2_expire
[2012.11.10 15:04:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300 d_expire
[2012.11.06 17:05:49 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6 b_expire
[2012.11.06 17:05:49 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6 f_expire
[2012.07.25 07:44:14 | 000,000,003 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\maps@ovi.com\plugins\package.XPI
[2012.09.23 00:45:10 | 000,002,401 | ---- | M] () -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\searchplugins\Web Search.xml
[2012.08.27 10:13:16 | 000,001,348 | ---- | M] () -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\searchplugins\wikipdia-fr.xml
[2012.10.31 09:39:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.10.30 17:57:12 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2012.10.30 17:57:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.30 17:57:17 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Hans-Dieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Hans-Dieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Hans-Dieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun File not found
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [dradio-RecorderTimer] C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe ()
O4 - HKCU..\Run: [Microsoft Location Finder] C:\Program Files (x86)\Microsoft Location Finder\LocationFinder.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} hxxp://bmontessori12.dyndns.org:1119/VatDec.cab (VatCtrl Class)
O16 - DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} hxxp://bmontessori12.dyndns.org:1120/RtspVaPgDec.cab (RtspVaPgCtrlNew Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C8BD92B-6F2C-4827-852A-084480244670}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.11.10 15:28:29 | 000,000,000 | ---D | M] - E:\Autos -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.11.10 09:34:16 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Roaming\Malwarebytes
[2012.11.10 09:34:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.10 09:34:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.10 09:34:03 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.10 09:34:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.09 09:07:40 | 004,918,219 | ---- | C] (Phil Harvey) -- C:\Windows\exiftool.exe
[2012.11.06 14:29:30 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Roaming\eXPert PDF Editor
[2012.11.06 14:28:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visage
[2012.11.06 14:28:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Visagesoft
[2012.11.06 14:18:58 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Roaming\CAD-KAS
[2012.11.06 14:18:51 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Editor 3.3
[2012.11.06 14:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Editor 3.3
[2012.11.06 14:18:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Editor 3
[2012.11.06 14:18:32 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\SysWow64\dhRichClient3.dll
[2012.11.06 14:18:32 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Roaming\DesktopIconForAmazon
[2012.10.31 12:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012.10.31 10:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.10.31 10:05:41 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX
[2012.10.31 10:05:41 | 000,100,864 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2012.10.31 10:05:40 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL
[2012.10.31 10:05:40 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL
[2012.10.31 10:05:40 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL
[2012.10.31 10:05:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2012.10.31 10:05:02 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Local\Programs
[2012.10.30 17:57:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.21 13:53:27 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Roaming\PC-FAX TX
[2012.10.18 16:16:36 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Local\Apple Computer
[2012.10.18 16:16:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.10.18 16:16:26 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012.10.18 16:15:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.10.18 16:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.10.18 16:15:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.10.18 16:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.10.18 16:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.10.18 16:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.10.18 16:14:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012.10.17 10:04:09 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Local\kiwi.software.NET
[2012.10.17 10:03:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\kiwi.software.NET
[2012.10.17 10:03:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\kiwi.software.NET
[2012.10.14 14:43:49 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Roaming\TeamViewer

========== Files - Modified Within 30 Days ==========

[2012.11.10 16:11:09 | 000,000,000 | ---- | M] () -- C:\Users\Hans-Dieter\defogger_reenable
[2012.11.10 16:04:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.10 15:29:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.10 13:45:50 | 000,864,265 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2012.11.10 13:45:50 | 000,046,106 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2012.11.10 13:29:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.10 09:34:04 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.10 07:49:03 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.10 07:49:03 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.10 07:41:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.10 07:41:35 | 504,717,311 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.09 08:50:34 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.09 08:50:34 | 000,655,802 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.09 08:50:34 | 000,616,348 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.09 08:50:34 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.09 08:50:34 | 000,106,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.08 18:30:55 | 000,002,374 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.11.08 18:24:21 | 004,918,219 | ---- | M] (Phil Harvey) -- C:\Windows\exiftool.exe
[2012.11.08 12:49:35 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.11.08 12:49:35 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.11.06 14:28:25 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\eXPert PDF Editor.lnk
[2012.11.06 14:18:51 | 000,087,704 | ---- | M] () -- C:\Windows\cadkasdeinst01.exe
[2012.11.06 14:18:51 | 000,000,990 | ---- | M] () -- C:\Users\Hans-Dieter\Desktop\PDF Editor 3.3.lnk
[2012.11.06 14:18:32 | 000,001,478 | ---- | M] () -- C:\Users\Hans-Dieter\Desktop\Amazon.lnk
[2012.11.05 14:54:44 | 000,011,264 | ---- | M] () -- C:\Users\Hans-Dieter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.04 19:32:24 | 000,000,262 | ---- | M] () -- C:\Users\Hans-Dieter\Desktop\Run.lnk
[2012.10.31 12:42:13 | 000,427,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.31 10:05:45 | 000,001,160 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.10.31 10:05:45 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.10.21 13:54:13 | 000,000,414 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2012.10.21 13:54:13 | 000,000,000 | ---- | M] () -- C:\Windows\brdfxspd.dat
[2012.10.21 13:53:27 | 000,000,166 | ---- | M] () -- C:\Windows\brpcfx.ini
[2012.10.18 16:16:30 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.10.12 07:34:54 | 000,100,864 | ---- | M] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll

========== Files Created - No Company Name ==========

[2012.11.10 16:11:09 | 000,000,000 | ---- | C] () -- C:\Users\Hans-Dieter\defogger_reenable
[2012.11.10 09:34:04 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.06 14:28:25 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\eXPert PDF Editor.lnk
[2012.11.06 14:18:51 | 000,087,704 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2012.11.06 14:18:51 | 000,000,990 | ---- | C] () -- C:\Users\Hans-Dieter\Desktop\PDF Editor 3.3.lnk
[2012.11.06 14:18:32 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012.11.06 14:18:32 | 000,001,478 | ---- | C] () -- C:\Users\Hans-Dieter\Desktop\Amazon.lnk
[2012.11.04 19:32:24 | 000,000,262 | ---- | C] () -- C:\Users\Hans-Dieter\Desktop\Run.lnk
[2012.10.31 10:05:45 | 000,001,160 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.10.31 10:05:45 | 000,000,991 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.10.18 16:16:30 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.27 16:25:58 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.09.27 12:45:11 | 000,011,264 | ---- | C] () -- C:\Users\Hans-Dieter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.26 13:45:48 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.09.26 09:04:37 | 000,000,414 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.09.26 09:04:37 | 000,000,166 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.09.26 09:04:31 | 000,003,303 | ---- | C] () -- C:\Windows\BRPARAM.INI
[2012.09.26 09:03:43 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.09.26 09:03:43 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.09.26 09:03:42 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012.09.26 09:03:41 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012.09.26 06:20:08 | 000,864,265 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2012.09.25 16:59:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.27 10:16:20 | 000,304,128 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll
[2011.09.27 10:14:14 | 000,133,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll
[2011.09.27 10:13:58 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Extras.txt:

OTL Extras logfile created on: 10.11.2012 16:16:56 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Downloads\firefox\Trojaner-Board
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

5,96 Gb Total Physical Memory | 3,80 Gb Available Physical Memory | 63,75% Memory free
11,92 Gb Paging File | 9,36 Gb Available in Paging File | 78,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 205,97 Gb Total Space | 127,29 Gb Free Space | 61,80% Space Free | Partition Type: NTFS
Drive D: | 425,58 Gb Total Space | 261,32 Gb Free Space | 61,40% Space Free | Partition Type: NTFS
Drive E: | 554,98 Gb Total Space | 382,46 Gb Free Space | 68,91% Space Free | Partition Type: NTFS
Drive I: | 662,53 Gb Total Space | 368,80 Gb Free Space | 55,67% Space Free | Partition Type: NTFS

Computer Name: HDS-NEU | User Name: Hans-Dieter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{038E0D54-5D80-4FD1-85C5-4EAAA6043A13}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{087E198D-6FB9-4261-AFD2-AF3172436139}" = lport=445 | protocol=6 | dir=in | app=system |
"{0B96597E-7647-459E-9FB2-EBFC9B85D36D}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{12089A0F-68DC-41B3-BECA-2AD713C3E03A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{23027D3F-0276-4229-8894-88B72C9F41A4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{23718321-819D-4F88-88B7-EA3172D2B078}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{255749EC-11E8-4394-881A-20977369406F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{262EFCB3-6259-4488-AEDB-1D9982DFCCA1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3128D013-35B2-4FE0-AC8D-E05401904EF1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{412B00D3-D5BC-4023-8705-9D036CB5DF1E}" = rport=139 | protocol=6 | dir=out | app=system |
"{4EA17CFD-7BB5-421C-BAA7-B5DF7051C591}" = lport=10243 | protocol=6 | dir=in | app=system |
"{53F7B566-F8B2-423C-AED5-55CAC93E88B4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{58CF0ADB-6854-4606-B001-47D33F804318}" = lport=138 | protocol=17 | dir=in | app=system |
"{61726A0A-D47E-44AA-A63F-A67488972CAF}" = rport=138 | protocol=17 | dir=out | app=system |
"{64875DDC-0D3C-43C5-AAC8-1F1A3C5D696E}" = lport=139 | protocol=6 | dir=in | app=system |
"{75F44617-C842-4B7F-AB38-02453570D20A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7EDEB10C-74D0-4A90-AB37-2EBC95355756}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8A34C33A-612E-4B45-A1BD-1623BF5F5284}" = lport=137 | protocol=17 | dir=in | app=system |
"{8F344123-D5FE-4E1B-AD34-164C62D6B8E8}" = rport=137 | protocol=17 | dir=out | app=system |
"{A787D977-8B10-4FE9-A607-02DAA0450887}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{B1676717-AF3A-454E-85F2-F6EE9A657DBC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D45C62B6-BD54-4677-A772-B4314EE52B75}" = rport=445 | protocol=6 | dir=out | app=system |
"{DF93BBA0-BB0F-4421-B318-2AFA5ED4C9E2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E2E9E90D-B353-438F-899F-11B84C35968C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B7D1AC-8C13-457A-B4D1-E74278444A1B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{030B055A-C9AF-4DC8-A2F7-FAB83FEBD363}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{098826DF-E77B-46D0-95F1-23BB980DC7BC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1107790B-09BC-4FEF-9085-CE08A7E31A2C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{114DE25C-8ED3-45E1-AEBC-B87134404738}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{1271F7EF-83C5-44ED-AB20-B469162F3214}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{151B2E39-61EE-452C-9DDF-F7164298C918}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2563B735-D981-4E0E-8645-20D504123337}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2E78D05F-8C5A-4EA8-A95B-6157FB0B6884}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{36077467-876E-4135-8F8E-155A319B79DD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3B43F95A-68AD-4910-8448-148896582F27}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3E3D729F-4EBF-4CCF-B47E-3895D81B22C5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{450341DE-7232-49CF-BCD4-A10517834300}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{491318E3-88B2-4628-9FC0-508199A17A7F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{57CCFC88-A31F-48CE-B830-24A428FC21FC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{60F1BF04-1539-48B7-8B4D-A887F15B2D81}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{6BFD7A66-4AA6-46F8-86F7-0AD9972D6DEB}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl11a\faxrx.exe |
"{6D24ECB9-8B5B-4C07-A8E7-7C4A2FC1EE4C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{6F090AE0-A5AE-4AA8-A0AB-294DF2BEDDB6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{799FB540-CDBF-4B2E-B91F-BDD9CF9DA1AA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{7D2A0EF3-A143-47F2-997E-9AF9CE36647E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7EF42D75-4690-49ED-8778-C70CEB6C97F6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{7F6B7F4E-8534-4457-83D5-D1FB59766BDA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{80583741-9F14-4A3E-BC1B-4C48EDB91308}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{80EA029A-A0DE-4B82-ADFF-DF8F5D085F43}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{83ED9674-C469-4366-BD17-AABFE8986B4E}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{8C260E84-A6A7-4693-A04C-2547DDF138B6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{92DE0665-E992-45DB-87F2-328595B9C475}" = protocol=6 | dir=out | app=system |
"{96F21FDD-6042-4B19-942F-183D62AEEB7C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{99653404-4753-40B4-8393-39F0565CB7BA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{9E00067E-D0AE-4C02-B7C3-766C51F3ED10}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{A1D7AAD2-99B7-41D1-A99F-7831F9B3B998}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AA074DF3-1F5B-4586-9ED9-582720BD36BC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{AA3D6FA3-CE15-46C2-8DA4-29834DAD7A44}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{AAB120A3-93B3-4F6B-8DDF-1A00B9783D7C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AD2F087E-8B78-4C55-A961-1E6EAC38933B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{B5CCEFEE-E0AA-41AA-AB21-444E3334196D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B604BB09-B407-44E3-9199-73E9055C5EBD}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl11a\faxrx.exe |
"{B757A6E9-6325-4DA8-BD87-E32FD382F324}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{C5E36D19-9318-43F4-AAAC-3BAC16712458}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E18D1F1C-4498-4BE5-960E-111AE3FD0FF4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E614AA49-CA55-4A25-B466-929246581903}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{E9383476-AE82-45F8-A370-64AE070ED693}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{EDF6E06F-62F8-4CC9-8AF4-8A1259E53474}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{F2C70E78-DD31-4CC1-AFDF-13A7F34BB997}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FDDB76EA-271D-4CF5-B4CA-131FDFB59999}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01DA217A-DB5F-B568-6932-42407D209516}" = ccc-utility64
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1CE06D2F-BA28-05FE-9E14-E2BB013E1AE3}" = ATI AVIVO64 Codecs
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{727B5F1A-C702-E5AA-11BB-7A74A775F19D}" = ATI Catalyst Install Manager
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.SingleImage_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.SingleImage_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.SingleImage_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.SingleImage_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.SingleImage_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
"{D6E46FC2-B513-4B7D-8C8C-352F4735C541}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem (06/09/2010 4.5)
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
"DesktopIconAmazon" = Desktop Icon für Amazon
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.7)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PC-Doctor for Windows" = Dell Support Center
"sp6" = Logitech SetPoint 6.32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{0320AB41-0926-4218-A8A6-68AC84E6BB93}" = Nero Recode 11
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054A5F46-6DCE-4D09-8BC0-170428A4ED56}" = Acronis*True*Image*Home 2012
"{054A5F46-6DCE-4D09-8BC0-170428A4ED56}Visible" = Acronis*True*Image*Home 2012
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{08C7A49D-2B12-46F6-8B41-26D3B0D1C01F}" = Visual Studio C++ 9.0 Runtime
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0BAF04C4-9D21-2761-95A6-DE2DA9861323}" = CCC Help Spanish
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{0D8E6567-7082-48DB-A305-293873AC8B39}_is1" = Preispilot für Firefox
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1C1473A1-1A26-4C8F-9548-A52D03066CE7}" = Catalyst Control Center - Branding
"{1D04B4D4-80C2-4F02-B5BE-3A5991FF6077}" = MetaEditor
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}" = Multimedia Card Reader
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{24D3ACAC-E441-AF66-94CF-0C021A4EFBD8}" = Catalyst Control Center Localization All
"{265245FC-4ECC-C35A-F2A9-3E915BFB2F6F}" = Catalyst Control Center Graphics Previews Common
"{268679E8-7198-F2E6-5A71-F3D4C9A0C2FB}" = CCC Help Italian
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = shopping-preise.de AddOn Firefox
"{2C41394E-E15B-47DC-B33C-54D33EA85B68}" = Lexware online banking
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{38B2B0F6-0C7F-ECE6-9A61-C546658508F4}" = ccc-core-static
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1
"{3B69A712-4CBC-40B1-AE55-0203075FD093}" = Nokia Suite
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4261174B-FCD7-CD19-E81C-24262EB5AF42}" = CCC Help Greek
"{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1
"{4623BAA6-0B23-4D47-ABD0-73F2DA4FAF56}" = capella 7
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C352349-421A-7E87-C7BD-DF27162B12CA}" = Catalyst Control Center Graphics Previews Vista
"{51865D9D-8F63-46F2-87AB-9E72F93B618C}" = Welcome App (Start-up experience)
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5CCF2E33-181B-BD49-57AE-B513D37C6909}" = CCC Help English
"{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{649483EB-B464-1EE2-04E4-4BEC79B510D4}" = CCC Help German
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6A646891-7B53-C462-0B71-401E519D198C}" = Catalyst Control Center InstallProxy
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7390478C-8581-415E-92E9-2997D9306B81}" = PC Connectivity Solution
"{75F36A60-9969-C24F-5EB1-6DBC03F15196}" = CCC Help Russian
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79B3E8EE-35F2-4CCD-82D9-4A57F408E449}" = Nero 11 Platinum
"{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{8015502B-6160-4C2C-9F40-8F90C651FC76}" = TAXMAN 2012 spezial
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86107E2D-DFB9-46BC-99ED-07EACAEE0923}" = G Data InternetSecurity 2013
"{887D48C8-DA00-232B-3CB6-0FB086AD6FBB}" = CCC Help Chinese Standard
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CF2328D-A3D1-B08C-E868-68CDA4025E1D}" = CCC Help Polish
"{8EFB7927-48AD-4E6D-91B7-6B2BD6C3F380}" = Acronis*Disk*Director*11*Home
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-1146-0000-0000-0000000FF1CE}" = Microsoft Office 2010 Primary Interop Assemblies
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{915284CD-1A88-82B0-7ED8-08BCF1B8509A}" = CCC Help Norwegian
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC1A9BA-070A-455F-8AC3-62587524ADFB}" = Quicken 2011 - ServicePack 4
"{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1
"{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}" = Brother MFL-Pro Suite MFC-J625DW
"{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples
"{A37A1678-0971-4EF6-9609-1F2E67A738FC}" = eXPert PDF Editor
"{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A907A713-DA24-4352-8786-96C7A6944646}" = Quicken DELUXE Jubiläumsversion
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A984E262-1C7B-440E-BBBE-4A3FFCB9229C}" = Plus Pack für Acronis True Image Home 2012
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{ABEE1201-0FEA-E62F-6CB9-5D54BEB5E4AA}" = CCC Help Dutch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B82EC7CD-5FB1-32A5-444A-8F896B734CC7}" = CCC Help Korean
"{B89E66E6-659A-9078-2BDF-14E8C11928AA}" = CCC Help Chinese Traditional
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3
"{BAF6A826-DF92-8954-98F1-2CC67C6B419E}" = CCC Help Portuguese
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD1F6F85-E64B-4801-A513-F18095577AEB}_is1" = E-Postbrief Add-In für Microsoft Word Version 1.17
"{BD6A872A-A0AE-36FC-9284-6E3595FB39ED}" = CCC Help Danish
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C626B47C-8312-4D8C-89E1-16FE42EF34E6}" = Lotus Notes 6.5.1 de
"{C9461813-98BB-5823-FFAB-11FBD1B124DF}" = CCC Help Japanese
"{CB10C32F-807C-46E4-940C-E7820653B480}" = DDBAC
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D1AE1C98-646A-DC21-076A-0FD5957FCAD2}" = CCC Help Czech
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D4A97EBC-ABA6-9F3A-1EE0-D5B6C36FDFB5}" = CCC Help Finnish
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E259DE5F-4980-4882-85D0-312F82721ED5}" = Quicken 2011
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E5AF275B-D4B1-EE5E-27BD-844C491B86CA}" = CCC Help Swedish
"{E5FCC675-C479-3CAB-0B9E-CC1838417049}" = CCC Help Hungarian
"{E9811C8F-D729-01D3-9347-DCE297354C0A}" = CCC Help French
"{EA4340F5-7676-693D-A908-DF9D44771F7B}" = CCC Help Thai
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{EC637522-73A5-4428-8B46-65A621529CC7}" = Microsoft Location Finder
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F09C03B6-CF93-5099-4ED7-CF47DB2027E6}" = CCC Help Turkish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"Acoustica_is1" = Acoustica 4.1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Core FTP LE 2.1" = Core FTP LE 2.1
"DPP" = Canon Utilities Digital Photo Professional 3.4
"dradio-Recorder_is1" = dradio-Recorder Version 3.02.6
"EOS Utility" = Canon Utilities EOS Utility
"GeoSetter_is1" = GeoSetter 3.4.16
"Google Chrome" = Google Chrome
"InstallShield_{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}" = Multimedia Card Reader
"InstallShield_{E259DE5F-4980-4882-85D0-312F82721ED5}" = Quicken Deluxe 2011
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"MyTomTom" = MyTomTom 3.0.2.319
"Nokia PC Suite" = Nokia PC Suite
"Nokia Suite" = Nokia Suite
"PDF Editor 3" = PDF Editor 3
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"Picture Style Editor" = Canon Utilities Picture Style Editor
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SMOz" = SMOz
"TeamViewer 7" = TeamViewer 7
"UPM" = Universal Password Manager
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"XnView_is1" = XnView 1.99.1
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 04.11.2012 04:27:38 | Computer Name = HDS-Neu | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 04.11.2012 04:27:38 | Computer Name = HDS-Neu | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8049

Error - 04.11.2012 04:27:38 | Computer Name = HDS-Neu | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8049

Error - 06.11.2012 03:08:00 | Computer Name = HDS-Neu | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 844 Startzeit: 01cdbbecf5c6a738 Endzeit: 47 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID:

Error - 06.11.2012 09:17:37 | Computer Name = HDS-Neu | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "E:\Downloads\pdf\SoftonicDownloader_fuer_expert-pdf.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 06.11.2012 09:17:42 | Computer Name = HDS-Neu | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "E:\Downloads\pdf\SoftonicDownloader_fuer_pdfcreator.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 07.11.2012 02:46:55 | Computer Name = HDS-Neu | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1d84 Startzeit: 01cdbcb3849195cb Endzeit: 31 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID:

Error - 10.11.2012 06:49:23 | Computer Name = HDS-Neu | Source = Application Hang | ID = 1002
Description = Programm Mail.exe, Version 6.10.0.3 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c04 Startzeit:
01cdbf103def9d03 Endzeit: 3 Anwendungspfad: C:\Program Files (x86)\T-Online\T-Online_Software_6\eMail\Mail.exe

Berichts-ID:


Error - 10.11.2012 11:13:52 | Computer Name = HDS-Neu | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\dradio-Recorder\phonostar.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 10.11.2012 11:14:04 | Computer Name = HDS-Neu | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Notifier.exe, Version: 6.4.0.2, Zeitstempel:
0x45a38d1f Name des fehlerhaften Moduls: eMailPlugIn.dll_unloaded, Version: 0.0.0.0,
Zeitstempel: 0x47d9e700 Ausnahmecode: 0xc0000005 Fehleroffset: 0x03af017c ID des fehlerhaften
Prozesses: 0xf28 Startzeit der fehlerhaften Anwendung: 0x01cdbf103ee98d80 Pfad der
fehlerhaften Anwendung: C:\PROGRA~2\T-Online\T-ONLI~1\Notifier\Notifier.exe Pfad
des fehlerhaften Moduls: eMailPlugIn.dll Berichtskennung: 434ba723-2b49-11e2-bf1e-404e57434401

[ System Events ]
Error - 04.10.2012 03:00:41 | Computer Name = HDS-Neu | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.

Error - 05.10.2012 01:37:41 | Computer Name = HDS-Neu | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.

Error - 05.10.2012 01:37:42 | Computer Name = HDS-Neu | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.

Error - 05.10.2012 01:37:42 | Computer Name = HDS-Neu | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
"" können nicht gelesen werden.

Error - 05.10.2012 01:37:43 | Computer Name = HDS-Neu | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.

Error - 05.10.2012 06:28:33 | Computer Name = HDS-Neu | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 05.10.2012 06:40:48 | Computer Name = HDS-Neu | Source = DCOM | ID = 10010
Description =

Error - 06.10.2012 10:42:16 | Computer Name = HDS-Neu | Source = DCOM | ID = 10010
Description =

Error - 07.10.2012 02:43:11 | Computer Name = HDS-Neu | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
"" können nicht gelesen werden.

Error - 09.10.2012 07:48:35 | Computer Name = HDS-Neu | Source = DCOM | ID = 10010
Description =


< End of report >

Alt 10.11.2012, 17:10   #2
M-K-D-B
/// TB-Ausbilder
 
Firefox staret automatisch http://ad.adserverplus.com/  mit leerem Fenster - Standard

Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Schritt 1
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.





Schritt 2
Bitte lade Junkware Removal Tool auf Deinen Desktop.
  • Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
  • Starte das Tool mit Doppelklick. Vista und 7 Nutzer bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Das Tool wird sich öffnen und mit dem Scan beginnen.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.





Schritt 3
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von ComboFix.
__________________

__________________

Alt 10.11.2012, 18:47   #3
masin
 
Firefox staret automatisch http://ad.adserverplus.com/  mit leerem Fenster - Standard

Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster



Hallo, Matthias,

danke für die schnelle Antwort. Ich habe zunächst sicherheitshalber eine Rückfrage hinsichtlich deiner Anleitung:

Im Schritt 3 schreibst du, ich solle Combofix nur auf ausdrückliche Anweisung ausgeführt werden. Um nichts zu riskieren: Habe ich deine Anweisung oder benötige ich sie noch extra?

Danke und Gruß

Masin

Hallo Matthias,

habe mich nun doch entschlossen, alle drei Schritte deiner Anleitung auszuführen, die Logs folgen. Nur noch folgende Bemerkungen zum Ablauf:
Schritt 2: Mein GData Internet Security 2013 ließ mich das Junkware Removal Tool nicht herunterladen, sondern sperrte die Website sofort. Vielleicht sollte der Hinweis zum Sperren der Schutzsoftware vor der Aufforderung zum Download erfolgen?
Schritt 3: Combofix hängte sich zweimal während des Entpackens auf.

Nach Abschluss aller drei Schritte habe ich die JRT.exe wieder vom Rechner gelöscht, weil GData sich mit dem Vorhandensein dieser Datei nicht abfinden wollte.

Nun die Logs sowie Dank und Gruß!

Masin

# AdwCleaner v2.007 - Datei am 11/11/2012 um 08:59:57 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Hans-Dieter - HDS-NEU
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Hans-Dieter\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\searchplugins\Web Search.xml
Ordner Gelöscht : C:\Users\Hans-Dieter\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default
Datei : C:\Users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Hans-Dieter\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1537 octets] - [11/11/2012 08:59:57]

########## EOF - C:\AdwCleaner[S1].txt - [1597 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 2.9.7 (11.10.2012)
OS: Windows 7 Professional x64
Ran by Hans-Dieter on 11.11.2012 at 9:02:59,94
Blog: Malware Analysis and Removal
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.11.2012 at 9:07:34,78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-11-09.02 - Hans-Dieter 11.11.2012   9:29.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.6103.4131 [GMT 1:00]
ausgeführt von:: c:\users\Hans-Dieter\Desktop\ComboFix.exe
AV: G Data InternetSecurity 2013 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data InternetSecurity 2013 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6032\AddOnDownloaded\087abda5-3ca9-433a-8a4e-6b9fc9285607.dll
c:\programdata\PCDr\6032\AddOnDownloaded\0f6f4769-e33b-4059-ac7e-958f5cedf6f3.dll
c:\programdata\PCDr\6032\AddOnDownloaded\16535d13-dd9f-48ff-8ae3-e3135157e6da.dll
c:\programdata\PCDr\6032\AddOnDownloaded\2f733848-355c-4a6f-89a5-08a4dcc89c5c.dll
c:\programdata\PCDr\6032\AddOnDownloaded\305a1406-381f-449d-9486-32504a38e5b0.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3b429c4f-8ba9-4a7d-bbb4-4548bb6d2539.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3c49c05a-0eb3-4044-a0f8-d4ea2a439295.dll
c:\programdata\PCDr\6032\AddOnDownloaded\45d3827c-bce8-440f-bcda-3bd183a7bac3.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4704833a-6508-40cc-b98b-5ebd235e52ca.dll
c:\programdata\PCDr\6032\AddOnDownloaded\5cd81d7c-326c-42d2-8929-1ee85c69dc1d.dll
c:\programdata\PCDr\6032\AddOnDownloaded\5f169f6e-cfce-411e-b266-aa53ac35ce83.dll
c:\programdata\PCDr\6032\AddOnDownloaded\7119bf4b-d404-4b31-8779-44fac71761fa.dll
c:\programdata\PCDr\6032\AddOnDownloaded\819a7f02-352c-4ccc-8fd0-40d8959b0b10.dll
c:\programdata\PCDr\6032\AddOnDownloaded\8c199aef-9eca-4ab6-863d-c9136ebec654.dll
c:\programdata\PCDr\6032\AddOnDownloaded\a875f6ee-9729-4447-8d2c-63bd2e6396c1.dll
c:\programdata\PCDr\6032\AddOnDownloaded\aacbd8d1-f46e-4872-a1aa-7197c56e7bee.dll
c:\programdata\PCDr\6032\AddOnDownloaded\af728edb-0984-4c06-9a4b-0878bcfa9a26.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b510dd11-341c-4dfa-9f1e-dd5ddcc444f4.dll
c:\programdata\PCDr\6032\AddOnDownloaded\cf9bce06-e765-4c6f-afa9-0d82a3adc417.dll
c:\programdata\PCDr\6032\AddOnDownloaded\dbecb802-efe1-453f-828f-29af4ab73508.dll
c:\programdata\PCDr\6032\AddOnDownloaded\dc959002-1065-4317-b1a1-f360412a88d3.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e1ce76af-328a-41dc-b2c4-0dd9771f6aa1.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e3e252fe-80ab-4f89-82a9-b607007220bd.dll
c:\programdata\PCDr\6032\AddOnDownloaded\eb115e4d-8592-4082-bffa-e65ae6b21e95.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ed26c1b3-d9f9-42e8-80e0-cd62e65fd901.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ed2cc678-a9e6-4ef7-89b6-9bada02d1a74.dll
c:\programdata\PCDr\6032\AddOnDownloaded\f28ef68b-8cc4-4c00-891d-473fb67bd0b0.dll
c:\users\Hans-Dieter\AppData\Local\assembly\tmp
E:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-11 bis 2012-11-11  ))))))))))))))))))))))))))))))
.
.
2012-11-11 08:38 . 2012-11-11 08:38	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-11 08:32 . 2012-11-11 08:32	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF2BC6CF-209D-4189-ADDF-B79C412A31A9}\offreg.dll
2012-11-10 18:17 . 2012-11-10 18:17	--------	d-----w-	c:\windows\ERUNT
2012-11-10 18:17 . 2012-11-11 08:07	--------	d-----w-	C:\JRT
2012-11-10 08:34 . 2012-11-10 08:34	--------	d-----w-	c:\users\Hans-Dieter\AppData\Roaming\Malwarebytes
2012-11-10 08:34 . 2012-11-10 08:34	--------	d-----w-	c:\programdata\Malwarebytes
2012-11-10 08:34 . 2012-11-10 08:34	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-10 08:34 . 2012-09-29 18:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-09 08:07 . 2012-11-08 17:24	4918219	----a-w-	c:\windows\exiftool.exe
2012-11-09 06:40 . 2012-10-12 07:19	9291768	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF2BC6CF-209D-4189-ADDF-B79C412A31A9}\mpengine.dll
2012-11-06 13:29 . 2012-11-06 13:47	--------	d-----w-	c:\users\Hans-Dieter\AppData\Roaming\eXPert PDF Editor
2012-11-06 13:28 . 2012-11-06 13:28	--------	d-----w-	c:\program files (x86)\Visagesoft
2012-11-06 13:18 . 2012-11-06 13:18	--------	d-----w-	c:\users\Hans-Dieter\AppData\Roaming\CAD-KAS
2012-11-06 13:18 . 2012-11-06 13:18	87704	----a-w-	c:\windows\cadkasdeinst01.exe
2012-11-06 13:18 . 2012-11-06 13:20	--------	d-----w-	c:\program files (x86)\PDF Editor 3
2012-11-06 13:18 . 2012-11-06 13:18	--------	d-----w-	c:\users\Hans-Dieter\AppData\Roaming\DesktopIconForAmazon
2012-11-06 13:18 . 2011-05-13 13:16	493056	----a-w-	c:\windows\SysWow64\dhRichClient3.dll
2012-11-06 13:18 . 2011-03-25 21:42	338432	----a-w-	c:\windows\SysWow64\sqlite36_engine.dll
2012-10-31 11:32 . 2012-10-31 11:32	--------	d-----w-	c:\program files\Common Files\DESIGNER
2012-10-31 09:05 . 2012-10-12 06:34	100864	----a-w-	c:\windows\system32\pdfcmon.dll
2012-10-31 09:05 . 2012-05-05 10:54	137000	----a-w-	c:\windows\SysWow64\MSMAPI32.OCX
2012-10-31 09:05 . 2012-10-31 09:05	--------	d-----w-	c:\program files (x86)\PDFCreator
2012-10-31 09:05 . 2012-05-05 10:54	23552	----a-w-	c:\windows\SysWow64\MSMPIDE.DLL
2012-10-31 09:05 . 1998-07-06 17:55	158208	----a-w-	c:\windows\SysWow64\MSCMCDE.DLL
2012-10-31 09:05 . 1998-07-06 17:55	64512	----a-w-	c:\windows\SysWow64\MSCC2DE.DLL
2012-10-31 09:05 . 2012-10-31 09:05	--------	d-----w-	c:\users\Hans-Dieter\AppData\Local\Programs
2012-10-21 12:53 . 2012-10-21 12:54	--------	d-----w-	c:\users\Hans-Dieter\AppData\Roaming\PC-FAX TX
2012-10-18 15:16 . 2012-10-18 15:16	--------	d-----w-	c:\users\Hans-Dieter\AppData\Local\Apple Computer
2012-10-18 15:16 . 2012-08-21 11:01	33240	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-10-18 15:15 . 2012-10-18 15:15	--------	d-----w-	c:\program files\iPod
2012-10-18 15:15 . 2012-10-18 15:16	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-18 15:15 . 2012-10-18 15:16	--------	d-----w-	c:\program files\iTunes
2012-10-18 15:15 . 2012-10-18 15:16	--------	d-----w-	c:\program files (x86)\iTunes
2012-10-18 15:14 . 2012-10-18 15:14	--------	d-----w-	c:\program files\Common Files\Apple
2012-10-18 15:14 . 2012-10-18 15:14	--------	d-----w-	c:\program files\Bonjour
2012-10-18 15:14 . 2012-10-18 15:14	--------	d-----w-	c:\program files (x86)\Bonjour
2012-10-17 09:04 . 2012-10-17 09:04	--------	d-----w-	c:\users\Hans-Dieter\AppData\Local\kiwi.software.NET
2012-10-17 09:03 . 2012-10-17 09:03	--------	d-----w-	c:\program files (x86)\kiwi.software.NET
2012-10-14 13:43 . 2012-10-14 14:24	--------	d-----w-	c:\users\Hans-Dieter\AppData\Roaming\TeamViewer
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-08 11:49 . 2012-09-26 14:03	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-08 11:49 . 2012-09-26 10:15	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-10 20:23 . 2012-09-26 14:42	65309168	----a-w-	c:\windows\system32\MRT.exe
2012-10-03 08:16 . 2012-09-25 15:54	60320	----a-w-	c:\windows\system32\drivers\PktIcpt.sys
2012-10-03 05:47 . 2012-09-25 15:54	126880	----a-w-	c:\windows\system32\drivers\MiniIcpt.sys
2012-10-03 05:47 . 2012-09-25 15:54	64416	----a-w-	c:\windows\system32\drivers\gdwfpcd64.sys
2012-10-03 05:47 . 2012-09-25 15:54	54176	----a-w-	c:\windows\system32\drivers\GDBehave.sys
2012-10-01 12:48 . 2012-10-01 12:48	53248	----a-r-	c:\users\Hans-Dieter\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-10-01 12:48 . 2012-10-01 12:43	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2012-09-28 13:42 . 2012-09-28 13:42	227216	----a-w-	c:\windows\SysWow64\ddBACCTM.cpl
2012-09-28 13:42 . 2012-09-28 13:42	825232	----a-w-	c:\windows\SysWow64\Ddbaccpl.cpl
2012-09-27 11:58 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2012-09-27 11:58 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2012-09-26 16:26 . 2012-09-26 16:26	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2012-09-26 16:26 . 2012-09-26 16:26	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-26 16:26 . 2012-09-26 16:26	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-09-26 16:26 . 2012-09-26 16:26	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2012-09-26 16:26 . 2012-09-26 16:26	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2012-09-26 16:26 . 2012-09-26 16:26	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2012-09-26 16:26 . 2012-09-26 16:26	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-09-26 16:26 . 2012-09-26 16:26	367104	----a-w-	c:\windows\SysWow64\html.iec
2012-09-26 16:26 . 2012-09-26 16:26	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-09-26 16:26 . 2012-09-26 16:26	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2012-09-26 16:26 . 2012-09-26 16:26	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-09-26 16:26 . 2012-09-26 16:26	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2012-09-26 16:26 . 2012-09-26 16:26	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2012-09-26 16:26 . 2012-09-26 16:26	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2012-09-26 16:26 . 2012-09-26 16:26	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-09-26 16:26 . 2012-09-26 16:26	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-09-26 16:26 . 2012-09-26 16:26	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2012-09-26 16:26 . 2012-09-26 16:26	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-09-26 16:26 . 2012-09-26 16:26	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2012-09-26 16:26 . 2012-09-26 16:26	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2012-09-26 16:26 . 2012-09-26 16:26	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2012-09-26 16:26 . 2012-09-26 16:26	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-09-26 16:26 . 2012-09-26 16:26	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-09-26 16:26 . 2012-09-26 16:26	222208	----a-w-	c:\windows\system32\msls31.dll
2012-09-26 16:26 . 2012-09-26 16:26	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-09-26 16:26 . 2012-09-26 16:26	197120	----a-w-	c:\windows\system32\msrating.dll
2012-09-26 16:26 . 2012-09-26 16:26	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-09-26 16:26 . 2012-09-26 16:26	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-09-26 16:26 . 2012-09-26 16:26	17810944	----a-w-	c:\windows\system32\mshtml.dll
2012-09-26 16:26 . 2012-09-26 16:26	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-09-26 16:26 . 2012-09-26 16:26	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-09-26 16:26 . 2012-09-26 16:26	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-09-26 16:26 . 2012-09-26 16:26	89088	----a-w-	c:\windows\system32\ie4uinit.exe
2012-09-26 16:26 . 2012-09-26 16:26	85504	----a-w-	c:\windows\system32\iesetup.dll
2012-09-26 16:26 . 2012-09-26 16:26	82432	----a-w-	c:\windows\system32\icardie.dll
2012-09-26 16:26 . 2012-09-26 16:26	816640	----a-w-	c:\windows\system32\jscript.dll
2012-09-26 16:26 . 2012-09-26 16:26	76800	----a-w-	c:\windows\system32\tdc.ocx
2012-09-26 16:26 . 2012-09-26 16:26	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-09-26 16:26 . 2012-09-26 16:26	65024	----a-w-	c:\windows\system32\pngfilt.dll
2012-09-26 16:26 . 2012-09-26 16:26	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-09-26 16:26 . 2012-09-26 16:26	55296	----a-w-	c:\windows\system32\msfeedsbs.dll
2012-09-26 16:26 . 2012-09-26 16:26	534528	----a-w-	c:\windows\system32\ieapfltr.dll
2012-09-26 16:26 . 2012-09-26 16:26	49664	----a-w-	c:\windows\system32\imgutil.dll
2012-09-26 16:26 . 2012-09-26 16:26	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-09-26 16:26 . 2012-09-26 16:26	452608	----a-w-	c:\windows\system32\dxtmsft.dll
2012-09-26 16:26 . 2012-09-26 16:26	448512	----a-w-	c:\windows\system32\html.iec
2012-09-26 16:26 . 2012-09-26 16:26	403248	----a-w-	c:\windows\system32\iedkcs32.dll
2012-09-26 16:26 . 2012-09-26 16:26	39936	----a-w-	c:\windows\system32\iernonce.dll
2012-09-26 16:26 . 2012-09-26 16:26	3695416	----a-w-	c:\windows\system32\ieapfltr.dat
2012-09-26 16:26 . 2012-09-26 16:26	30720	----a-w-	c:\windows\system32\licmgr10.dll
2012-09-26 16:26 . 2012-09-26 16:26	282112	----a-w-	c:\windows\system32\dxtrans.dll
2012-09-26 16:26 . 2012-09-26 16:26	267776	----a-w-	c:\windows\system32\ieaksie.dll
2012-09-26 16:26 . 2012-09-26 16:26	249344	----a-w-	c:\windows\system32\webcheck.dll
2012-09-26 16:26 . 2012-09-26 16:26	248320	----a-w-	c:\windows\system32\ieui.dll
2012-09-26 16:26 . 2012-09-26 16:26	237056	----a-w-	c:\windows\system32\url.dll
2012-09-26 16:26 . 2012-09-26 16:26	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-09-26 16:26 . 2012-09-26 16:26	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-09-26 16:26 . 2012-09-26 16:26	165888	----a-w-	c:\windows\system32\iexpress.exe
2012-09-26 16:26 . 2012-09-26 16:26	163840	----a-w-	c:\windows\system32\ieakui.dll
2012-09-26 16:26 . 2012-09-26 16:26	160256	----a-w-	c:\windows\system32\wextract.exe
2012-09-26 16:26 . 2012-09-26 16:26	160256	----a-w-	c:\windows\system32\ieakeng.dll
2012-09-26 16:26 . 2012-09-26 16:26	149504	----a-w-	c:\windows\system32\occache.dll
2012-09-26 16:26 . 2012-09-26 16:26	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-09-26 16:26 . 2012-09-26 16:26	145920	----a-w-	c:\windows\system32\iepeers.dll
2012-09-26 16:26 . 2012-09-26 16:26	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-09-26 16:26 . 2012-09-26 16:26	12288	----a-w-	c:\windows\system32\mshta.exe
2012-09-26 16:26 . 2012-09-26 16:26	114176	----a-w-	c:\windows\system32\admparse.dll
2012-09-26 16:26 . 2012-09-26 16:26	111616	----a-w-	c:\windows\system32\iesysprep.dll
2012-09-26 16:26 . 2012-09-26 16:26	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-09-26 16:26 . 2012-09-26 16:26	10752	----a-w-	c:\windows\system32\msfeedssync.exe
2012-09-26 16:26 . 2012-09-26 16:26	103936	----a-w-	c:\windows\system32\inseng.dll
2012-09-26 12:46 . 2012-09-26 12:46	129784	------w-	c:\windows\SysWow64\pxafs.dll
2012-09-26 12:46 . 2012-09-26 12:46	116472	------w-	c:\windows\SysWow64\pxcpyi64.exe
2012-09-26 12:46 . 2012-09-26 12:46	10488	------w-	c:\windows\system32\drivers\cdralw2k.sys
2012-09-26 12:46 . 2012-09-26 12:46	10488	------w-	c:\windows\system32\drivers\cdr4_xp.sys
2012-09-26 12:46 . 2012-09-26 12:46	52856	------w-	c:\windows\system32\drivers\PxHlpa64.sys
2012-09-26 12:46 . 2012-09-26 12:46	118520	------w-	c:\windows\SysWow64\pxinsi64.exe
2012-09-26 09:16 . 2012-09-26 09:16	477168	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-09-26 09:16 . 2012-09-26 09:16	473072	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-09-26 08:37 . 2012-09-26 08:37	367200	----a-w-	c:\windows\system32\drivers\afcdp.sys
2012-09-26 08:37 . 2012-09-26 08:37	1294432	----a-w-	c:\windows\system32\drivers\tdrpman.sys
2012-09-26 08:37 . 2012-09-26 08:37	994912	----a-w-	c:\windows\system32\drivers\timntr.sys
2012-09-26 08:37 . 2012-09-26 08:37	211552	----a-w-	c:\windows\system32\drivers\vididr.sys
2012-09-26 08:37 . 2012-09-26 08:37	146528	----a-w-	c:\windows\system32\drivers\vsflt67.sys
2012-09-26 08:37 . 2012-09-26 08:37	320096	----a-w-	c:\windows\system32\drivers\snapman.sys
2012-09-26 08:37 . 2012-09-26 08:37	137312	----a-w-	c:\windows\system32\drivers\fltsrv.sys
2012-09-25 15:54 . 2012-09-25 15:54	64376	----a-w-	c:\windows\system32\drivers\HookCentre.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dradio-RecorderTimer"="c:\program files (x86)\dradio-Recorder\phonostarTimer.exe" [2012-04-03 41472]
"Microsoft Location Finder"="c:\program files (x86)\Microsoft Location Finder\LocationFinder.exe" [2006-11-14 121640]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2012-09-17 995352]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2012-01-27 1470968]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2011-05-19 2629632]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-06-28 5993216]
"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2012-06-28 1173712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2012-01-13 1493288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-10 98304]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-01-27 237568]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-9-26 113664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Lexware Info Service.lnk - c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2011-7-31 189808]
Quicken 2011 Zahlungserinnerung.lnk - c:\program files (x86)\Lexware\Quicken\2011\billmind.exe [2010-11-24 198000]
Quicken Jubiläumsversion Zahlungserinnerung.lnk - c:\windows\Installer\{A907A713-DA24-4352-8786-96C7A6944646}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe [2012-9-29 40960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-09-04 25584]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\drivers\vpcuxd.sys [2010-11-20 16384]
R4 Cosptsvfcrls;Cosptsvfcrls; [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-09-26 137312]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2012-10-03 54176]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2012-09-26 52856]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-09-26 211552]
S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys [2012-09-26 146528]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2012-10-03 126880]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [2012-10-03 64416]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2012-09-25 64376]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-09-26 3491792]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-10 203776]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2012-08-23 1542680]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [2012-01-27 468472]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2012-08-30 2011568]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 OS Selector;Acronis OS Selector Activator;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2011-11-15 2155848]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-06-28 5924712]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-08-28 92632]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-09-26 367200]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
S3 AVMCOWAN;AVM ISDN CoNDIS WAN CAPI Driver;c:\windows\system32\DRIVERS\AVMCOWAN.sys [2009-06-10 79872]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
S3 FPCIBASE;AVM FRITZ!Card PCI;c:\windows\system32\DRIVERS\fpcibase.sys [2009-06-10 899328]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2012-06-04 1766464]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2012-10-03 60320]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2012-03-29 470008]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-01-28 36720]
S3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\AutorunsDisabled\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-26 11:49]
.
2012-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-26 11:19]
.
2012-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-26 11:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-06-28 403688]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} - hxxp://bmontessori12.dyndns.org:1120/RtspVaPgDec.cab
FF - ProfilePath - c:\users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-09-12 14:40; fb_add_on@avm.de; c:\users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\extensions\fb_add_on@avm.de
FF - ExtSQL: 2012-09-25 19:46; {BCC877E7-7F3F-4632-8338-DAEE4475DE35}; c:\users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\extensions\{BCC877E7-7F3F-4632-8338-DAEE4475DE35}.xpi
FF - ExtSQL: 2012-09-26 11:16; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-03 07:47; {906305f7-aafc-45e9-8bbd-941950a84dad}; c:\program files (x86)\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
FF - ExtSQL: 2012-10-18 15:35; maps@ovi.com; c:\users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\extensions\maps@ovi.com
FF - ExtSQL: 2012-11-06 14:18; extension@preispilot.com; c:\users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\extensions\extension@preispilot.com.xpi
FF - ExtSQL: 2012-11-06 14:18; mail@shopping-preise.de; c:\users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\extensions\mail@shopping-preise.de
FF - ExtSQL: 2012-11-06 14:18; firejump@firejump.net; c:\users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\extensions\firejump@firejump.net
FF - ExtSQL: !HIDDEN! 2012-11-06 14:18; mail@shopping-preise.de; c:\users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\extensions\mail@shopping-preise.de
FF - ExtSQL: !HIDDEN! 2012-11-06 14:18; firejump@firejump.net; c:\users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\extensions\firejump@firejump.net
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-ControlCenter4 - c:\program files (x86)\ControlCenter4\BrCcBoot.exe
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-11  09:42:06
ComboFix-quarantined-files.txt  2012-11-11 08:42
.
Vor Suchlauf: 11 Verzeichnis(se), 143.753.400.320 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 144.133.267.456 Bytes frei
.
- - End Of File - - 45C56C0255CF0093A86B2EAD23B5A9A9
         
--- --- ---
__________________

Alt 11.11.2012, 11:18   #4
M-K-D-B
/// TB-Ausbilder
 
Firefox staret automatisch http://ad.adserverplus.com/  mit leerem Fenster - Standard

Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster



Servus,


danke für die Hinweise bezüglich JRT.


Gibts noch Probleme mit http://ad.adserverplus.com/ in Firefox?


Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 11.11.2012, 11:45   #5
masin
 
Firefox staret automatisch http://ad.adserverplus.com/  mit leerem Fenster - Standard

Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster



Hallo, Matthias,

danke für die schnelle Antwort.
Nein, seit Abschluß der Prozedur gab es keine Probleme, aber kann ich denn schon sicher sein, dass sie beseitigt sind?

Es wäre schön, wenn du mir dazu was sagen und vor allem auch Hinweise geben könntest, wie ich sowas künftig verhindern kann. Leider hat ja mein GData auch keinen Alarm geschlagen, aber vielleicht geht das bei diesem Hijacker-Virus auch gar nicht.

Auf jeden Fall vielen Dank für die schnelle (und hoffentlich nachhaltige) Hilfe.

Das OTL-Log folgt.OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.11.2012 12:27:25 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hans-Dieter\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,96 Gb Total Physical Memory | 3,30 Gb Available Physical Memory | 55,44% Memory free
11,92 Gb Paging File | 8,66 Gb Available in Paging File | 72,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 205,97 Gb Total Space | 133,68 Gb Free Space | 64,90% Space Free | Partition Type: NTFS
Drive D: | 425,58 Gb Total Space | 261,32 Gb Free Space | 61,40% Space Free | Partition Type: NTFS
Drive E: | 554,98 Gb Total Space | 382,45 Gb Free Space | 68,91% Space Free | Partition Type: NTFS
Drive I: | 662,53 Gb Total Space | 368,98 Gb Free Space | 55,69% Space Free | Partition Type: NTFS
 
Computer Name: HDS-NEU | User Name: Hans-Dieter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\HANS-D~1\AppData\Local\Temp\~e5d141.tmp (Macrovision Europe Ltd.)
PRC - C:\Users\Hans-Dieter\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\IrfanView\i_view32.exe (Irfan Skiljan)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe ()
PRC - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe (Google Inc.)
PRC - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
PRC - C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe ()
PRC - C:\Program Files (x86)\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe (Deutsche Telekom AG)
PRC - C:\Program Files (x86)\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe (Deutsche Telekom AG)
PRC - C:\Program Files (x86)\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe (Deutsche Telekom AG)
PRC - C:\Program Files (x86)\T-Online\T-Online_Software_6\eMail\Mail.exe (Deutsche Telekom AG, www.t-online.de)
PRC - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
PRC - C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files (x86)\T-Online\T-Online_Software_6\Notifier\Notifier.exe (fun communications GmbH, hxxp://www.fun.de)
PRC - C:\Program Files (x86)\Microsoft Location Finder\LocationFinder.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Adobe\Photoshop CS\Photoshop.exe (Adobe Systems, Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\HANS-D~1\AppData\Local\Temp\~ef0a3f\~df394b.tmp ()
MOD - C:\Users\HANS-D~1\AppData\Local\Temp\~ef055f\~de4ae7.tmp ()
MOD - C:\Users\HANS-D~1\AppData\Local\Temp\~ef055f\~df394b.tmp ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\IrfanView\Languages\Deutsch.dll ()
MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll ()
MOD - C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe ()
MOD - C:\Program Files (x86)\Google\Picasa3\Picasa3i18n.dll ()
MOD - C:\Program Files (x86)\Google\Picasa3\plugins\ytITivo.yti ()
MOD - C:\Program Files (x86)\Google\Picasa3\qtsupport.dll ()
MOD - C:\Program Files (x86)\Google\Picasa3\plugins\CDVDR\CDVDR.yti ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\T-Online\T-Online_Software_6\eMail\libexpat.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtCore4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtSvg4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtGUI4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtXml4.dll ()
MOD - C:\Program Files (x86)\T-Online\T-Online_Software_6\Notifier\libcurl.dll ()
MOD - C:\Program Files (x86)\T-Online\T-Online_Software_6\Notifier\libexpat.dll ()
MOD - C:\Program Files (x86)\Adobe\Photoshop CS\Photoshop.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe (G Data Software AG)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (syncagentsrv) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (GDFwSvc) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe (G Data Software AG)
SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
SRV - (AVKService) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (OS Selector) -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe ()
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG)
DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG)
DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG)
DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman) -- C:\Windows\SysNative\drivers\tdrpman.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (vididr) -- C:\Windows\SysNative\drivers\vididr.sys (Acronis)
DRV:64bit: - (vidsflt67) -- C:\Windows\SysNative\drivers\vsflt67.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (fltsrv) -- C:\Windows\SysNative\drivers\fltsrv.sys (Acronis)
DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (NBVol) -- C:\Windows\SysNative\drivers\NBVol.sys (Nero AG)
DRV:64bit: - (NBVolUp) -- C:\Windows\SysNative\drivers\NBVolUp.sys (Nero AG)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (FPCIBASE) -- C:\Windows\SysNative\drivers\fpcibase.sys (AVM Berlin)
DRV:64bit: - (AVMCOWAN) -- C:\Windows\SysNative\drivers\avmcowan.sys (AVM GmbH)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (Null) -- C:\Windows\SysWow64\NULL ()
DRV - (PCDSRVC{1E208CE0-FB7451FF-06020200}_0) -- c:\Programme\Dell Support Center\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D1 E6 22 1C E7 BC CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: {bb6bc1bb-f824-4702-90cd-35e2fb24f25d}:1.5.1.1
FF - prefs.js..extensions.enabledAddons: fb_add_on@avm.de:1.6.3
FF - prefs.js..extensions.enabledAddons: {BCC877E7-7F3F-4632-8338-DAEE4475DE35}:0.20
FF - prefs.js..extensions.enabledAddons: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.2.2
FF - prefs.js..extensions.enabledAddons: maps@ovi.com:5.10.3.0
FF - prefs.js..extensions.enabledAddons: {906305f7-aafc-45e9-8bbd-941950a84dad}:1.1.11215.1124
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files (x86)\dradio-Recorder\npphonostarDetectNP.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.30 17:57:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.07 10:43:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@shopping-preise.de: C:\Users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\extensions\mail@shopping-preise.de [2012.11.06 14:18:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\extensions\firejump@firejump.net [2012.11.06 14:18:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\extensions\extension@preispilot.com
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.30 17:57:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.10.11 13:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Extensions
[2012.10.11 13:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.11.10 19:21:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions
[2012.10.08 17:38:41 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012.09.25 17:42:52 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2012.09.25 17:42:51 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions\fb_add_on@avm.de
[2012.11.06 14:18:32 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions\firejump@firejump.net
[2012.11.06 14:18:32 | 000,000,000 | ---D | M] (Shopping-preise.de) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions\mail@shopping-preise.de
[2012.10.18 14:35:29 | 000,000,000 | ---D | M] (Nokia Maps 3D browser plugin) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions\maps@ovi.com
[2012.11.07 17:04:18 | 000,111,107 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\extension@preispilot.com.xpi
[2012.09.25 18:46:06 | 000,009,282 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\{BCC877E7-7F3F-4632-8338-DAEE4475DE35}.xpi
[2012.07.26 07:33:30 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.07.25 07:44:14 | 000,000,003 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\maps@ovi.com\plugins\package.XPI
[2012.08.27 10:13:16 | 000,001,348 | ---- | M] () -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\searchplugins\wikipdia-fr.xml
[2012.10.31 09:39:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.10.30 17:57:12 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2012.10.30 17:57:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.30 17:57:17 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Hans-Dieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Hans-Dieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Hans-Dieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.11.11 09:39:39 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [dradio-RecorderTimer] C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe ()
O4 - HKCU..\Run: [Microsoft Location Finder] C:\Program Files (x86)\Microsoft Location Finder\LocationFinder.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} hxxp://bmontessori12.dyndns.org:1119/VatDec.cab (VatCtrl Class)
O16 - DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} hxxp://bmontessori12.dyndns.org:1120/RtspVaPgDec.cab (RtspVaPgCtrlNew Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C8BD92B-6F2C-4827-852A-084480244670}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.11.10 15:28:29 | 000,000,000 | ---D | M] - E:\Autos -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.11 12:26:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hans-Dieter\Desktop\OTL.exe
[2012.11.11 09:49:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.10 19:35:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.10 19:35:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.10 19:35:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.10 19:32:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.10 19:30:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.10 19:25:34 | 004,998,937 | R--- | C] (Swearware) -- C:\Users\Hans-Dieter\Desktop\ComboFix.exe
[2012.11.10 19:17:03 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012.11.10 19:17:00 | 000,000,000 | ---D | C] -- C:\JRT
[2012.11.10 09:34:16 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Roaming\Malwarebytes
[2012.11.10 09:34:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.10 09:34:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.10 09:34:03 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.10 09:34:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.09 09:07:40 | 004,918,219 | ---- | C] (Phil Harvey) -- C:\Windows\exiftool.exe
[2012.11.06 14:29:30 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Roaming\eXPert PDF Editor
[2012.11.06 14:28:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visage
[2012.11.06 14:28:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Visagesoft
[2012.11.06 14:18:58 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Roaming\CAD-KAS
[2012.11.06 14:18:51 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Editor 3.3
[2012.11.06 14:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Editor 3.3
[2012.11.06 14:18:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Editor 3
[2012.11.06 14:18:32 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\SysWow64\dhRichClient3.dll
[2012.11.06 14:18:32 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Roaming\DesktopIconForAmazon
[2012.10.31 12:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012.10.31 10:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.10.31 10:05:41 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX
[2012.10.31 10:05:41 | 000,100,864 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2012.10.31 10:05:40 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL
[2012.10.31 10:05:40 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL
[2012.10.31 10:05:40 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL
[2012.10.31 10:05:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2012.10.31 10:05:02 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Local\Programs
[2012.10.30 17:57:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.21 13:53:27 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Roaming\PC-FAX TX
[2012.10.18 16:16:36 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Local\Apple Computer
[2012.10.18 16:16:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.10.18 16:16:26 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012.10.18 16:15:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.10.18 16:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.10.18 16:15:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.10.18 16:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.10.18 16:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.10.18 16:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.10.18 16:14:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012.10.17 10:04:09 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Local\kiwi.software.NET
[2012.10.17 10:03:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\kiwi.software.NET
[2012.10.17 10:03:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\kiwi.software.NET
[2012.10.14 14:43:49 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Roaming\TeamViewer
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.11 12:29:03 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.11 12:04:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.11 11:31:37 | 000,865,944 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2012.11.11 11:31:37 | 000,046,155 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2012.11.11 09:57:05 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.11 09:57:05 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.11 09:49:18 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.11 09:48:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.11 09:48:52 | 504,717,311 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.11 09:39:39 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.11.10 19:18:46 | 004,998,937 | R--- | M] (Swearware) -- C:\Users\Hans-Dieter\Desktop\ComboFix.exe
[2012.11.10 18:25:19 | 000,541,569 | ---- | M] () -- C:\Users\Hans-Dieter\Desktop\adwcleaner.exe
[2012.11.10 16:11:09 | 000,000,000 | ---- | M] () -- C:\Users\Hans-Dieter\defogger_reenable
[2012.11.10 09:34:04 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.10 09:18:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hans-Dieter\Desktop\OTL.exe
[2012.11.09 08:50:34 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.09 08:50:34 | 000,655,802 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.09 08:50:34 | 000,616,348 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.09 08:50:34 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.09 08:50:34 | 000,106,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.08 18:30:55 | 000,002,374 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.11.08 18:24:21 | 004,918,219 | ---- | M] (Phil Harvey) -- C:\Windows\exiftool.exe
[2012.11.08 12:49:35 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.11.08 12:49:35 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.11.06 14:28:25 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\eXPert PDF Editor.lnk
[2012.11.06 14:18:51 | 000,087,704 | ---- | M] () -- C:\Windows\cadkasdeinst01.exe
[2012.11.06 14:18:51 | 000,000,990 | ---- | M] () -- C:\Users\Hans-Dieter\Desktop\PDF Editor 3.3.lnk
[2012.11.06 14:18:32 | 000,001,478 | ---- | M] () -- C:\Users\Hans-Dieter\Desktop\Amazon.lnk
[2012.11.05 14:54:44 | 000,011,264 | ---- | M] () -- C:\Users\Hans-Dieter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.04 19:32:24 | 000,000,262 | ---- | M] () -- C:\Users\Hans-Dieter\Desktop\Run.lnk
[2012.10.31 12:42:13 | 000,427,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.31 10:05:45 | 000,001,160 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.10.31 10:05:45 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.10.21 13:54:13 | 000,000,414 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2012.10.21 13:54:13 | 000,000,000 | ---- | M] () -- C:\Windows\brdfxspd.dat
[2012.10.21 13:53:27 | 000,000,166 | ---- | M] () -- C:\Windows\brpcfx.ini
[2012.10.18 16:16:30 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
 
========== Files Created - No Company Name ==========
 
[2012.11.11 08:55:02 | 000,541,569 | ---- | C] () -- C:\Users\Hans-Dieter\Desktop\adwcleaner.exe
[2012.11.10 19:35:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.10 19:35:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.10 19:35:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.10 19:35:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.10 19:35:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.10 16:11:09 | 000,000,000 | ---- | C] () -- C:\Users\Hans-Dieter\defogger_reenable
[2012.11.10 09:34:04 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.06 14:28:25 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\eXPert PDF Editor.lnk
[2012.11.06 14:18:51 | 000,087,704 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2012.11.06 14:18:51 | 000,000,990 | ---- | C] () -- C:\Users\Hans-Dieter\Desktop\PDF Editor 3.3.lnk
[2012.11.06 14:18:32 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012.11.06 14:18:32 | 000,001,478 | ---- | C] () -- C:\Users\Hans-Dieter\Desktop\Amazon.lnk
[2012.11.04 19:32:24 | 000,000,262 | ---- | C] () -- C:\Users\Hans-Dieter\Desktop\Run.lnk
[2012.10.31 10:05:45 | 000,001,160 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.10.31 10:05:45 | 000,000,991 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.10.18 16:16:30 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.27 16:25:58 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.09.27 12:45:11 | 000,011,264 | ---- | C] () -- C:\Users\Hans-Dieter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.26 13:45:48 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.09.26 09:04:37 | 000,000,414 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.09.26 09:04:37 | 000,000,166 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.09.26 09:04:31 | 000,003,303 | ---- | C] () -- C:\Windows\BRPARAM.INI
[2012.09.26 09:03:43 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.09.26 09:03:43 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.09.26 09:03:42 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012.09.26 09:03:41 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012.09.26 06:20:08 | 000,865,944 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2012.09.25 16:59:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.27 10:16:20 | 000,304,128 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll
[2011.09.27 10:14:14 | 000,133,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll
[2011.09.27 10:13:58 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---


Alt 11.11.2012, 12:08   #6
M-K-D-B
/// TB-Ausbilder
 
Firefox staret automatisch http://ad.adserverplus.com/  mit leerem Fenster - Standard

Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster



Servus,



Zitat:
Zitat von masin Beitrag anzeigen
Nein, seit Abschluß der Prozedur gab es keine Probleme, aber kann ich denn schon sicher sein, dass sie beseitigt sind?
Wir führen noch Kontrollsuchläufe durch.



Zitat:
Zitat von masin Beitrag anzeigen
Es wäre schön, wenn du mir dazu was sagen und vor allem auch Hinweise geben könntest, wie ich sowas künftig verhindern kann. Leider hat ja mein GData auch keinen Alarm geschlagen, aber vielleicht geht das bei diesem Hijacker-Virus auch gar nicht.
Bei diesen "Hijackern" handelt es sich wie so oft um Adware oder PUP (Potentially unwanted programs). Diese werden meist bei der Installation anderer Software angeboten oder auch teilweise ohne Rückfrage von alleine installiert.
Die meisten AV-Programme oder SecuritySuiten erkennen diese Schädlinge nicht, da sie dem Computer nicht wirklichen Schaden zufügen können. Sie sind eher ziemlich nervig.

AdwCleaner ist ein gutes Programm, das in solchen Fällen Abhilfe schaffen kann.

So, nun zu den Kontrollscans. Wenn die sauber sind, dann gebe ich dir im Anschluss noch ein paar wertvolle Tipps.





Schritt 1
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.





Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 3
Downloade Dir bitte SecurityCheck
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde sollte sich ein Textdokument ( checkup.txt ) öffnen.
Poste den Inhalt bitte hier.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von MBAM,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.
__________________
--> Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster

Alt 11.11.2012, 14:14   #7
masin
 
Firefox staret automatisch http://ad.adserverplus.com/  mit leerem Fenster - Standard

Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster



Kurzer Zwischenbericht:
Der Online-Scanner läuft jetzt ca. 1 h, Stand: 11%. Es kann also noch etwas dauern, bis ich liefern kann. Aber das kennst Du sicher...

Gruß Masin

Alt 11.11.2012, 14:51   #8
M-K-D-B
/// TB-Ausbilder
 
Firefox staret automatisch http://ad.adserverplus.com/  mit leerem Fenster - Standard

Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster



Servus,


vielen Dank für die Rückmeldung. Poste einfach die Logdateien, sobald du alles zusammen hast.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 11.11.2012, 14:55   #9
masin
 
Firefox staret automatisch http://ad.adserverplus.com/  mit leerem Fenster - Standard

Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster



Geht klar.

Gruß Masin

Alt 11.11.2012, 15:20   #10
M-K-D-B
/// TB-Ausbilder
 
Firefox staret automatisch http://ad.adserverplus.com/  mit leerem Fenster - Standard

Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster



__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 12.11.2012, 07:33   #11
masin
 
Firefox staret automatisch http://ad.adserverplus.com/  mit leerem Fenster - Standard

Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster



Guten Morgen, Matthias,

Nun ist es endlich geschafft, fast 10 Stunden hat's gedauert.
Muss ich Bedenken haben, weil mein Rechner ja ca. 18 Stunden völlig ungeschützt im Netz stand?

Es folgen die Logs, bin gespannt auf deine Auswertung.

Schönen Tag!

Masin


Malwarebytes Anti-Malware (Test) 1.65.1.1000
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.11.11.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Hans-Dieter :: HDS-NEU [Administrator]

Schutz: Aktiviert

11.11.2012 14:03:21
mbam-log-2012-11-11 (14-03-21).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 208493
Laufzeit: 2 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=284fe10b949d6440a66d32a3e4c61300
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-11 10:49:35
# local_time=2012-11-11 11:49:35 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=4096 16777215 100 0 4051022 4051022 0 0
# compatibility_mode=5893 16776573 100 94 20318 104269317 0 0
# compatibility_mode=8192 67108863 100 0 3696 3696 0 0
# scanned=621101
# found=19
# cleaned=0
# scan_time=34708
D:\DASI HDD Notebook\Daten1\Download\QUAD_Registry_Cleaner_Installer.exe a variant of Win32/Adware.QUADRegClean application (unable to clean) 00000000000000000000000000000000 I
D:\DASI HDD Notebook\Daten1\Download\SoftonicDownloader47309.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
D:\DASI HDD Notebook\Daten1\Download\SoftonicDownloader_fuer_expert-pdf.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
D:\DASI HDD Notebook\Daten1\Download\vlc-1.1.5-win32.exe Win32/StartPage.OIE trojan (unable to clean) 00000000000000000000000000000000 I
E:\SoftonicDownloader_fuer_expert-pdf.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
E:\downl\SoftonicDownloader_fuer_dropit.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
E:\Downloads\Geo\cnet2_pictomio_exe(1).exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
E:\Downloads\Geo\cnet2_pictomio_exe.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
E:\Downloads\OCR\SoftonicDownloader_fuer_abbyy-finereader.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
E:\Downloads\OCR\SoftonicDownloader_fuer_cognitive-openocr.exe Win32/SoftonicDownloader.D application (unable to clean) 00000000000000000000000000000000 I
E:\Downloads\pdf\SoftonicDownloader_fuer_expert-pdf.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
E:\Downloads\pdf\SoftonicDownloader_fuer_pdfcreator.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
E:\Downloads\Video\Setup58_FreeFlvConverter.exe Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
E:\Downloads\Video\Setup_696FreeFlvConverter.exe Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
E:\Downloads\Video\SoftonicDownloader_for_kmplayer.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
E:\Downloads\VLC\VLCMediaPlayerSetup.exe a variant of Win32/Somoto.A application (unable to clean) 00000000000000000000000000000000 I
E:\Downloads\windows\registrybooster.exe a variant of Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
E:\Downloads\windows\SoftonicDownloader_fuer_iconphile.exe a variant of Win32/SoftonicDownloader.E application (unable to clean) 00000000000000000000000000000000 I
E:\Grafik\PosPanoramaPro_SetUp.exe Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
G Data InternetSecurity 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.65.1.1000
Java(TM) 6 Update 35
Java(TM) 6 Update 2
Java version out of Date!
Adobe Flash Player 11.5.502.110
Adobe Reader X (10.1.4)
Mozilla Firefox (Firefox.)
Mozilla Thunderbird (15.0.1)
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
G Data InternetSecurity Firewall GDFirewallTray.exe
G Data InternetSecurity Firewall GDFwSvcx64.exe
T-Online T-Online_Software_6 eMail Mail.exe
T-Online T-ONLI~1 BASIS-~1 Basis2\PROFIL~1.EXE
T-Online T-ONLI~1 BASIS-~1 Basis2\kernel.exe
T-Online T-ONLI~1 BASIS-~1 Basis2\sc_watch.exe
T-Online T-ONLI~1 Notifier Notifier.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Alt 12.11.2012, 16:20   #12
M-K-D-B
/// TB-Ausbilder
 
Firefox staret automatisch http://ad.adserverplus.com/  mit leerem Fenster - Standard

Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster



Servus,



halte dich von Softonic fern, damit handelst du dir nämlich sonst nur wieder lauter Müll ein.







Schritt 1
Schließe wie beim ESET Online Scanner alle externen Laufwerke (bei dir D:\ und E:\) an den Rechner an!
  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
:files
D:\DASI HDD Notebook\Daten1\Download\QUAD_Registry_Cleaner_Installer.exe
D:\DASI HDD Notebook\Daten1\Download\SoftonicDownloader47309.exe
D:\DASI HDD Notebook\Daten1\Download\SoftonicDownloader_fuer_expert-pdf.exe
D:\DASI HDD Notebook\Daten1\Download\vlc-1.1.5-win32.exe
E:\SoftonicDownloader_fuer_expert-pdf.exe
E:\downl\SoftonicDownloader_fuer_dropit.exe
E:\Downloads\Geo\cnet2_pictomio_exe(1).exe
E:\Downloads\Geo\cnet2_pictomio_exe.exe
E:\Downloads\OCR\SoftonicDownloader_fuer_abbyy-finereader.exe
E:\Downloads\OCR\SoftonicDownloader_fuer_cognitive-openocr.exe
E:\Downloads\pdf\SoftonicDownloader_fuer_expert-pdf.exe
E:\Downloads\pdf\SoftonicDownloader_fuer_pdfcreator.exe
E:\Downloads\Video\Setup58_FreeFlvConverter.exe
E:\Downloads\Video\Setup_696FreeFlvConverter.exe
E:\Downloads\Video\SoftonicDownloader_for_kmplayer.exe
E:\Downloads\VLC\VLCMediaPlayerSetup.exe
E:\Downloads\windows\registrybooster.exe
E:\Downloads\windows\SoftonicDownloader_fuer_iconphile.exe
E:\Grafik\PosPanoramaPro_SetUp.exe

:Commands
[reboot]
         
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread





Schritt 2
Downloade Dir bitte delfix auf deinen Desktop.
  • Starte die delfix mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\DelFix[R1].txt.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von OTL,
  • die Logdatei von Delfix.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 12.11.2012, 16:41   #13
masin
 
Firefox staret automatisch http://ad.adserverplus.com/  mit leerem Fenster - Standard

Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster



Hallo Matthias,

danke für deine Antwort und die weitere Anleitung. Das mit Softonic hatte ich mir fast schon gedacht, als ich heute morgen das Log las.

Hier die beiden neuen Logs, vorher noch zwei Bemerkungen:
- der Suchlauf von Delfix dauerte nur weniger als eine Sekunde,
- ich habe heute eine kleine Spende überwiesen für die vorbildliche Arbeit eures Boards. Gestaltung der Website, die Anleitungen und die schnelle Reaktionszeit werden selbst von professionellen Firmen kaum getoppt.

Danke und Gruß

Masin



========== OTL ==========
========== FILES ==========
D:\DASI HDD Notebook\Daten1\Download\QUAD_Registry_Cleaner_Installer.exe moved successfully.
D:\DASI HDD Notebook\Daten1\Download\SoftonicDownloader47309.exe moved successfully.
D:\DASI HDD Notebook\Daten1\Download\SoftonicDownloader_fuer_expert-pdf.exe moved successfully.
D:\DASI HDD Notebook\Daten1\Download\vlc-1.1.5-win32.exe moved successfully.
E:\SoftonicDownloader_fuer_expert-pdf.exe moved successfully.
E:\downl\SoftonicDownloader_fuer_dropit.exe moved successfully.
E:\Downloads\Geo\cnet2_pictomio_exe(1).exe moved successfully.
E:\Downloads\Geo\cnet2_pictomio_exe.exe moved successfully.
E:\Downloads\OCR\SoftonicDownloader_fuer_abbyy-finereader.exe moved successfully.
E:\Downloads\OCR\SoftonicDownloader_fuer_cognitive-openocr.exe moved successfully.
E:\Downloads\pdf\SoftonicDownloader_fuer_expert-pdf.exe moved successfully.
E:\Downloads\pdf\SoftonicDownloader_fuer_pdfcreator.exe moved successfully.
E:\Downloads\Video\Setup58_FreeFlvConverter.exe moved successfully.
E:\Downloads\Video\Setup_696FreeFlvConverter.exe moved successfully.
E:\Downloads\Video\SoftonicDownloader_for_kmplayer.exe moved successfully.
E:\Downloads\VLC\VLCMediaPlayerSetup.exe moved successfully.
E:\Downloads\windows\registrybooster.exe moved successfully.
E:\Downloads\windows\SoftonicDownloader_fuer_iconphile.exe moved successfully.
E:\Grafik\PosPanoramaPro_SetUp.exe moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 11122012_172959

# AdwCleaner v6.2 - Datei am 12/11/2012 um 17:34:57 erstellt
# Aktualisiert am 11/11/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Hans-Dieter - HDS-NEU
# Ausgeführt unter : C:\Users\Hans-Dieter\Desktop\delfix.exe
# Option [Suche]


~~~~~~ Ordner ~~~~~~

Gefunden : C:\Qoobox
Gefunden : C:\JRT
Gefunden : C:\_OTL

~~~~~~ Datei(en) ~~~~~~

Gefunden : C:\AdwCleaner[S1].txt
Gefunden : C:\ComboFix.txt
Gefunden : C:\Users\Hans-Dieter\Desktop\adwcleaner.exe
Gefunden : C:\Users\Hans-Dieter\Desktop\AdwCleaner[S1].txt
Gefunden : C:\Users\Hans-Dieter\Desktop\ComboFix.exe
Gefunden : C:\Users\Hans-Dieter\Desktop\ComboFix.txt
Gefunden : C:\Users\Hans-Dieter\Desktop\Extras.Txt
Gefunden : C:\Users\Hans-Dieter\Desktop\JRT.txt
Gefunden : C:\Users\Hans-Dieter\Desktop\OTL.Txt
Gefunden : C:\Users\Hans-Dieter\Desktop\OTL.exe
Gefunden : C:\Users\Hans-Dieter\Desktop\SecurityCheck.exe
Gefunden : C:\Windows\grep.exe
Gefunden : C:\Windows\PEV.exe
Gefunden : C:\Windows\NIRCMD.exe
Gefunden : C:\Windows\MBR.exe
Gefunden : C:\Windows\SED.exe
Gefunden : C:\Windows\SWREG.exe
Gefunden : C:\Windows\SWSC.exe
Gefunden : C:\Windows\SWXCACLS.exe
Gefunden : C:\Windows\Zip.exe

~~~~~~ Registrierungsdatenbank ~~~~~~

Schlüssel gefunden : HKLM\SOFTWARE\OldTimer Tools
Schlüssel gefunden : HKLM\SOFTWARE\AdwCleaner
Schlüssel gefunden : HKLM\SOFTWARE\Swearware
Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~~~~~~ Sonstiges ~~~~~~


*************************

DelFix[R1].txt - [1579 octets] - [12/11/2012 17:34:57]

########## EOF - C:\DelFix[R1].txt - [1703 octets] ##########

Alt 12.11.2012, 17:13   #14
M-K-D-B
/// TB-Ausbilder
 
Firefox staret automatisch http://ad.adserverplus.com/  mit leerem Fenster - Standard

Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster



Servus,



im Namem des Teams sage ich vielen Dank für die Spende.





Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.



Schritt 1
Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 9 ) herunter laden.
  • Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Software / Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Haken gesetzt ist und klicke OK.
  • Klicke erneut OK.





Schritt 2
Deinstalliere bitte deine aktuelle Version von Adobe Reader
Start--> Systemsteuerung--> Software / Programme deinstallieren--> Adobe Reader
und lade dir die neue Version von Hier herunter-
Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome.





Schritt 3
  • Klicke auf > Hilfe > Über Firefox
  • Warte bis das Update geladen ist, klicke auf Update installieren und lasse Firefox neu starten.
  • Prüfe bitte, ob weitere Updates vorliegen oder ob Firefox aktuell ist.
  • Klicke nun auf > Add-ons > > Auf Updates überprüfen
  • Nach einem weiteren Neustart von Firefox sollte alles aktuell sein.

Prüfe bitte auch (regelmässig) ob folgende Links fehlende Updates bei deinen Plugins zeigen:




Schritt 4
Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.
Code:
ATTFilter
Combofix /Uninstall
         


Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.





Schritt 5
  • Schließe alle offenen Programme und Browser.
  • Starte die delfix.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Es öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\DelFix[S1].txt.
  • Klicke abschließend auf Deinstallation.
  • Bestätige mit Ja.





Schritt 6
Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles, nur weil es Dich dazu auffordert und schön bunt ist.
  • Verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe.
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.



Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 13.11.2012, 07:53   #15
masin
 
Firefox staret automatisch http://ad.adserverplus.com/  mit leerem Fenster - Standard

Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster



Hallo Matthias,

dank deiner Hilfe ist das Problem ja nun wohl beseitigt.
Unten ist noch die DelFix[S1].txt.

Abschließend noch ein paar Bemerkungen zu den von dir empfohlenen Maßnahmen.
Die Schritte 1 bis 5 sind völlig klar.
Zum Schritt 6 ist folgendes zu sagen: Selbstverständlich versuche ich, mein System ständig auf dem Laufenden zu halten, Windows Update ist eine Selbstverständlichkeit, immer aktuelle Versionen von Browser (Firefox) und anderer Software ist auch klar. Für letzteres empfiehlst du Secunia Online. Hier wird mir ein Upgrade von relativ teuren Programmen wie Photoshop bzw. Dreamweaver empfohlen, obwohl ich annehme, dass diese älteren Versionen auch sicher sind und die neueren Versionen im wesentlichen einen höheren Funktionsumfang haben. Ist das richtig?
Bei meinem FTP-Programm Core FTP LE fordert Secunia mich auf, den Support zu kontaktieren und Daten zusenden (she. Anhang). Nach Betätigen des Sende-Buttons passiert jetzt schon fast 30 min gar nichts. Werde mich wohl mal direkt an Secunia wenden.

Zu deinen wichtigsten Hinweisen gehört zweifellos die Warnung vor Softonic. Ich habe zwar in der Vergangenheit fast immer daran gedacht, das Installieren unerwünschter Software wie Toolbars usw. zu deaktivieren, aber wohl nicht immer.

Nun also nochmal besten Dank für eure und insbesondere deine Mühe. Ich habe mir auch euer Angebot angesehen, sich in eurer Akademie ausbilden zu lassen und hätte schon Lust dazu, aber sicher nicht mehr in meinem Alter (67).

Weiterhin viel Erfolg mit eurem Board!

Beste Grüße

Masin


# AdwCleaner v6.2 - Datei am 12/11/2012 um 18:51:43 erstellt
# Aktualisiert am 11/11/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Hans-Dieter - HDS-NEU
# Ausgeführt unter : C:\Users\Hans-Dieter\Desktop\delfix.exe
# Option [Löschen]


~~~~~~ Ordner ~~~~~~

Gelöscht : C:\JRT
Gelöscht : C:\_OTL

~~~~~~ Datei(en) ~~~~~~

Gelöscht : C:\AdwCleaner[S1].txt
Gelöscht : C:\ComboFix.txt
Gelöscht : C:\Users\Hans-Dieter\Desktop\adwcleaner.exe
Gelöscht : C:\Users\Hans-Dieter\Desktop\AdwCleaner[S1].txt
Gelöscht : C:\Users\Hans-Dieter\Desktop\ComboFix.txt
Gelöscht : C:\Users\Hans-Dieter\Desktop\Extras.Txt
Gelöscht : C:\Users\Hans-Dieter\Desktop\JRT.txt
Gelöscht : C:\Users\Hans-Dieter\Desktop\OTL.Txt
Gelöscht : C:\Users\Hans-Dieter\Desktop\OTL.exe
Gelöscht : C:\Users\Hans-Dieter\Desktop\SecurityCheck.exe

~~~~~~ Registrierungsdatenbank ~~~~~~

Schlüssel gelöscht : HKLM\SOFTWARE\OldTimer Tools
Schlüssel gelöscht : HKLM\SOFTWARE\AdwCleaner
Schlüssel gelöscht : HKLM\SOFTWARE\Swearware

~~~~~~ Sonstiges ~~~~~~

-> Prefetch Geleert

*************************

DelFix[R1].txt - [1700 octets] - [12/11/2012 17:34:57]
DelFix[S1].txt - [1199 octets] - [12/11/2012 18:51:43]

########## EOF - C:\DelFix[S1].txt - [1323 octets] ##########
Miniaturansicht angehängter Grafiken
Firefox staret automatisch http://ad.adserverplus.com/  mit leerem Fenster-secunia1.jpg  

Geändert von masin (13.11.2012 um 08:22 Uhr)

Antwort

Themen zu Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster
7-zip, akamai, antivirus, bho, bonjour, brief, desktop, document, email, error, expert pdf, fehler, firefox, flash player, format, helper, home, iexplore.exe, install.exe, logfile, mozilla, problem, registry, richtlinie, rundll, scan, security, senden, software, svchost.exe, visual studio, windows



Ähnliche Themen: Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster


  1. Werbung in Firefox, Fenster mit PC Optimierung Werbung öffnet sich automatisch
    Log-Analyse und Auswertung - 10.04.2015 (11)
  2. IE öffnet automatisch Fenster im Firefox
    Plagegeister aller Art und deren Bekämpfung - 28.12.2014 (23)
  3. Windows 8.1 - Chrome öffnet neue Tabs mit leerem Inhalt automatisch. Aviras letzter Fund: 2 Viren bzw. unerwünschte Programme
    Log-Analyse und Auswertung - 31.07.2014 (10)
  4. mozilla firefox-viele fenster (v.a. werbung für spiele) öffnen sich automatisch
    Plagegeister aller Art und deren Bekämpfung - 09.06.2014 (9)
  5. Firefox und I-net Explorer öffnen ständig automatisch irgendwelche Tabs bzw Fenster!
    Plagegeister aller Art und deren Bekämpfung - 16.03.2014 (4)
  6. Windows7: Mozilla firefox öfnet immer http://arl16.ezpowerads.com Fenster
    Log-Analyse und Auswertung - 20.09.2013 (7)
  7. Problem mit http://ad.adserverplus.com...
    Plagegeister aller Art und deren Bekämpfung - 07.04.2013 (14)
  8. Bei mir jetzt auch: http://ad.adserverplus.com/ mit Firefox
    Log-Analyse und Auswertung - 26.11.2012 (34)
  9. Firefox staret automatisch http://ad.adserverplus.com/
    Plagegeister aller Art und deren Bekämpfung - 03.11.2012 (19)
  10. http://ad.adserverplus.com/ erscheint beim Besuchen diverser Webseits!
    Log-Analyse und Auswertung - 26.10.2012 (6)
  11. Pop-Up Fenster (http://ad.adserverplus.com...) - Hilfe bei Malware-Installierung
    Plagegeister aller Art und deren Bekämpfung - 12.08.2012 (4)
  12. ad.adserverplus.com - Fenster erscheint auf diversen Seiten
    Log-Analyse und Auswertung - 23.07.2012 (41)
  13. http://ad.adserverplus.com/ erscheint beim Besuchen diverser Webseits!
    Log-Analyse und Auswertung - 05.07.2012 (7)
  14. firefox fenster mit http://ad.adserverplus.com/
    Log-Analyse und Auswertung - 01.07.2012 (1)
  15. Firefox öffnet automatisch neue Fenster bis zum Absturtz
    Log-Analyse und Auswertung - 30.06.2011 (20)
  16. Trojaner TR/PCK: Firefox öffnet automatisch neue Fenster
    Plagegeister aller Art und deren Bekämpfung - 07.12.2009 (5)
  17. Firefox öffnet automatisch ein fenster mit werbung!
    Log-Analyse und Auswertung - 30.12.2007 (1)

Zum Thema Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster - Hallo zusammen, in der Hoffnung, dass ich als Neuling nicht irgend eine Regel übersehen habe, will ich mein Problem schildern: Seit einigen Tagen öffnet Firefox an schwer reproduzierbaren Stellen das - Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster...
Archiv
Du betrachtest: Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.