Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.10.2013, 17:15   #1
imebro
 
Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab - Standard

Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab



Hallo,

gestern Abend wollte ich mir das Fußballspiel Dortmund : Marseille anschauen.
Der Livestream startete nicht sofort... man mußte zunächst ein Programm installieren. Das habe ich getan und das war wohl ein Fehler

Wenn ich nun in Firefox einen neuen Tab öffne, erscheint immer die folgende Seite:

hxxp://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx


--> komisch... das "hxxp://" sehe ich jetzt erst, wo ich den Link hier rein kopiert habe ;-)

Ich habe zwar hier im Forum schon darüber gelesen, aber auch, dass man besser nichts alleine unternehmen soll. Leider habe ich das zu spät gelesen und habe schon ein paar Dinge durchgeführt.

Auch habe ich schon mal die entsprechende Toolbar deinstalliert.

Hier die durchgeführten Codes:

1) ADW-Cleaner:

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.006 - Bericht erstellt am 01/10/2013 um 21:35:06
# Updated 01/10/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Ingo - INGOS-LAPTOP
# Gestartet von : C:\Users\Ingo\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\HDvidCodec.com
Ordner Gelöscht : C:\Program Files (x86)\IminentToolbar
Ordner Gelöscht : C:\Program Files (x86)\Mein Gutscheincode Finder
Ordner Gelöscht : C:\Program Files (x86)\Plus-HD-2.2
[x] Nicht Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Umbrella
Ordner Gelöscht : C:\Users\Ingo\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Ingo\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Users\Ingo\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Ingo\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Ingo\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\Ingo\AppData\LocalLow\PriceGong
[x] Nicht Gelöscht : C:\Users\Ingo\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDvidCodec.com
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Temp\boost_interprocess
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Temp\boost_interprocess
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\softonic-de3
Ordner Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\e52n97zr.default\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
Ordner Gelöscht : C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\lo97a2qd.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Ordner Gelöscht : C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\lo97a2qd.default\Extensions\{C50CA3C4-5656-43C2-A061-13E717F73FC8}
Ordner Gelöscht : C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gelöscht : C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\searchplugins\ask-search.xml
Datei Gelöscht : C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\lo97a2qd.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\e52n97zr.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\e52n97zr.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\e52n97zr.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\e52n97zr.default\searchplugins\icqplugin-3.xml
Datei Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\e52n97zr.default\searchplugins\icqplugin-4.xml
Datei Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\e52n97zr.default\searchplugins\icqplugin-5.xml
Datei Gelöscht : C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\searchplugins\iminent.xml
Datei Gelöscht : C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\lo97a2qd.default\user.js
Datei Gelöscht : C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\user.js
Datei Gelöscht : C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Datei Gelöscht : C:\Windows\Tasks\Plus-HD-2.2-chromeinstaller.job
Datei Gelöscht : C:\Windows\System32\Tasks\Plus-HD-2.2-chromeinstaller
Datei Gelöscht : C:\Windows\Tasks\Plus-HD-2.2-codedownloader.job
Datei Gelöscht : C:\Windows\System32\Tasks\Plus-HD-2.2-codedownloader
Datei Gelöscht : C:\Windows\Tasks\Plus-HD-2.2-enabler.job
Datei Gelöscht : C:\Windows\System32\Tasks\Plus-HD-2.2-enabler
Datei Gelöscht : C:\Windows\Tasks\Plus-HD-2.2-firefoxinstaller.job
Datei Gelöscht : C:\Windows\System32\Tasks\Plus-HD-2.2-firefoxinstaller
Datei Gelöscht : C:\Windows\Tasks\Plus-HD-2.2-updater.job
Datei Gelöscht : C:\Windows\System32\Tasks\Plus-HD-2.2-updater

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader94947_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader94947_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_artweaver-plus_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_artweaver-plus_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-cd-ripper_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-cd-ripper_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gimp_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gimp_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_phpmyadmin_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_phpmyadmin_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_radiojack_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_radiojack_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_slimdrivers_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_slimdrivers_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Plus-HD-2.2
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\TENCENT
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v24.0 (de)

[ Datei : C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\eok8o42u.Websitebaker\prefs.js ]


[ Datei : C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\l3vxubqb.WB\prefs.js ]


[ Datei : C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\lo97a2qd.default\prefs.js ]

Zeile gelöscht : user_pref("pttl.menu-search-groups-tab", false);
Zeile gelöscht : user_pref("pttl.menu-search-groups-win", false);
Zeile gelöscht : user_pref("quickstores.toolbar.affid", "2003");
Zeile gelöscht : user_pref("quickstores.toolbar.guid", "{C88C2B10-BAB9-A4D8-68D5-6ACB9CA5A605}");

[ Datei : C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\prefs.js ]

Zeile gelöscht : user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Zeile gelöscht : user_pref("CT2431245.CTID", "CT2431245");
Zeile gelöscht : user_pref("CT2431245.CurrentServerDate", "24-9-2010");
Zeile gelöscht : user_pref("CT2431245.DialogsAlignMode", "LTR");
Zeile gelöscht : user_pref("CT2431245.DownloadReferralCookieData", "");
Zeile gelöscht : user_pref("CT2431245.EMailNotifierPollDate", "Fri Sep 24 2010 20:20:08 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedLastCount129009402595187825", 496);
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634014180506963", "Fri Sep 24 2010 20:20:11 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634014269327586", "Fri Sep 24 2010 20:20:09 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634014329599698", "Fri Sep 24 2010 20:20:09 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634014537505092", "Fri Sep 24 2010 20:20:09 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634014970726540", "Fri Sep 24 2010 20:20:09 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634015410831318", "Fri Sep 24 2010 20:20:11 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634015483395460", "Fri Sep 24 2010 20:20:10 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634015636754705", "Fri Sep 24 2010 20:20:10 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634015768347545", "Fri Sep 24 2010 20:20:10 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634015855543602", "Fri Sep 24 2010 20:20:09 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634016030710453", "Fri Sep 24 2010 20:20:09 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634016114705611", "Fri Sep 24 2010 20:20:11 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634016129205152", "Fri Sep 24 2010 20:20:11 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634016143724791", "Fri Sep 24 2010 20:20:11 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634016271239162", "Fri Sep 24 2010 20:20:11 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634016568520719", "Fri Sep 24 2010 20:20:10 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634016726993788", "Fri Sep 24 2010 20:20:09 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634017109031809", "Fri Sep 24 2010 20:20:10 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634017132743740", "Fri Sep 24 2010 20:20:10 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634017299547668", "Fri Sep 24 2010 20:20:11 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634017302327846", "Fri Sep 24 2010 20:20:10 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634017344111490", "Fri Sep 24 2010 20:20:09 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634017478360748", "Fri Sep 24 2010 20:20:12 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634017732797593", "Fri Sep 24 2010 20:20:09 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634017821686064", "Fri Sep 24 2010 20:20:11 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634018090228721", "Fri Sep 24 2010 20:20:11 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedTTL7470634014269327586", 5);
Zeile gelöscht : user_pref("CT2431245.FeedTTL7470634014537505092", 5);
Zeile gelöscht : user_pref("CT2431245.FeedTTL7470634014970726540", 2);
Zeile gelöscht : user_pref("CT2431245.FeedTTL7470634015636754705", 5);
Zeile gelöscht : user_pref("CT2431245.FeedTTL7470634016568520719", 30);
Zeile gelöscht : user_pref("CT2431245.FirstServerDate", "24-9-2010");
Zeile gelöscht : user_pref("CT2431245.FirstTime", true);
Zeile gelöscht : user_pref("CT2431245.FirstTimeFF3", true);
Zeile gelöscht : user_pref("CT2431245.FirstTimeSettingsDone", true);
Zeile gelöscht : user_pref("CT2431245.FixPageNotFoundErrors", true);
Zeile gelöscht : user_pref("CT2431245.GroupingServerCheckInterval", 1440);
Zeile gelöscht : user_pref("CT2431245.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Zeile gelöscht : user_pref("CT2431245.Initialize", true);
Zeile gelöscht : user_pref("CT2431245.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("CT2431245.InstallationAndCookieDataSentCount", 1);
Zeile gelöscht : user_pref("CT2431245.InstallationType", "UnknownIntegration");
Zeile gelöscht : user_pref("CT2431245.InstalledDate", "Fri Sep 24 2010 20:20:08 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.InvalidateCache", false);
Zeile gelöscht : user_pref("CT2431245.IsGrouping", false);
Zeile gelöscht : user_pref("CT2431245.IsMulticommunity", false);
Zeile gelöscht : user_pref("CT2431245.IsOpenThankYouPage", false);
Zeile gelöscht : user_pref("CT2431245.IsOpenUninstallPage", true);
Zeile gelöscht : user_pref("CT2431245.LanguagePackLastCheckTime", "Fri Sep 24 2010 20:20:10 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.LanguagePackReloadIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2431245.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Zeile gelöscht : user_pref("CT2431245.LastLogin_2.7.1.3", "Fri Sep 24 2010 20:20:10 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.LatestVersion", "2.7.2.0");
Zeile gelöscht : user_pref("CT2431245.Locale", "de-de");
Zeile gelöscht : user_pref("CT2431245.LoginCache", 4);
Zeile gelöscht : user_pref("CT2431245.MCDetectTooltipHeight", "83");
Zeile gelöscht : user_pref("CT2431245.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gelöscht : user_pref("CT2431245.MCDetectTooltipWidth", "295");
Zeile gelöscht : user_pref("CT2431245.RadioIsPodcast", false);
Zeile gelöscht : user_pref("CT2431245.RadioLastCheckTime", "Fri Sep 24 2010 20:20:11 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.RadioLastUpdateIPServer", "3");
Zeile gelöscht : user_pref("CT2431245.RadioLastUpdateServer", "129167771525870000");
Zeile gelöscht : user_pref("CT2431245.RadioMediaID", "20503672");
Zeile gelöscht : user_pref("CT2431245.RadioMediaType", "Media Player");
Zeile gelöscht : user_pref("CT2431245.RadioMenuSelectedID", "EBRadioMenu_CT243124520503672");
Zeile gelöscht : user_pref("CT2431245.RadioStationName", "Team%20Radio%20Deutschland");
Zeile gelöscht : user_pref("CT2431245.RadioStationURL", "hxxp://trd.stream.w-u-s.org:6666/dsl.m3u");
Zeile gelöscht : user_pref("CT2431245.SavedHomepage", "hxxp://www.google.de/ig?hl=de&source=iglk");
Zeile gelöscht : user_pref("CT2431245.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2431245&octid=EB_ORIGINAL_CTID&SearchSource=1");
Zeile gelöscht : user_pref("CT2431245.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("CT2431245.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q=");
Zeile gelöscht : user_pref("CT2431245.SearchInNewTabEnabled", true);
Zeile gelöscht : user_pref("CT2431245.SearchInNewTabIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2431245.SearchInNewTabLastCheckTime", "Fri Sep 24 2010 20:20:10 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2431245.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2431245.SettingsCheckIntervalMin", 120);
Zeile gelöscht : user_pref("CT2431245.SettingsLastCheckTime", "Fri Sep 24 2010 20:20:07 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.SettingsLastUpdate", "1284303435");
Zeile gelöscht : user_pref("CT2431245.ThirdPartyComponentsInterval", 504);
Zeile gelöscht : user_pref("CT2431245.ThirdPartyComponentsLastCheck", "Fri Sep 24 2010 20:20:06 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.ThirdPartyComponentsLastUpdate", "1255348257");
Zeile gelöscht : user_pref("CT2431245.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Zeile gelöscht : user_pref("CT2431245.UserID", "UN63168868325081721");
Zeile gelöscht : user_pref("CT2431245.WeatherNetwork", "");
Zeile gelöscht : user_pref("CT2431245.WeatherPollDate", "Fri Sep 24 2010 20:20:10 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.WeatherUnit", "C");
Zeile gelöscht : user_pref("CT2431245.alertChannelId", "825452");
Zeile gelöscht : user_pref("CT2431245.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Zeile gelöscht : user_pref("CT2431245.clientLogIsEnabled", false);
Zeile gelöscht : user_pref("CT2431245.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Zeile gelöscht : user_pref("CT2431245.myStuffEnabled", true);
Zeile gelöscht : user_pref("CT2431245.myStuffPublihserMinWidth", 400);
Zeile gelöscht : user_pref("CT2431245.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Zeile gelöscht : user_pref("CT2431245.myStuffServiceIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2431245.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Zeile gelöscht : user_pref("CT2431245.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"803651ba7facb1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"07b2625f8cb1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000");
Zeile gelöscht : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Zeile gelöscht : user_pref("CommunityToolbar.IsEngineShown", false);
Zeile gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "");
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "");
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "");
Zeile gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=slv5-ab-&p=");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2431245");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2431245");
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun May 01 2011 21:07:04 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun May 01 2011 21:07:01 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1303303927");
Zeile gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Zeile gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Zeile gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Zeile gelöscht : user_pref("CommunityToolbar.alert.userId", "0f96ce25-f01d-423e-8042-82fdc3aebda6");
Zeile gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Sep 24 2010 20:20:10 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2431245");
Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "softonic-de3 Customized Web Search");
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}");
Zeile gelöscht : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
Zeile gelöscht : user_pref("extensions.toolbar_CME-V7@apn.ask.com.install-event-fired", true);
Zeile gelöscht : user_pref("extensions.tweaktube.addit.remoteInstallItems", "{ \"software\": {\"13\": {\"id\": \"13\",\"title\": \"PriceGong\",\"type\": \"XPI\",\"url\": \"hxxps://www.softpublisher.com/downloads/price[...]
Zeile gelöscht : user_pref("extensions.vshare@toolbar.update.enabled", false);
Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Zeile gelöscht : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
Zeile gelöscht : user_pref("pttl.menu-search-groups-tab", false);
Zeile gelöscht : user_pref("pttl.menu-search-groups-win", false);
Zeile gelöscht : user_pref("quickstores.toolbar.affid", "2003");
Zeile gelöscht : user_pref("quickstores.toolbar.guid", "{C88C2B10-BAB9-A4D8-68D5-6ACB9CA5A605}");

[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\e52n97zr.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Zeile gelöscht : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
Zeile gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Zeile gelöscht : user_pref("icqtoolbar.engineVerified", false);
Zeile gelöscht : user_pref("icqtoolbar.geolastmodified", 1309511571);
Zeile gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
Zeile gelöscht : user_pref("icqtoolbar.history", "bmw%20enduro||bmw%20motorrad%20cross||tr||eigene%20fritzbox%20webadresse||fritzbox%20seite%20webadresse||fritzbox%20seite%20%20webadresse||fritzbox%20seite%20adresse||[...]
Zeile gelöscht : user_pref("icqtoolbar.icqgeo", 49);
Zeile gelöscht : user_pref("icqtoolbar.installTime", "1309162272");
Zeile gelöscht : user_pref("icqtoolbar.installsource", "1");
Zeile gelöscht : user_pref("icqtoolbar.newtab_state", "1");
Zeile gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Zeile gelöscht : user_pref("icqtoolbar.previousFFVersion", "5.0");
Zeile gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Zeile gelöscht : user_pref("icqtoolbar.suggestions", false);
Zeile gelöscht : user_pref("icqtoolbar.uniqueID", "128905353312890534951294237825028");
Zeile gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1309511574);
Zeile gelöscht : user_pref("icqtoolbar.version", "1.2.6");
Zeile gelöscht : user_pref("icqtoolbar.voucherHideClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherWasShown", 0);
Zeile gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Zeile gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q=");

-\\ Google Chrome v

[ Datei : C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [33576 octets] - [01/10/2013 21:15:36]
AdwCleaner[S0].txt - [32276 octets] - [01/10/2013 21:35:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [32337 octets] ##########
         
--- --- ---


2. dds.txt

DDS Logfile:
Code:
ATTFilter
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.25.2
Run by Ingo at 22:38:09 on 2013-10-01
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4063.1967 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\PROGRAM FILES\IDT\WDM\STACSV64.EXE
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVXDSYNC.EXE
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
C:\PROGRAM FILES\IDT\WDM\AESTSR64.EXE
C:\Program Files (x86)\Backup Service Home 3\BSHService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
F:\DHCP-Server\dhcpsrv.exe
C:\PROGRAM FILES\INTEL\WIFI\BIN\EVTENG.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Avast5\AvastUI.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\SysWOW64\NlsSrv32.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
D:\programme\maxdome\DCBin\DCService.exe
C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\REGSRVC.EXE
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
D:\Programme\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\SearchIndexer.exe
D:\Programme\System Explorer\service\SystemExplorerService64.exe
D:\Programme\Secunia\PSI\sua.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.de/
mWinlogon: Userinit = userinit.exe,
BHO: {11111111-1111-1111-1111-110311301136} - <orphaned>
BHO: {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - <orphaned>
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files (x86)\Avast5\aswWebRepIE.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} - <orphaned>
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files (x86)\Avast5\aswWebRepIE.dll
uRun: [clipdiary] D:\Programme\Clipdiary\clipdiary.exe
uRun: [MWSnap] "C:\Program Files (x86)\MWSnap\MWSnap.exe"
uRun: [DeskSave] D:\Programme\Desksave\DeskSave.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [PureSync] "C:\Program Files (x86)\PureSync\PureSyncTray.exe"
uRun: [SystemExplorerAutoStart] "D:\Programme\System Explorer\SystemExplorer.exe" /TRAY
mRun: [AdressLittle] D:\Programme\Adress Little 2.0\ageb.exe /geb
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [avast] "C:\Program Files (x86)\Avast5\avastUI.exe" /nogui
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
StartupFolder: C:\Users\Ingo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PERSBA~1.LNK - D:\Programme\Personal Backup 5\Persbackup.exe
StartupFolder: C:\Users\Ingo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SYSTEM~1\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
StartupFolder: C:\Users\Ingo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SYSTEM~1\SYSTEM~1.LNK - D:\Programme\System Explorer\SystemExplorer.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - D:\Programme\Secunia\PSI\psi_tray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
IE: add to &BOM - D:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
IE: An OneNote s&enden - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - C:\Users\Ingo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - C:\Users\Ingo\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.178.1
TCP: Interfaces\{27B2EBF4-4FE1-4E15-85D3-A92B7F9110BF} : NameServer = 192.168.178.1
TCP: Interfaces\{F0DE66A5-7F08-4BB9-B55E-D34FE758B7CE} : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{F0DE66A5-7F08-4BB9-B55E-D34FE758B7CE}\64259445A51224F6870273333303 : DHCPNameServer = 192.168.178.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
SEH: UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Plus-HD-2.2: {11111111-1111-1111-1111-110311301136} - 
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files (x86)\Avast5\aswWebRepIE64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: ExplorerWatcher Class: {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} - d:\Programme\Clover\TabHelper64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files (x86)\Avast5\aswWebRepIE64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - component: C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\extensions\fb_add_on@avm.de\components\FB_AddOn.dll
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Ingo\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: D:\Programme\Foxit Reader\plugins\npfoxitpdf.dll
FF - plugin: D:\Programme\Foxit Reader\plugins\npFoxitReaderPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-28 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-28 204880]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-2-24 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-8-23 378944]
R1 raddrvv3;raddrvv3;C:\Windows\SysWOW64\rserver30\raddrvv3.sys [2007-10-31 68632]
R1 Uim_VIM;UIM Virtual Image Plugin;C:\Windows\System32\drivers\uim_vimx64.sys [2011-11-17 352816]
R2 AAV UpdateService;AAV UpdateService;C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-9-8 89600]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-8-23 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-8-23 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files (x86)\Avast5\AvastSvc.exe [2013-10-1 46808]
R2 Backup Service Home-Dienst;Backup Service Home-Dienst;C:\Program Files (x86)\Backup Service Home 3\BSHService.exe [2012-9-14 17920]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 DHCPServer;DHCP Server;F:\DHCP-Server\dhcpsrv.exe [2011-11-21 106496]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\System32\NlsSrv32.exe --> C:\Windows\System32\NlsSrv32.exe [?]
R2 Prosieben;maxdome Download Manager;D:\Programme\maxdome\DCBin\DCService.exe [2009-5-1 77032]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-12 1153368]
R2 Secunia PSI Agent;Secunia PSI Agent;D:\Programme\Secunia\PSI\PSIA.exe --start-service --> D:\Programme\Secunia\PSI\PSIA.exe --start-service [?]
R2 Secunia Update Agent;Secunia Update Agent;D:\Programme\Secunia\PSI\sua.exe --start-service --> D:\Programme\Secunia\PSI\sua.exe --start-service [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
R3 mirrorv3;mirrorv3;C:\Windows\System32\drivers\rminiv3.sys [2007-8-17 5632]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-8 533096]
R3 SystemExplorerHelpService;System Explorer Service;D:\Programme\System Explorer\service\SystemExplorerService64.exe [2012-2-24 807896]
S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;C:\Windows\System32\drivers\hcw95bda.sys [2012-3-22 658944]
S3 hcw95rc;Hauppauge MOD7700 IR Driver;C:\Windows\System32\drivers\hcw95rc.sys [2012-3-22 19840]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2013-3-5 327704]
S3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2013-3-5 6379288]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]
S3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw1v64.sys [2009-10-15 7058432]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RServer3;Radmin Server V3;C:\Windows\SysWOW64\rserver30\rserver3.exe [2007-10-31 1246536]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-10-15 225280]
S3 SamsungAllShareV2.0;Samsung AllShare PC;C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-3-2 25504]
S3 SimpleSlideShowServer;SimpleSlideShowServer;C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-3-2 27584]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2011-9-8 15672]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-23 59392]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-29 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="D:\Programme\Notepad++\notepad++.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-10-01 19:54:50	76232	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{05FF8AE9-4E04-4A59-8895-29D28278704A}\offreg.dll
2013-10-01 19:14:50	--------	d-----w-	C:\AdwCleaner
2013-10-01 18:09:52	--------	d-----w-	C:\Program Files (x86)\HDvid Codec V1
2013-10-01 17:30:08	108968	----a-w-	C:\Windows\System32\WindowsAccessBridge-64.dll
2013-10-01 17:04:46	9694160	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{05FF8AE9-4E04-4A59-8895-29D28278704A}\mpengine.dll
2013-09-11 18:22:48	155584	----a-w-	C:\Windows\System32\drivers\ataport.sys
2013-09-11 18:19:59	16384	----a-w-	C:\Windows\System32\ntvdm64.dll
2013-09-11 18:17:44	3155456	----a-w-	C:\Windows\System32\win32k.sys
.
==================== Find3M  ====================
.
2013-10-01 17:29:44	973736	----a-w-	C:\Windows\System32\deployJava1.dll
2013-10-01 17:29:44	1095080	----a-w-	C:\Windows\System32\npDeployJava1.dll
2013-09-19 17:59:47	692616	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-19 17:59:46	71048	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-30 07:48:10	72016	----a-w-	C:\Windows\System32\drivers\aswRdr2.sys
2013-08-30 07:48:10	65336	----a-w-	C:\Windows\System32\drivers\aswRvrt.sys
2013-08-30 07:48:10	204880	----a-w-	C:\Windows\System32\drivers\aswVmm.sys
2013-08-30 07:48:10	1030952	----a-w-	C:\Windows\System32\drivers\aswSnx.sys
2013-08-30 07:48:09	80816	----a-w-	C:\Windows\System32\drivers\aswMonFlt.sys
2013-08-30 07:47:40	41664	----a-w-	C:\Windows\avastSS.scr
2013-08-10 05:22:18	2241024	----a-w-	C:\Windows\System32\wininet.dll
2013-08-10 05:20:59	3959296	----a-w-	C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55	67072	----a-w-	C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55	136704	----a-w-	C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10	1767936	----a-w-	C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09	2876928	----a-w-	C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06	61440	----a-w-	C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06	109056	----a-w-	C:\Windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38	2706432	----a-w-	C:\Windows\System32\mshtml.tlb
2013-08-10 03:07:50	2706432	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59	89600	----a-w-	C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19	71680	----a-w-	C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-07 02:22:02	278800	------w-	C:\Windows\System32\MpSigStub.exe
2013-08-02 02:23:53	5550528	----a-w-	C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44	1732032	----a-w-	C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03	362496	----a-w-	C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03	243712	----a-w-	C:\Windows\System32\wow64.dll
2013-08-02 02:15:03	13312	----a-w-	C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57	215040	----a-w-	C:\Windows\System32\winsrv.dll
2013-08-02 02:13:34	424448	----a-w-	C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30	3968960	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30	3913664	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23	1292192	----a-w-	C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42	5120	----a-w-	C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42	274944	----a-w-	C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17	338432	----a-w-	C:\Windows\System32\conhost.exe
2013-08-02 00:59:09	112640	----a-w-	C:\Windows\System32\smss.exe
2013-08-02 00:45:37	25600	----a-w-	C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36	14336	----a-w-	C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35	7680	----a-w-	C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34	2048	----a-w-	C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05	6144	---ha-w-	C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05	4608	---ha-w-	C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05	3584	---ha-w-	C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05	3072	---ha-w-	C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54	1888768	----a-w-	C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27	1620992	----a-w-	C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42	2048	----a-w-	C:\Windows\System32\tzres.dll
2013-07-19 01:41:01	2048	----a-w-	C:\Windows\SysWow64\tzres.dll
2013-07-09 05:52:52	224256	----a-w-	C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16	1217024	----a-w-	C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20	184320	----a-w-	C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20	1472512	----a-w-	C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20	139776	----a-w-	C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33	663552	----a-w-	C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10	175104	----a-w-	C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31	140288	----a-w-	C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31	1166848	----a-w-	C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31	103936	----a-w-	C:\Windows\SysWow64\cryptnet.dll
2013-07-06 06:03:53	1910208	----a-w-	C:\Windows\System32\drivers\tcpip.sys
2010-07-21 22:35:56	703352	----a-w-	C:\Program Files (x86)\autoruns.exe
.
============= FINISH: 22:38:59,15 ===============
         
--- --- ---


3. Attach.txt

Code:
ATTFilter
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 23.08.2010 19:02:43
System Uptime: 01.10.2013 21:37:34 (1 hours ago)
.
Motherboard: Hewlett-Packard |  | 306C
Processor: Intel(R) Core(TM)2 Duo CPU     T6600  @ 2.20GHz | CPU | 1188/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 125 GiB total, 51,636 GiB free.
D: is FIXED (NTFS) - 88 GiB total, 78,121 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 20 GiB total, 6,969 GiB free.
G: is FIXED (NTFS) - 37 GiB total, 11,365 GiB free.
H: is FIXED (NTFS) - 15 GiB total, 7,923 GiB free.
X: is FIXED (NTFS) - 13 GiB total, 2,129 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter for 64-bit Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter for 64-bit Windows
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP599: 11.09.2013 20:09:23 - Windows Update
RP600: 11.09.2013 22:19:55 - Windows Update
RP601: 12.09.2013 22:17:50 - Windows Update
RP602: 13.09.2013 20:32:20 - Windows Update
RP603: 14.09.2013 10:15:55 - Windows Update
RP604: 18.09.2013 18:49:07 - Windows Update
RP605: 24.09.2013 18:11:08 - Windows Update
RP606: 01.10.2013 19:01:51 - Windows Update
RP607: 01.10.2013 19:29:11 - Installed Java 7 Update 40 (64-bit)
RP608: 01.10.2013 20:15:35 - Revo Uninstaller's restore point - ffdshow v1.2.4422 [2012-04-09]
RP609: 01.10.2013 20:18:23 - Revo Uninstaller's restore point - Ask Toolbar
RP610: 01.10.2013 20:20:19 - Revo Uninstaller's restore point - Iminent
RP611: 01.10.2013 20:31:04 - Revo Uninstaller's restore point - Plus-HD-2.2
.
==== Installed Programs ======================
.
7-Zip 9.30 (x64 edition)
AAVUpdateManager
ACDSee 8
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Shockwave Player
Adobe Shockwave Player 11.6
Adobe Shockwave Player 12.0
Adress Little 2.0
Any Video Converter 3.0.7
Apple Application Support
Apple Software Update
AquaSoft SnapTip
Artweaver Free 3.0
Ashampoo Burning Studio 2013 v.11.0.5
aTube Catcher
Audacity 2.0.3
avast! Free Antivirus
Backup Service Home 3.4.4.1
Biet-O-Matic v2.14.6
Bing Bar
Brother MFL-Pro Suite MFC-7840W
Camtasia Studio 7
CanoScan Toolbox Ver4.9
CCleaner
CDBurnerXP
Cisco Systems VPN Client 5.0.07.0290
Classic Menu 3.x for Office 2007
Clipdiary 1.4
Clover 3.0
Compatibility Pack für 2007 Office System
CPUID CPU-Z 1.58
CyberLink PowerDVD 9
CyberLink YouCam
Debugging Tools for Windows
Debugging Tools for Windows (x64)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Defraggler
DivX-Setup
DivX Author 1.5
ERUNT 1.1j
EVEREST Corporate Edition v5.02
Exifer
FileZilla Client 3.7.3
FormatFactory 2.60
Fotosizer 1.37
Foxit Reader
Free CD Ripper V2.0
Free FLV Converter V 6.92.0
Free Video to JPG Converter version 5.0.21.1212
Free Word/Doc Txt to Image Jpg/Jpeg Bmp Tiff Png Converter 5.6
Free YouTube Download version 3.0.18.1123
Free YouTube to MP3 Converter version 3.8
FreePDF (Remove only)
Garmin POI Loader
Garmin USB Drivers
Garmin WebUpdater
GIMP 2.8.4
Glary Registry Repair 3.3.0.852
Google Chrome
Google Earth Plug-in
GPL Ghostscript 8.71
HDvid Codec V1
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP Customer Experience Enhancements
HP Wireless Assistant
IDT Audio
ImgBurn
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi-Software
IrfanView (remove only)
Java 7 Update 25
Java 7 Update 40 (64-bit)
Java Auto Updater
Junk Mail filter update
KaloMa 4.72
KeePass Password Safe 2.22
LAME v3.99.3 (for Windows)
Logitech Webcam Software
Logitech Webcam Software-Treiberpaket
Malwarebytes Anti-Malware Version 1.75.0.1300
Manual CanoScan LiDE 35
maxdome Download Manager 4.1.300.78
MediaCoder x64 0.7.3.4685
MediaCoder x64 0.8.17
Mein Gutscheincode Finder 1.0.0.0
Meine Ausnahmen
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft .NET Framework 4 Extended
Microsoft Application Compatibility Toolkit 5.6
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Groove MUI (German) 2010
Microsoft Office InfoPath MUI (German) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared 64-bit MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Word MUI (German) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Compact 3.5 SP1 x64 English
Microsoft Sync Framework 2.0 Core Components (x64) ENU 
Microsoft Sync Framework 2.0 Core Components (x86) ENU 
Microsoft Sync Framework 2.0 Provider Services (x64) ENU 
Microsoft Sync Framework 2.0 Provider Services (x86) ENU 
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 24.0 (x86 de)
Mozilla Maintenance Service
Mp3tag v2.55a
MSVC80_x64_v2
MSVC80_x86_v2
MSVC90_x64
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MWSnap 3
No23 Recorder
Notepad++
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 270.61
NVIDIA Grafiktreiber 270.61
NVIDIA HD-Audiotreiber 1.2.22.1
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX-Systemsoftware 9.10.0514
NVIDIA Systemsteuerung 270.61
NVIDIA Update 1.1.34
NVIDIA Update Components
O&O SafeErase
Paragon Backup & Recovery™ 2012 Free
PC Connectivity Solution
PDFCreator
Personal Backup 5.4
PhotoFiltre 7
Power2Go
PowerDirector
Prism Videodatei-Konverter
PureSync
PureSync 3.7.6
PVSonyDll
QuickConvert Video
QuickTime
Radmin Server 3.1
Radmin Viewer 3.4
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
REAPER (x64)
Recovery Manager
Recuva
RedMon - Redirection Port Monitor
Revo Uninstaller 1.92
Samsung AllShare
Scribus 1.4.1
Secunia PSI (2.0.0.3001)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2760597) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2794707) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760769) 32-Bit Edition
Serif PagePlus 11
Serif PagePlus 11 - Installer
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
SIW version 2011.10.29
Skype™ 5.10
SlimDrivers
SopCast 3.5.0
SpeedCommander 13 (x64)
Spybot - Search & Destroy
Steuer-Spar-Erklärung 2012
Steuer-Spar-Erklärung 2013
SuperMailer 5.71
swMSM
Synaptics Pointing Device Driver
System Explorer 3.9.0
System Requirements Lab for Intel
tango solo
TeraCopy 2.27
Ulead PhotoImpact 12
UltraSearch V1.7.1
Uninstall 1.0.0.1
Unlocker 1.9.0-x64
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
VC80CRTRedist - 8.0.50727.4053
VideoPad Video Editor
Visual C++ 9.0 CRT (x86) WinSXS MSM
VLC media player 2.1.0
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
Windows 7 Upgrade Advisor
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Sync
Windows Live Writer
Windows Media Player Firefox Plugin
Winmail Opener 1.4
WinMend Folder Hidden 1.4.1
Wise Registry Cleaner Free 5.72
WOW Slider
XAMPP 1.7.7
Xenu's Link Sleuth
Yahoo! Messenger
YAMAHA Musicsoft Downloader 5
.
==== End Of File ===========================
         
Hoffe das war OK so.

Wenn ich nun einen neuen TAB öffne, erscheint immer noch die o.g. Seite... allerdings nicht mehr mit den kompletten Inhalten.

Was muss ich nun tun?

Danke und schöne Grüße,
imebro

Alt 02.10.2013, 18:40   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab - Standard

Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab



hi,

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________

__________________

Alt 02.10.2013, 21:40   #3
imebro
 
Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab - Standard

Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab



Hallo und danke für Deine Hilfe.

Hier schon mal das erste LOG von Malwarebytes:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.01.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Ingo :: INGOS-LAPTOP [Administrator]

02.10.2013 20:14:58
mbam-log-2013-10-02 (20-14-58).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 276443
Laufzeit: 8 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKLM\SOFTWARE\Google\Chrome\Extensions\dnllcmllkjofnojidnaknldfehfhehoo (PUP.Optional.HDVidCodec.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: 233476790368182545563276623017112349037 -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 2
C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0 (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 14
C:\Windows\Installer\4ca3a5.msi (PUP.Optional.Iminent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\appCntrl.js (PUP.Optional.Iminent.A) -> Löschen bei Neustart.
C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\bg.html (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\bg.js (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\CrmAdpt.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\ct.js (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\CTB.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\dpk.js (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\hprtkMsg.htm (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\hprtkMsg.js (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\json2.min.js (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\logo.png (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\manifest.json (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\pref.json (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Hier der JRT-Code:

JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows 7 Home Premium x64
Ran by Ingo on 02.10.2013 at 21:36:30,68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{438C9553-B864-4C13-B737-F09D7BCD6F05}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{525A2FD5-8D69-439B-A5EB-CE645A2BA753}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59EF587E-2401-4364-A826-473F98A0EA1F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AB1653C3-F899-43FB-9D39-3B88CB26FF50}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311301136}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311301136}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealio_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealio_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealio_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealio_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311301136}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BBE81E03-745C-4281-ACAD-C00843D294FC}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Ingo\AppData\Roaming\dvdvideosoftiehelpers"



~~~ FireFox

Successfully deleted: [File] C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\extensions\hdvc3@hdvidcodec.com.xpi
Successfully deleted the following from C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\prefs.js

user_pref("browser.newtab.url", "hxxp://start.iminent.com/?ref=NewTab&appId=D7423D57-9F3A-4336-9F6B-4E2354318E2E");
user_pref("extensions.customizegoogle.cookies.SafeSearch", "empty");
user_pref("extensions.customizegoogle.cookies.enableSafeSearch", false);
user_pref("extensions.ffxtlbr@iminent.com.install-event-fired", true);
user_pref("extensions.iminent.admin", false);
user_pref("extensions.iminent.aflt", "orgnl");
user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
user_pref("extensions.iminent.autoRvrt", "false");
user_pref("extensions.iminent.dfltLng", "");
user_pref("extensions.iminent.excTlbr", false);
user_pref("extensions.iminent.ffxUnstlRst", false);
user_pref("extensions.iminent.id", "2486214f0000000000000026c717d371");
user_pref("extensions.iminent.instlDay", "15979");
user_pref("extensions.iminent.instlRef", "");
user_pref("extensions.iminent.newTab", false);
user_pref("extensions.iminent.prdct", "iminent");
user_pref("extensions.iminent.prtnrId", "iminent");
user_pref("extensions.iminent.rvrt", "false");
user_pref("extensions.iminent.smplGrp", "none");
user_pref("extensions.iminent.tlbrId", "base");
user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
user_pref("extensions.iminent.vrsn", "1.8.25.0");
user_pref("extensions.iminent.vrsnTs", "1.8.25.020:12:06");
user_pref("extensions.iminent.vrsni", "1.8.25.0");
user_pref("extensions.webbooster@iminent.com.install-event-fired", true);
user_pref("foxlingo.excite", false);
user_pref("foxlingo.ixquickdefaultlang", "deutsch");
user_pref("iminent.LayoutId", "1");
user_pref("iminent.ShowThankyouPixel", "0");
user_pref("iminent.registerToolbarEvent109", "1380651194369");
user_pref("iminent.registerToolbarEvent111", "1380651194453");
user_pref("iminent.registerToolbarEvent112", "1380651224278");
user_pref("iminent.registerToolbarEvent122", "1380651194466");
user_pref("iminent.version", "7.36.1.1");
user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.36.1.1\",\"InstallEventCTime\":1380651141833,\"InstallEvent\":\"True\"}");
user_pref("tweaktube.pref.cacheInfo", "({'hxxp://wedata.net/databases/AutoPagerize/items.json':{url:\"hxxp://wedata.net/databases/AutoPagerize/items.json\", expire:(new Date(1
Emptied folder: C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\minidumps [143 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.10.2013 at 21:49:11,91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
--- --- ---

Und hier das FRST-LOG:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Ingo (administrator) on INGOS-LAPTOP on 02-10-2013 22:51:22
Running from C:\Users\Ingo\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IDT, Inc.) C:\PROGRAM FILES\IDT\WDM\STACSV64.EXE
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVXDSYNC.EXE
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files (x86)\Avast5\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Andrea Electronics Corporation) C:\PROGRAM FILES\IDT\WDM\AESTSR64.EXE
(Alexander Seeliger Software) C:\Program Files (x86)\Backup Service Home 3\BSHService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Uwe A. Ruttkamp) F:\DHCP-Server\dhcpsrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel(R) Corporation) C:\PROGRAM FILES\INTEL\WIFI\BIN\EVTENG.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(JAM Software) d:\Programme\UltraSearch\UltraSearch.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NlsSrv32.exe
(Entriq, Inc.) D:\programme\maxdome\DCBin\DCService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
() D:\Programme\Clipdiary\ClipDiary.exe
(Mirek Wojtowicz) C:\Program Files (x86)\MWSnap\MWSnap.exe
(Intel(R) Corporation) C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\REGSRVC.EXE
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() D:\Programme\Desksave\DeskSave.exe
(Secunia) D:\Programme\Secunia\PSI\PSIA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Jumping Bytes) C:\Program Files (x86)\PureSync\PureSyncTray.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Mister Group) D:\Programme\System Explorer\SystemExplorer.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Secunia) D:\Programme\Secunia\PSI\psi_tray.exe
(AVAST Software) C:\Program Files (x86)\Avast5\AvastUI.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Mister Group) D:\Programme\System Explorer\service\SystemExplorerService64.exe
(Secunia) D:\Programme\Secunia\PSI\sua.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2000-01-01] (IDT, Inc.)
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKCU\...\Run: [clipdiary] - D:\Programme\Clipdiary\clipdiary.exe [208896 2007-05-22] ()
HKCU\...\Run: [MWSnap] - C:\Program Files (x86)\MWSnap\MWSnap.exe [427008 2002-07-06] (Mirek Wojtowicz)
HKCU\...\Run: [DeskSave] - D:\Programme\Desksave\DeskSave.exe [82944 2008-07-26] ()
HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKCU\...\Run: [PureSync] - C:\Program Files (x86)\PureSync\PureSyncTray.exe [907808 2013-04-29] (Jumping Bytes)
HKCU\...\Run: [SystemExplorerAutoStart] - D:\Programme\System Explorer\SystemExplorer.exe [2610648 2012-06-18] (Mister Group)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKLM-x32\...\Run: [AdressLittle] - D:\Programme\Adress Little 2.0\ageb.exe [65536 2009-03-13] (Joachim Stroemer)
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [avast] - C:\Program Files (x86)\Avast5\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2010624 2013-07-20] (Dominik Reichl)
HKU\Administrator\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKU\Administrator\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
HKU\Administrator\...\Run: [clipdiary] - D:\Programme\Clipdiary\clipdiary.exe [208896 2007-05-22] ()
HKU\Administrator\...\Run: [DriverMax] - [x]
HKU\Administrator\...\Run: [DriverMax_RESTART] - [x]
HKU\Administrator\...\Run: [PC Suite Tray] - "D:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
HKU\Administrator\...\Run: [phonostarTimer] - D:\Programme\phonostar-Player\phonostarTimer.exe
HKU\Administrator\...\Policies\system: [DisableLockWorkstation] 0
HKU\Administrator\...\Policies\system: [DisableChangePassword] 0
HKU\Gast\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKU\Gast\...\Run: [PC Suite Tray] - "D:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
HKU\Gast\...\Run: [SpywareTerminatorUpdate] - "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
HKU\Gast\...\Run: [ICQ] - C:\Users\Gast\AppData\Roaming\ICQ\Application\ICQ7.2\ICQ.exe [133432 2011-01-05] (ICQ, LLC.)
HKU\Gast\...\Policies\system: [DisableLockWorkstation] 0
HKU\Gast\...\Policies\system: [DisableChangePassword] 0
Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk
ShortcutTarget: Persbackup.lnk -> D:\Programme\Personal Backup 5\Persbackup.exe (J. Rathlev, IEAP, Uni-Kiel)
Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQNOT/4
SearchScopes: HKLM - DefaultScope {D4F58562-A3C4-48B7-AE7B-98467EA87900} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {D4F58562-A3C4-48B7-AE7B-98467EA87900} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKCU - {BA3E27DB-425D-4E00-AD57-83689D8ECADD} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: Plus-HD-2.2 - {11111111-1111-1111-1111-110311301136} - C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-bho64.dll No File
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files (x86)\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ExplorerWatcher Class - {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} - d:\Programme\Clover\TabHelper64.dll (EJIE Technology)
BHO-x32: No Name - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} -  No File
BHO-x32: No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files (x86)\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -  No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files (x86)\Avast5\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files (x86)\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU -  No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} 
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [52272 2009-11-07] (EasyBits Software Corp.)
ShellExecuteHooks-x32:  - UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} -  No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{27B2EBF4-4FE1-4E15-85D3-A92B7F9110BF}: [NameServer]192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 - D:\Programme\VLC-Player\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.0-git-20120125-2155 - D:\Programme\VLC-Player\npvlc.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - D:\Programme\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 - D:\Programme\VLC-Player\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Ingo\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Ingo\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Deutsches Wörterbuch, erweitert für Österreich - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\de-AT@dictionaries.addons.mozilla.org
FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\de-DE@dictionaries.addons.mozilla(2).org
FF Extension: Deutsches Wörterbuch - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\de-DE@dictionaries.addons.mozilla.org
FF Extension: Fast Translation - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\fasttrans@kemot
FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\fb_add_on@avm.de
FF Extension: FlashFirebug - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\flashfirebug@o-minds.com
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\ich@maltegoetz.de
FF Extension: Open Image In New Tab - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\imagetab@next.gen.nz
FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\linkalert.conlan@addons.mozilla.com
FF Extension: New Tab Button on Tab Right - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{05BF52F6-A4F9-48B9-84ED-F8D83762E619}(2)
FF Extension: Garmin Communicator - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF Extension: Metal Lion - iCe - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{1AFC82C3-0154-4b09-878B-D68500EFBE76}(2)
FF Extension: PDF Download - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF Extension: Html Validator - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
FF Extension: Modern Modoki - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{4a428302-5267-4749-bb22-459b3236695f}(2)
FF Extension: Walnut for Firefox - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}(2)
FF Extension: ColorZilla - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF Extension: Modern Aluminum - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{835A3F80-DF39-11D9-A0B5-000D0B3AEB26}(2)
FF Extension: BugMeNot - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
FF Extension: DownloadHelper - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: DownloadHelper - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
FF Extension: Whitehart - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9}(2)
FF Extension: Fox!Box - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
FF Extension: Print - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{f199da35-0a9a-4ce9-8f59-c68524deba93}
FF Extension: aeroimproved - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\aeroimproved@rsjtdrjgfuzkfg.com.xpi
FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\Extensions.001
FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\Extensions.rdf
FF Extension: firebug - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: firebug - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\firebug@tools.sitepoint.com.xpi
FF Extension: FirePHPExtension-Build - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\FirePHPExtension-Build@firephp.org.xpi
FF Extension: guiconfig - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\guiconfig@slosd.net.xpi
FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\installed-extensions.txt
FF Extension: langpack-de - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\langpack-de@firefox.mozilla.org.xpi
FF Extension: newtaburl - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\newtaburl@sogame.cat.xpi
FF Extension: nosquint - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\nosquint@urandom.ca.xpi
FF Extension: sroussey - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\sroussey@illumination-for-developers.com.xpi
FF Extension: youtube2mp3 - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\youtube2mp3@mondayx.de.xpi
FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}.xpi
FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}.xpi
FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [PHPEditXdebugExtension@waterproof.fr] - C:\Program Files\PHPEdit\Tools\FirefoxExtension\unpacked
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files (x86)\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files (x86)\Avast5\WebRep\FF
FF HKCU\...\Firefox\Extensions: [finder@meingutscheincode.de] - C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox
FF HKCU\...\Firefox\Extensions: [PHPEditXdebugExtension@waterproof.fr] - C:\Program Files\PHPEdit\Tools\FirefoxExtension\unpacked

Chrome: 
=======
CHR Extension: (PHP Docs) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aofkhphjhkanpddmfmbckdlcajhnehlf\1.3_0
CHR Extension: (Web Developer) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4.1_0
CHR Extension: (YouTube) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Firebug Lite for Google Chrome\u2122) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0
CHR Extension: (Adblock Plus (Beta)) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0
CHR Extension: (Google Search) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Session Buddy) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko\2.1.3_0
CHR Extension: (FTP Free) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdgcfaoankkonoiichmblcfijkomfbn\2.5_0
CHR Extension: (avast! WebRep) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0
CHR Extension: (New Tab Redirect!) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.5_0
CHR Extension: (Mein Gutscheincode Finder) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfpelakfkbbkkdchaaaknckhoadkcbo\1.0.2_0
CHR Extension: (Popup HTML Editor) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjpagcblmlakmpcihopmpfknakkimjdh\0.2_0
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.10_0
CHR Extension: (Stylebot) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiaejidbmkiecgbjeifoejpgmdaleoha\1.7.3.1_0
CHR Extension: (Gmail) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [jgfpelakfkbbkkdchaaaknckhoadkcbo] - C:\Program Files (x86)\Mein Gutscheincode Finder\Chrome\chrome-extension.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Ingo\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 avast! Antivirus; C:\Program Files (x86)\Avast5\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 Backup Service Home-Dienst; C:\Program Files (x86)\Backup Service Home 3\BSHService.exe [17920 2012-02-15] (Alexander Seeliger Software)
R2 DHCPServer; F:\DHCP-Server\dhcpsrv.exe [106496 2011-12-17] (Uwe A. Ruttkamp)
S3 MyWiFiDHCPDNS; C:\PROGRAM FILES\INTEL\WIFI\BIN\PANDHCPDNS.EXE [340240 2011-05-02] ()
R2 Prosieben; D:\programme\maxdome\DCBin\DCService.exe [77032 2009-05-01] (Entriq, Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
S3 RServer3; C:\Windows\SysWOW64\rserver30\RServer3.exe [1246536 2007-10-31] (Famatech International Corp.)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 Secunia PSI Agent; D:\Programme\Secunia\PSI\PSIA.exe [993848 2011-01-10] (Secunia)
R2 Secunia Update Agent; D:\Programme\Secunia\PSI\sua.exe [399416 2011-01-10] (Secunia)
R3 SystemExplorerHelpService; D:\Programme\System Explorer\service\SystemExplorerService64.exe [807896 2012-05-21] (Mister Group)
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2009-12-18] ()
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2009-12-18] ()
S3 CrystalSysInfo; D:\Programme\MediaCoder\SysInfoX64.sys [18128 2007-09-25] ()
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [658944 2011-12-12] (Hauppauge Computer Works, Inc.)
S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [19840 2011-12-12] (Hauppauge Computer Works, Inc.)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 mirrorv3; C:\Windows\System32\DRIVERS\rminiv3.sys [5632 2007-08-17] (Famatech International Corp.)
R1 raddrvv3; C:\Windows\SysWOW64\rserver30\raddrvv3.sys [68632 2007-10-31] (Famatech International Corp.)
S1 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [15672 2011-09-08] ()
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-11-17] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-11-17] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-11-17] (Paragon)
U5 UnlockerDriver5; D:\Programme\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [x]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-02 21:49 - 2013-10-02 21:49 - 00005555 _____ C:\Users\Ingo\Desktop\JRT.txt
2013-10-02 21:36 - 2013-10-02 21:36 - 00000000 ____D C:\Windows\ERUNT
2013-10-02 20:37 - 2013-10-02 20:37 - 00038159 _____ C:\Users\Ingo\Desktop\Addition.txt
2013-10-02 20:34 - 2013-10-02 20:34 - 00000000 ____D C:\FRST
2013-10-02 20:33 - 2013-10-02 20:23 - 01954124 _____ (Farbar) C:\Users\Ingo\Desktop\FRST64.exe
2013-10-02 08:38 - 2013-10-02 20:22 - 00000000 ____D C:\Users\Ingo\Desktop\Trojanerboard Hilfen
2013-10-01 22:39 - 2013-10-01 22:39 - 00014479 _____ C:\Users\Ingo\Desktop\attach.txt
2013-10-01 22:39 - 2013-10-01 22:38 - 00024500 _____ C:\Users\Ingo\Desktop\dds.txt
2013-10-01 21:53 - 2013-10-01 21:53 - 00700783 ____R (Swearware) C:\Users\Ingo\Desktop\dds+.exe
2013-10-01 21:50 - 2013-10-01 21:50 - 00448512 _____ (OldTimer Tools) C:\Users\Ingo\Desktop\TFC.exe
2013-10-01 21:14 - 2013-10-01 21:36 - 00000000 ____D C:\AdwCleaner
2013-10-01 21:11 - 2013-10-01 21:11 - 00003152 _____ C:\Windows\System32\Tasks\{A968F0EA-B486-4AA9-A39A-1C751C1F20EA}
2013-10-01 20:11 - 2013-10-01 20:21 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-10-01 19:30 - 2013-10-01 19:29 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-01 19:30 - 2013-10-01 19:29 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-01 19:30 - 2013-10-01 19:29 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-01 19:30 - 2013-10-01 19:29 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-01 19:29 - 2013-10-01 19:29 - 00000000 ____D C:\Program Files\Java
2013-10-01 19:15 - 2013-10-01 22:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-28 11:41 - 2013-09-28 11:41 - 00001274 _____ C:\Users\Ingo\Desktop\WebCam.lnk
2013-09-23 17:46 - 2013-10-02 20:28 - 00014488 _____ C:\Windows\PFRO.log
2013-09-23 17:46 - 2013-10-02 20:28 - 00000896 _____ C:\Windows\setupact.log
2013-09-23 17:46 - 2013-09-23 17:46 - 00000000 _____ C:\Windows\setuperr.log
2013-09-22 12:37 - 2013-10-02 20:36 - 01201159 _____ C:\Windows\WindowsUpdate.log
2013-09-11 22:37 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 22:37 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 22:37 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 22:37 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 22:37 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 22:37 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 22:37 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 22:37 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 22:37 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 22:37 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 22:37 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 22:37 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 22:37 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 22:37 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 22:37 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 22:37 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 22:37 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 22:37 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 22:37 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 22:37 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 22:37 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-11 22:37 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-11 22:37 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-11 22:37 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 22:37 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-11 22:37 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 22:37 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 22:37 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 22:37 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-11 22:36 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 22:36 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 20:29 - 2013-09-24 18:16 - 00000000 ____D C:\Users\Ingo\Desktop\Iris
2013-09-11 20:22 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 20:20 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-11 20:20 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-11 20:20 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-11 20:20 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-11 20:20 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 20:20 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 20:20 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 20:20 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-11 20:20 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 20:20 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 20:20 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 20:20 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 20:20 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 20:20 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 20:20 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-11 20:19 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-11 20:19 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 20:19 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 20:19 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 20:19 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 20:19 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 20:17 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 20:16 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 20:16 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 20:16 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 20:16 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-08 14:11 - 2013-09-08 14:11 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7
2013-09-05 19:37 - 2013-09-05 19:48 - 00000000 ____D C:\Users\Ingo\Desktop\Ahnenforschung

==================== One Month Modified Files and Folders =======

2013-10-02 22:48 - 2010-08-31 21:05 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\clipdiary
2013-10-02 22:44 - 2012-02-02 09:56 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-02 22:37 - 2010-08-23 19:02 - 00000000 ____D C:\Users\Ingo
2013-10-02 22:32 - 2013-01-22 21:06 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3237284612-487690776-1710373329-1001UA.job
2013-10-02 22:02 - 2013-09-22 12:37 - 01201159 _____ C:\Windows\WindowsUpdate.log
2013-10-02 21:59 - 2012-03-31 22:10 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-02 21:49 - 2013-10-02 21:49 - 00005555 _____ C:\Users\Ingo\Desktop\JRT.txt
2013-10-02 21:36 - 2013-10-02 21:36 - 00000000 ____D C:\Windows\ERUNT
2013-10-02 20:38 - 2009-07-14 06:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-02 20:38 - 2009-07-14 06:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-02 20:37 - 2013-10-02 20:37 - 00038159 _____ C:\Users\Ingo\Desktop\Addition.txt
2013-10-02 20:34 - 2013-10-02 20:34 - 00000000 ____D C:\FRST
2013-10-02 20:29 - 2012-02-02 09:56 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-02 20:28 - 2013-09-23 17:46 - 00014488 _____ C:\Windows\PFRO.log
2013-10-02 20:28 - 2013-09-23 17:46 - 00000896 _____ C:\Windows\setupact.log
2013-10-02 20:28 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-02 20:23 - 2013-10-02 20:33 - 01954124 _____ (Farbar) C:\Users\Ingo\Desktop\FRST64.exe
2013-10-02 20:22 - 2013-10-02 08:38 - 00000000 ____D C:\Users\Ingo\Desktop\Trojanerboard Hilfen
2013-10-02 17:53 - 2012-07-04 20:05 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\KeePass
2013-10-02 17:52 - 2009-11-08 05:20 - 00700592 _____ C:\Windows\system32\perfh007.dat
2013-10-02 17:52 - 2009-11-08 05:20 - 00149356 _____ C:\Windows\system32\perfc007.dat
2013-10-02 17:52 - 2009-07-14 07:13 - 01622004 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-02 17:51 - 2012-09-14 18:21 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2013-10-02 17:15 - 2010-09-10 18:14 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CA70E5AD-9D55-49AB-9231-E8CBF2D6A45F}
2013-10-01 22:39 - 2013-10-01 22:39 - 00014479 _____ C:\Users\Ingo\Desktop\attach.txt
2013-10-01 22:38 - 2013-10-01 22:39 - 00024500 _____ C:\Users\Ingo\Desktop\dds.txt
2013-10-01 22:26 - 2013-10-01 19:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-01 21:53 - 2013-10-01 21:53 - 00700783 ____R (Swearware) C:\Users\Ingo\Desktop\dds+.exe
2013-10-01 21:50 - 2013-10-01 21:50 - 00448512 _____ (OldTimer Tools) C:\Users\Ingo\Desktop\TFC.exe
2013-10-01 21:41 - 2010-08-31 21:04 - 00000000 ___RD C:\Users\Ingo\Desktop\Wartung
2013-10-01 21:37 - 2012-04-23 20:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-01 21:36 - 2013-10-01 21:14 - 00000000 ____D C:\AdwCleaner
2013-10-01 21:34 - 2011-05-15 11:01 - 00000000 ____D C:\Program Files (x86)\NirSoft Utilities
2013-10-01 21:11 - 2013-10-01 21:11 - 00003152 _____ C:\Windows\System32\Tasks\{A968F0EA-B486-4AA9-A39A-1C751C1F20EA}
2013-10-01 20:21 - 2013-10-01 20:11 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-10-01 19:29 - 2013-10-01 19:30 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-01 19:29 - 2013-10-01 19:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-01 19:29 - 2013-10-01 19:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-01 19:29 - 2013-10-01 19:30 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-01 19:29 - 2013-10-01 19:29 - 00000000 ____D C:\Program Files\Java
2013-10-01 19:29 - 2013-01-22 23:25 - 01095080 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-10-01 19:29 - 2010-09-09 20:59 - 00973736 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-10-01 19:23 - 2009-11-07 22:02 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-10-01 19:17 - 2010-08-23 21:50 - 00000000 ____D C:\Users\Ingo\AppData\Local\Mozilla
2013-10-01 18:48 - 2012-07-25 10:39 - 00004166 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-10-01 18:46 - 2010-08-23 20:47 - 00000000 ____D C:\Program Files (x86)\Avast5
2013-10-01 18:45 - 2010-08-23 20:47 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-09-29 08:58 - 2010-10-11 20:41 - 00007680 _____ C:\Users\Ingo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-28 12:32 - 2013-01-22 21:06 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3237284612-487690776-1710373329-1001Core.job
2013-09-28 11:41 - 2013-09-28 11:41 - 00001274 _____ C:\Users\Ingo\Desktop\WebCam.lnk
2013-09-28 11:25 - 2013-03-05 21:35 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2013-09-24 18:16 - 2013-09-11 20:29 - 00000000 ____D C:\Users\Ingo\Desktop\Iris
2013-09-23 17:46 - 2013-09-23 17:46 - 00000000 _____ C:\Windows\setuperr.log
2013-09-22 12:37 - 2011-11-12 19:22 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-22 12:35 - 2009-09-07 03:57 - 00000000 ____D C:\Windows\Panther
2013-09-19 19:59 - 2012-03-31 22:10 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 19:59 - 2012-03-31 22:10 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-19 19:59 - 2011-05-21 12:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-15 10:48 - 2010-08-23 21:50 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\Mozilla
2013-09-13 19:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-12 19:53 - 2010-08-23 20:32 - 00000000 ___RD C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-12 19:53 - 2010-08-23 20:32 - 00000000 ___RD C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 19:53 - 2010-08-23 19:02 - 00000000 ___RD C:\Users\Ingo\Dokumente
2013-09-12 19:38 - 2009-07-14 06:45 - 00569096 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 22:36 - 2013-08-14 20:23 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 22:33 - 2010-08-23 21:06 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 22:33 - 2009-11-07 21:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-08 14:17 - 2011-05-03 12:00 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\vlc
2013-09-08 14:11 - 2013-09-08 14:11 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7
2013-09-08 14:11 - 2012-03-15 20:41 - 00000694 _____ C:\Users\UpdatusUser\Desktop\PhotoFiltre 7.lnk
2013-09-08 14:11 - 2012-03-15 20:41 - 00000694 _____ C:\Users\Gast\Desktop\PhotoFiltre 7.lnk
2013-09-08 14:11 - 2012-03-15 20:41 - 00000694 _____ C:\Users\Administrator\Desktop\PhotoFiltre 7.lnk
2013-09-05 19:48 - 2013-09-05 19:37 - 00000000 ____D C:\Users\Ingo\Desktop\Ahnenforschung
2013-09-02 20:51 - 2012-06-27 20:25 - 00000000 ____D C:\Users\Ingo\Desktop\W E B

Files to move or delete:
====================
C:\ProgramData\kp_0loor.pad


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-01 19:53

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Danke und schöne Grüße,
imebro
__________________

Geändert von imebro (02.10.2013 um 21:56 Uhr)

Alt 03.10.2013, 07:54   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab - Standard

Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.10.2013, 11:54   #5
imebro
 
Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab - Standard

Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab



Hallo und danke für die weiteren Tipps.

Hier das ESET-Log:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a9cf64cbe576ec4690fa3856491e1b95
# engine=13131
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-03 10:50:14
# local_time=2013-10-03 12:50:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 54212 132427264 0 0
# scanned=259230
# found=0
# cleaned=0
# scan_time=8598
         
Und hier der LOG von SecurityCheck:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.73  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Secunia PSI (2.0.0.3001)   
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Wise Registry Cleaner Free 5.72 
 Java 7 Update 25  
 Adobe Flash Player 11.8.800.168  
 Mozilla Firefox (24.0) 
 Google Chrome 29.0.1547.76  
 Google Chrome 30.0.1599.66  
````````Process Check: objlist.exe by Laurent````````  
 Avast5 AvastSvc.exe   
 Avast5 AvastUI.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Und am Ende auch das FRST-LOG:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Ingo (administrator) on INGOS-LAPTOP on 03-10-2013 13:02:31
Running from C:\Users\Ingo\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IDT, Inc.) C:\PROGRAM FILES\IDT\WDM\STACSV64.EXE
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVXDSYNC.EXE
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files (x86)\Avast5\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Andrea Electronics Corporation) C:\PROGRAM FILES\IDT\WDM\AESTSR64.EXE
(Alexander Seeliger Software) C:\Program Files (x86)\Backup Service Home 3\BSHService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Uwe A. Ruttkamp) F:\DHCP-Server\dhcpsrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel(R) Corporation) C:\PROGRAM FILES\INTEL\WIFI\BIN\EVTENG.EXE
() D:\Programme\Clipdiary\ClipDiary.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NlsSrv32.exe
(Mirek Wojtowicz) C:\Program Files (x86)\MWSnap\MWSnap.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() D:\Programme\Desksave\DeskSave.exe
(JAM Software) d:\Programme\UltraSearch\UltraSearch.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Jumping Bytes) C:\Program Files (x86)\PureSync\PureSyncTray.exe
(Entriq, Inc.) D:\programme\maxdome\DCBin\DCService.exe
(Mister Group) D:\Programme\System Explorer\SystemExplorer.exe
(Secunia) D:\Programme\Secunia\PSI\psi_tray.exe
(Intel(R) Corporation) C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\REGSRVC.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(AVAST Software) C:\Program Files (x86)\Avast5\AvastUI.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Secunia) D:\Programme\Secunia\PSI\PSIA.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Mister Group) D:\Programme\System Explorer\service\SystemExplorerService64.exe
(Secunia) D:\Programme\Secunia\PSI\sua.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(EJIE Technology) D:\Programme\Clover\clover.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2000-01-01] (IDT, Inc.)
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKCU\...\Run: [clipdiary] - D:\Programme\Clipdiary\clipdiary.exe [208896 2007-05-22] ()
HKCU\...\Run: [MWSnap] - C:\Program Files (x86)\MWSnap\MWSnap.exe [427008 2002-07-06] (Mirek Wojtowicz)
HKCU\...\Run: [DeskSave] - D:\Programme\Desksave\DeskSave.exe [82944 2008-07-26] ()
HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKCU\...\Run: [PureSync] - C:\Program Files (x86)\PureSync\PureSyncTray.exe [907808 2013-04-29] (Jumping Bytes)
HKCU\...\Run: [SystemExplorerAutoStart] - D:\Programme\System Explorer\SystemExplorer.exe [2610648 2012-06-18] (Mister Group)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKLM-x32\...\Run: [AdressLittle] - D:\Programme\Adress Little 2.0\ageb.exe [65536 2009-03-13] (Joachim Stroemer)
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [avast] - C:\Program Files (x86)\Avast5\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2010624 2013-07-20] (Dominik Reichl)
HKU\Administrator\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKU\Administrator\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
HKU\Administrator\...\Run: [clipdiary] - D:\Programme\Clipdiary\clipdiary.exe [208896 2007-05-22] ()
HKU\Administrator\...\Run: [DriverMax] - [x]
HKU\Administrator\...\Run: [DriverMax_RESTART] - [x]
HKU\Administrator\...\Run: [PC Suite Tray] - "D:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
HKU\Administrator\...\Run: [phonostarTimer] - D:\Programme\phonostar-Player\phonostarTimer.exe
HKU\Administrator\...\Policies\system: [DisableLockWorkstation] 0
HKU\Administrator\...\Policies\system: [DisableChangePassword] 0
HKU\Gast\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKU\Gast\...\Run: [PC Suite Tray] - "D:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
HKU\Gast\...\Run: [SpywareTerminatorUpdate] - "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
HKU\Gast\...\Run: [ICQ] - C:\Users\Gast\AppData\Roaming\ICQ\Application\ICQ7.2\ICQ.exe [133432 2011-01-05] (ICQ, LLC.)
HKU\Gast\...\Policies\system: [DisableLockWorkstation] 0
HKU\Gast\...\Policies\system: [DisableChangePassword] 0
Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk
ShortcutTarget: Persbackup.lnk -> D:\Programme\Personal Backup 5\Persbackup.exe (J. Rathlev, IEAP, Uni-Kiel)
Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQNOT/4
SearchScopes: HKLM - DefaultScope {D4F58562-A3C4-48B7-AE7B-98467EA87900} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {D4F58562-A3C4-48B7-AE7B-98467EA87900} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKCU - {BA3E27DB-425D-4E00-AD57-83689D8ECADD} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: Plus-HD-2.2 - {11111111-1111-1111-1111-110311301136} - C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-bho64.dll No File
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files (x86)\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ExplorerWatcher Class - {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} - d:\Programme\Clover\TabHelper64.dll (EJIE Technology)
BHO-x32: No Name - {11111111-1111-1111-1111-110311301136} -  No File
BHO-x32: No Name - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} -  No File
BHO-x32: No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files (x86)\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -  No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files (x86)\Avast5\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files (x86)\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU -  No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} 
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [52272 2009-11-07] (EasyBits Software Corp.)
ShellExecuteHooks-x32:  - UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} -  No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{27B2EBF4-4FE1-4E15-85D3-A92B7F9110BF}: [NameServer]192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default
FF NewTab: hxxp://www.google.de
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 - D:\Programme\VLC-Player\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.0-git-20120125-2155 - D:\Programme\VLC-Player\npvlc.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - D:\Programme\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 - D:\Programme\VLC-Player\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Ingo\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Ingo\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Deutsches Wörterbuch, erweitert für Österreich - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\de-AT@dictionaries.addons.mozilla.org
FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\de-DE@dictionaries.addons.mozilla(2).org
FF Extension: Deutsches Wörterbuch - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\de-DE@dictionaries.addons.mozilla.org
FF Extension: Fast Translation - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\fasttrans@kemot
FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\fb_add_on@avm.de
FF Extension: FlashFirebug - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\flashfirebug@o-minds.com
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\ich@maltegoetz.de
FF Extension: Open Image In New Tab - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\imagetab@next.gen.nz
FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\linkalert.conlan@addons.mozilla.com
FF Extension: New Tab Button on Tab Right - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{05BF52F6-A4F9-48B9-84ED-F8D83762E619}(2)
FF Extension: Garmin Communicator - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF Extension: Metal Lion - iCe - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{1AFC82C3-0154-4b09-878B-D68500EFBE76}(2)
FF Extension: PDF Download - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF Extension: Html Validator - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
FF Extension: Modern Modoki - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{4a428302-5267-4749-bb22-459b3236695f}(2)
FF Extension: Walnut for Firefox - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}(2)
FF Extension: ColorZilla - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF Extension: Modern Aluminum - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{835A3F80-DF39-11D9-A0B5-000D0B3AEB26}(2)
FF Extension: BugMeNot - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
FF Extension: DownloadHelper - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: DownloadHelper - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
FF Extension: Whitehart - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9}(2)
FF Extension: Fox!Box - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
FF Extension: Print - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{f199da35-0a9a-4ce9-8f59-c68524deba93}
FF Extension: aeroimproved - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\aeroimproved@rsjtdrjgfuzkfg.com.xpi
FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\Extensions.001
FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\Extensions.rdf
FF Extension: firebug - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: firebug - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\firebug@tools.sitepoint.com.xpi
FF Extension: FirePHPExtension-Build - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\FirePHPExtension-Build@firephp.org.xpi
FF Extension: guiconfig - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\guiconfig@slosd.net.xpi
FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\installed-extensions.txt
FF Extension: langpack-de - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\langpack-de@firefox.mozilla.org.xpi
FF Extension: newtaburl - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\newtaburl@sogame.cat.xpi
FF Extension: nosquint - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\nosquint@urandom.ca.xpi
FF Extension: sroussey - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\sroussey@illumination-for-developers.com.xpi
FF Extension: youtube2mp3 - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\youtube2mp3@mondayx.de.xpi
FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}.xpi
FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}.xpi
FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [PHPEditXdebugExtension@waterproof.fr] - C:\Program Files\PHPEdit\Tools\FirefoxExtension\unpacked
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files (x86)\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files (x86)\Avast5\WebRep\FF
FF HKCU\...\Firefox\Extensions: [finder@meingutscheincode.de] - C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox
FF HKCU\...\Firefox\Extensions: [PHPEditXdebugExtension@waterproof.fr] - C:\Program Files\PHPEdit\Tools\FirefoxExtension\unpacked

Chrome: 
=======
CHR Extension: (PHP Docs) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aofkhphjhkanpddmfmbckdlcajhnehlf\1.3_0
CHR Extension: (Web Developer) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4.1_0
CHR Extension: (YouTube) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Firebug Lite for Google Chrome\u2122) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0
CHR Extension: (Adblock Plus (Beta)) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0
CHR Extension: (Google Search) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Session Buddy) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko\2.1.3_0
CHR Extension: (FTP Free) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdgcfaoankkonoiichmblcfijkomfbn\2.5_0
CHR Extension: (avast! WebRep) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0
CHR Extension: (New Tab Redirect!) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.5_0
CHR Extension: (Mein Gutscheincode Finder) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfpelakfkbbkkdchaaaknckhoadkcbo\1.0.2_0
CHR Extension: (Popup HTML Editor) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjpagcblmlakmpcihopmpfknakkimjdh\0.2_0
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.10_0
CHR Extension: (Stylebot) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiaejidbmkiecgbjeifoejpgmdaleoha\1.7.3.1_0
CHR Extension: (Gmail) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [jgfpelakfkbbkkdchaaaknckhoadkcbo] - C:\Program Files (x86)\Mein Gutscheincode Finder\Chrome\chrome-extension.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Ingo\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 avast! Antivirus; C:\Program Files (x86)\Avast5\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 Backup Service Home-Dienst; C:\Program Files (x86)\Backup Service Home 3\BSHService.exe [17920 2012-02-15] (Alexander Seeliger Software)
R2 DHCPServer; F:\DHCP-Server\dhcpsrv.exe [106496 2011-12-17] (Uwe A. Ruttkamp)
S3 MyWiFiDHCPDNS; C:\PROGRAM FILES\INTEL\WIFI\BIN\PANDHCPDNS.EXE [340240 2011-05-02] ()
R2 Prosieben; D:\programme\maxdome\DCBin\DCService.exe [77032 2009-05-01] (Entriq, Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
S3 RServer3; C:\Windows\SysWOW64\rserver30\RServer3.exe [1246536 2007-10-31] (Famatech International Corp.)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 Secunia PSI Agent; D:\Programme\Secunia\PSI\PSIA.exe [993848 2011-01-10] (Secunia)
R2 Secunia Update Agent; D:\Programme\Secunia\PSI\sua.exe [399416 2011-01-10] (Secunia)
R3 SystemExplorerHelpService; D:\Programme\System Explorer\service\SystemExplorerService64.exe [807896 2012-05-21] (Mister Group)
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2009-12-18] ()
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2009-12-18] ()
S3 CrystalSysInfo; D:\Programme\MediaCoder\SysInfoX64.sys [18128 2007-09-25] ()
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [658944 2011-12-12] (Hauppauge Computer Works, Inc.)
S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [19840 2011-12-12] (Hauppauge Computer Works, Inc.)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 mirrorv3; C:\Windows\System32\DRIVERS\rminiv3.sys [5632 2007-08-17] (Famatech International Corp.)
R1 raddrvv3; C:\Windows\SysWOW64\rserver30\raddrvv3.sys [68632 2007-10-31] (Famatech International Corp.)
S1 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [15672 2011-09-08] ()
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-11-17] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-11-17] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-11-17] (Paragon)
U5 UnlockerDriver5; D:\Programme\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [x]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-03 13:02 - 2013-10-02 20:23 - 01954124 _____ (Farbar) C:\Users\Ingo\Desktop\FRST64.exe
2013-10-02 21:36 - 2013-10-02 21:36 - 00000000 ____D C:\Windows\ERUNT
2013-10-02 20:34 - 2013-10-02 20:34 - 00000000 ____D C:\FRST
2013-10-02 08:38 - 2013-10-02 20:22 - 00000000 ____D C:\Users\Ingo\Desktop\Trojanerboard Hilfen
2013-10-01 21:14 - 2013-10-01 21:36 - 00000000 ____D C:\AdwCleaner
2013-10-01 21:11 - 2013-10-01 21:11 - 00003152 _____ C:\Windows\System32\Tasks\{A968F0EA-B486-4AA9-A39A-1C751C1F20EA}
2013-10-01 20:11 - 2013-10-01 20:21 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-10-01 19:30 - 2013-10-01 19:29 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-01 19:30 - 2013-10-01 19:29 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-01 19:30 - 2013-10-01 19:29 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-01 19:30 - 2013-10-01 19:29 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-01 19:29 - 2013-10-01 19:29 - 00000000 ____D C:\Program Files\Java
2013-10-01 19:15 - 2013-10-01 22:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-28 11:41 - 2013-09-28 11:41 - 00001274 _____ C:\Users\Ingo\Desktop\WebCam.lnk
2013-09-23 17:46 - 2013-10-03 09:25 - 00014782 _____ C:\Windows\PFRO.log
2013-09-23 17:46 - 2013-10-03 09:25 - 00000952 _____ C:\Windows\setupact.log
2013-09-23 17:46 - 2013-09-23 17:46 - 00000000 _____ C:\Windows\setuperr.log
2013-09-22 12:37 - 2013-10-03 12:46 - 01254042 _____ C:\Windows\WindowsUpdate.log
2013-09-11 22:37 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 22:37 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 22:37 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 22:37 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 22:37 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 22:37 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 22:37 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 22:37 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 22:37 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 22:37 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 22:37 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 22:37 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 22:37 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 22:37 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 22:37 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 22:37 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 22:37 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 22:37 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 22:37 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 22:37 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 22:37 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-11 22:37 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-11 22:37 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-11 22:37 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 22:37 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-11 22:37 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 22:37 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 22:37 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 22:37 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-11 22:36 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 22:36 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 20:29 - 2013-09-24 18:16 - 00000000 ____D C:\Users\Ingo\Desktop\Iris
2013-09-11 20:22 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 20:20 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-11 20:20 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-11 20:20 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-11 20:20 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-11 20:20 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 20:20 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 20:20 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 20:20 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-11 20:20 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 20:20 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 20:20 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 20:20 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 20:20 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 20:20 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 20:20 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-11 20:19 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-11 20:19 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 20:19 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 20:19 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 20:19 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 20:19 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 20:17 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 20:16 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 20:16 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 20:16 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 20:16 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-08 14:11 - 2013-09-08 14:11 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7
2013-09-05 19:37 - 2013-09-05 19:48 - 00000000 ____D C:\Users\Ingo\Desktop\Ahnenforschung

==================== One Month Modified Files and Folders =======

2013-10-03 13:00 - 2010-08-31 21:05 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\clipdiary
2013-10-03 12:59 - 2012-03-31 22:10 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-03 12:51 - 2010-08-23 19:02 - 00000000 ____D C:\Users\Ingo
2013-10-03 12:46 - 2013-09-22 12:37 - 01254042 _____ C:\Windows\WindowsUpdate.log
2013-10-03 12:44 - 2012-02-02 09:56 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-03 12:44 - 2012-02-02 09:56 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-03 12:32 - 2013-01-22 21:06 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3237284612-487690776-1710373329-1001UA.job
2013-10-03 12:32 - 2013-01-22 21:06 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3237284612-487690776-1710373329-1001Core.job
2013-10-03 09:40 - 2009-07-14 06:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-03 09:40 - 2009-07-14 06:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-03 09:26 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-03 09:25 - 2013-09-23 17:46 - 00014782 _____ C:\Windows\PFRO.log
2013-10-03 09:25 - 2013-09-23 17:46 - 00000952 _____ C:\Windows\setupact.log
2013-10-02 21:36 - 2013-10-02 21:36 - 00000000 ____D C:\Windows\ERUNT
2013-10-02 20:34 - 2013-10-02 20:34 - 00000000 ____D C:\FRST
2013-10-02 20:23 - 2013-10-03 13:02 - 01954124 _____ (Farbar) C:\Users\Ingo\Desktop\FRST64.exe
2013-10-02 20:22 - 2013-10-02 08:38 - 00000000 ____D C:\Users\Ingo\Desktop\Trojanerboard Hilfen
2013-10-02 17:53 - 2012-07-04 20:05 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\KeePass
2013-10-02 17:52 - 2009-11-08 05:20 - 00700592 _____ C:\Windows\system32\perfh007.dat
2013-10-02 17:52 - 2009-11-08 05:20 - 00149356 _____ C:\Windows\system32\perfc007.dat
2013-10-02 17:52 - 2009-07-14 07:13 - 01622004 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-02 17:51 - 2012-09-14 18:21 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2013-10-02 17:15 - 2010-09-10 18:14 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CA70E5AD-9D55-49AB-9231-E8CBF2D6A45F}
2013-10-01 22:26 - 2013-10-01 19:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-01 21:41 - 2010-08-31 21:04 - 00000000 ___RD C:\Users\Ingo\Desktop\Wartung
2013-10-01 21:37 - 2012-04-23 20:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-01 21:36 - 2013-10-01 21:14 - 00000000 ____D C:\AdwCleaner
2013-10-01 21:34 - 2011-05-15 11:01 - 00000000 ____D C:\Program Files (x86)\NirSoft Utilities
2013-10-01 21:11 - 2013-10-01 21:11 - 00003152 _____ C:\Windows\System32\Tasks\{A968F0EA-B486-4AA9-A39A-1C751C1F20EA}
2013-10-01 20:21 - 2013-10-01 20:11 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-10-01 19:29 - 2013-10-01 19:30 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-01 19:29 - 2013-10-01 19:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-01 19:29 - 2013-10-01 19:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-01 19:29 - 2013-10-01 19:30 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-01 19:29 - 2013-10-01 19:29 - 00000000 ____D C:\Program Files\Java
2013-10-01 19:29 - 2013-01-22 23:25 - 01095080 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-10-01 19:29 - 2010-09-09 20:59 - 00973736 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-10-01 19:23 - 2009-11-07 22:02 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-10-01 19:17 - 2010-08-23 21:50 - 00000000 ____D C:\Users\Ingo\AppData\Local\Mozilla
2013-10-01 18:48 - 2012-07-25 10:39 - 00004166 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-10-01 18:46 - 2010-08-23 20:47 - 00000000 ____D C:\Program Files (x86)\Avast5
2013-10-01 18:45 - 2010-08-23 20:47 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-09-29 08:58 - 2010-10-11 20:41 - 00007680 _____ C:\Users\Ingo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-28 11:41 - 2013-09-28 11:41 - 00001274 _____ C:\Users\Ingo\Desktop\WebCam.lnk
2013-09-28 11:25 - 2013-03-05 21:35 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2013-09-24 18:16 - 2013-09-11 20:29 - 00000000 ____D C:\Users\Ingo\Desktop\Iris
2013-09-23 17:46 - 2013-09-23 17:46 - 00000000 _____ C:\Windows\setuperr.log
2013-09-22 12:37 - 2011-11-12 19:22 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-22 12:35 - 2009-09-07 03:57 - 00000000 ____D C:\Windows\Panther
2013-09-19 19:59 - 2012-03-31 22:10 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 19:59 - 2012-03-31 22:10 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-19 19:59 - 2011-05-21 12:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-15 10:48 - 2010-08-23 21:50 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\Mozilla
2013-09-13 19:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-12 19:53 - 2010-08-23 20:32 - 00000000 ___RD C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-12 19:53 - 2010-08-23 20:32 - 00000000 ___RD C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 19:53 - 2010-08-23 19:02 - 00000000 ___RD C:\Users\Ingo\Dokumente
2013-09-12 19:38 - 2009-07-14 06:45 - 00569096 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 22:36 - 2013-08-14 20:23 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 22:33 - 2010-08-23 21:06 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 22:33 - 2009-11-07 21:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-08 14:17 - 2011-05-03 12:00 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\vlc
2013-09-08 14:11 - 2013-09-08 14:11 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7
2013-09-08 14:11 - 2012-03-15 20:41 - 00000694 _____ C:\Users\UpdatusUser\Desktop\PhotoFiltre 7.lnk
2013-09-08 14:11 - 2012-03-15 20:41 - 00000694 _____ C:\Users\Gast\Desktop\PhotoFiltre 7.lnk
2013-09-08 14:11 - 2012-03-15 20:41 - 00000694 _____ C:\Users\Administrator\Desktop\PhotoFiltre 7.lnk
2013-09-05 19:48 - 2013-09-05 19:37 - 00000000 ____D C:\Users\Ingo\Desktop\Ahnenforschung

Files to move or delete:
====================
C:\ProgramData\kp_0loor.pad


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-01 19:53

==================== End Of Log ============================
         
--- --- ---


Vielen Dank und schöne Grüße,
imebro


Geändert von imebro (03.10.2013 um 12:05 Uhr)

Alt 04.10.2013, 01:49   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab - Standard

Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled ()
C:\ProgramData\kp_0loor.pad
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Noch Probleme?
__________________
--> Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab

Alt 05.10.2013, 10:49   #7
imebro
 
Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab - Standard

Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab



Hallo und danke für den weiteren Tipp.

Hier die Fixlog.txt:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by Ingo at 2013-10-04 22:15:38 Run:1
Running from C:\Users\Ingo\Desktop\Wartung\Trojanerboard Hilfen
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled ()
C:\ProgramData\kp_0loor.pad
*****************

C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled => Moved successfully.
C:\ProgramData\kp_0loor.pad => Moved successfully.

==== End of Fixlog ====
         
Also im Firefox erscheint jetzt wieder die richtige Startseite... :-)

Danke & schöne Grüße,
imebro

Was ich heute Morgen festgestellt habe, als ich das Laptop gestartet hatte, war, dass sich ein Explorer-Fenster öffnete mit folgendem Pfad:

"C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled"

Ich nehme an, das hat mit der LOG-Datei "Fixlog.txt" zu tun, da dieser Pfad auch dort genannt war.

Passiert das jetzt bei jedem Start?

Achjaaaa... muss ich jetzt noch etwas unternehmen? Im Grunde läuft alles ja wieder.

Danke für Deine super Hilfe und schöne Grüße,
imebro

Alt 05.10.2013, 11:39   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab - Standard

Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab



Zeig mal bitte einen Screenshot von dem Fenster und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.10.2013, 16:33   #9
imebro
 
Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab - Standard

Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab



Hallo und danke.

Hier der Link zum Screenshot:
"hxxp://s7.directupload.net/file/d/3401/rqbkuodi_jpg.htm"

** keine Ahnung wie man hier einen Link einsetzt - funktioniert irgendwie nicht anders. Daher schreibe ich es nur einfach so rein (hxxp ersetzen durch http) **

Und hier das neue FRST-Log:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Ingo (administrator) on INGOS-LAPTOP on 05-10-2013 17:30:10
Running from C:\Users\Ingo\Desktop\Wartung\Trojanerboard Hilfen
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IDT, Inc.) C:\PROGRAM FILES\IDT\WDM\STACSV64.EXE
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVXDSYNC.EXE
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVAST Software) C:\Program Files (x86)\Avast5\AvastSvc.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Andrea Electronics Corporation) C:\PROGRAM FILES\IDT\WDM\AESTSR64.EXE
(Alexander Seeliger Software) C:\Program Files (x86)\Backup Service Home 3\BSHService.exe
(JAM Software) d:\Programme\UltraSearch\UltraSearch.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Uwe A. Ruttkamp) F:\DHCP-Server\dhcpsrv.exe
(Intel(R) Corporation) C:\PROGRAM FILES\INTEL\WIFI\BIN\EVTENG.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NlsSrv32.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Entriq, Inc.) D:\programme\maxdome\DCBin\DCService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel(R) Corporation) C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\REGSRVC.EXE
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
() D:\Programme\Clipdiary\ClipDiary.exe
(Mirek Wojtowicz) C:\Program Files (x86)\MWSnap\MWSnap.exe
(Secunia) D:\Programme\Secunia\PSI\PSIA.exe
() D:\Programme\Desksave\DeskSave.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Jumping Bytes) C:\Program Files (x86)\PureSync\PureSyncTray.exe
(Mister Group) D:\Programme\System Explorer\SystemExplorer.exe
(Secunia) D:\Programme\Secunia\PSI\psi_tray.exe
(Mister Group) D:\Programme\System Explorer\service\SystemExplorerService64.exe
(Secunia) D:\Programme\Secunia\PSI\sua.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(AVAST Software) C:\Program Files (x86)\Avast5\AvastUI.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(EJIE Technology) D:\Programme\Clover\clover.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2000-01-01] (IDT, Inc.)
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKCU\...\Run: [clipdiary] - D:\Programme\Clipdiary\clipdiary.exe [208896 2007-05-22] ()
HKCU\...\Run: [MWSnap] - C:\Program Files (x86)\MWSnap\MWSnap.exe [427008 2002-07-06] (Mirek Wojtowicz)
HKCU\...\Run: [DeskSave] - D:\Programme\Desksave\DeskSave.exe [82944 2008-07-26] ()
HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKCU\...\Run: [PureSync] - C:\Program Files (x86)\PureSync\PureSyncTray.exe [907808 2013-04-29] (Jumping Bytes)
HKCU\...\Run: [SystemExplorerAutoStart] - D:\Programme\System Explorer\SystemExplorer.exe [2610648 2012-06-18] (Mister Group)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKLM-x32\...\Run: [AdressLittle] - D:\Programme\Adress Little 2.0\ageb.exe [65536 2009-03-13] (Joachim Stroemer)
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [avast] - C:\Program Files (x86)\Avast5\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2010624 2013-07-20] (Dominik Reichl)
HKU\Administrator\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKU\Administrator\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
HKU\Administrator\...\Run: [clipdiary] - D:\Programme\Clipdiary\clipdiary.exe [208896 2007-05-22] ()
HKU\Administrator\...\Run: [DriverMax] - [x]
HKU\Administrator\...\Run: [DriverMax_RESTART] - [x]
HKU\Administrator\...\Run: [PC Suite Tray] - "D:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
HKU\Administrator\...\Run: [phonostarTimer] - D:\Programme\phonostar-Player\phonostarTimer.exe
HKU\Administrator\...\Policies\system: [DisableLockWorkstation] 0
HKU\Administrator\...\Policies\system: [DisableChangePassword] 0
HKU\Gast\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKU\Gast\...\Run: [PC Suite Tray] - "D:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
HKU\Gast\...\Run: [SpywareTerminatorUpdate] - "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
HKU\Gast\...\Run: [ICQ] - C:\Users\Gast\AppData\Roaming\ICQ\Application\ICQ7.2\ICQ.exe [133432 2011-01-05] (ICQ, LLC.)
HKU\Gast\...\Policies\system: [DisableLockWorkstation] 0
HKU\Gast\...\Policies\system: [DisableChangePassword] 0
Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk
ShortcutTarget: Persbackup.lnk -> D:\Programme\Personal Backup 5\Persbackup.exe (J. Rathlev, IEAP, Uni-Kiel)
Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQNOT/4
SearchScopes: HKLM - DefaultScope {D4F58562-A3C4-48B7-AE7B-98467EA87900} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {D4F58562-A3C4-48B7-AE7B-98467EA87900} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKCU - {BA3E27DB-425D-4E00-AD57-83689D8ECADD} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: No Name - {11111111-1111-1111-1111-110311301136} -  No File
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files (x86)\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ExplorerWatcher Class - {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} - d:\Programme\Clover\TabHelper64.dll (EJIE Technology)
BHO-x32: No Name - {11111111-1111-1111-1111-110311301136} -  No File
BHO-x32: No Name - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} -  No File
BHO-x32: No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files (x86)\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -  No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files (x86)\Avast5\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files (x86)\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU -  No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} 
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [52272 2009-11-07] (EasyBits Software Corp.)
ShellExecuteHooks-x32:  - UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} -  No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{27B2EBF4-4FE1-4E15-85D3-A92B7F9110BF}: [NameServer]192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default
FF NewTab: hxxp://www.google.de
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 - D:\Programme\VLC-Player\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.0-git-20120125-2155 - D:\Programme\VLC-Player\npvlc.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - D:\Programme\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 - D:\Programme\VLC-Player\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Ingo\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Ingo\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Deutsches Wörterbuch, erweitert für Österreich - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\de-AT@dictionaries.addons.mozilla.org
FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\de-DE@dictionaries.addons.mozilla(2).org
FF Extension: Deutsches Wörterbuch - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\de-DE@dictionaries.addons.mozilla.org
FF Extension: Fast Translation - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\fasttrans@kemot
FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\fb_add_on@avm.de
FF Extension: FlashFirebug - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\flashfirebug@o-minds.com
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\ich@maltegoetz.de
FF Extension: Open Image In New Tab - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\imagetab@next.gen.nz
FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\linkalert.conlan@addons.mozilla.com
FF Extension: New Tab Button on Tab Right - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{05BF52F6-A4F9-48B9-84ED-F8D83762E619}(2)
FF Extension: Garmin Communicator - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF Extension: Metal Lion - iCe - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{1AFC82C3-0154-4b09-878B-D68500EFBE76}(2)
FF Extension: Html Validator - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
FF Extension: Modern Modoki - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{4a428302-5267-4749-bb22-459b3236695f}(2)
FF Extension: Walnut for Firefox - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}(2)
FF Extension: ColorZilla - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF Extension: Modern Aluminum - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{835A3F80-DF39-11D9-A0B5-000D0B3AEB26}(2)
FF Extension: BugMeNot - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
FF Extension: DownloadHelper - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: DownloadHelper - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
FF Extension: Whitehart - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9}(2)
FF Extension: Fox!Box - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
FF Extension: Print - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{f199da35-0a9a-4ce9-8f59-c68524deba93}
FF Extension: aeroimproved - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\aeroimproved@rsjtdrjgfuzkfg.com.xpi
FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\Extensions.001
FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\Extensions.rdf
FF Extension: firebug - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: firebug - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\firebug@tools.sitepoint.com.xpi
FF Extension: FirePHPExtension-Build - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\FirePHPExtension-Build@firephp.org.xpi
FF Extension: guiconfig - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\guiconfig@slosd.net.xpi
FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\installed-extensions.txt
FF Extension: langpack-de - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\langpack-de@firefox.mozilla.org.xpi
FF Extension: newtaburl - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\newtaburl@sogame.cat.xpi
FF Extension: nosquint - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\nosquint@urandom.ca.xpi
FF Extension: sroussey - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\sroussey@illumination-for-developers.com.xpi
FF Extension: youtube2mp3 - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\youtube2mp3@mondayx.de.xpi
FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}.xpi
FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}.xpi
FF Extension: No Name - C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n64mq0a4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [PHPEditXdebugExtension@waterproof.fr] - C:\Program Files\PHPEdit\Tools\FirefoxExtension\unpacked
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files (x86)\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files (x86)\Avast5\WebRep\FF
FF HKCU\...\Firefox\Extensions: [finder@meingutscheincode.de] - C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox
FF HKCU\...\Firefox\Extensions: [PHPEditXdebugExtension@waterproof.fr] - C:\Program Files\PHPEdit\Tools\FirefoxExtension\unpacked

Chrome: 
=======
CHR Extension: (PHP Docs) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aofkhphjhkanpddmfmbckdlcajhnehlf\1.3_0
CHR Extension: (Web Developer) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4.1_0
CHR Extension: (YouTube) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Firebug Lite for Google Chrome\u2122) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0
CHR Extension: (Adblock Plus (Beta)) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0
CHR Extension: (Google Search) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Session Buddy) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko\2.1.3_0
CHR Extension: (avast! WebRep) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0
CHR Extension: (New Tab Redirect!) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.5_0
CHR Extension: (Mein Gutscheincode Finder) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfpelakfkbbkkdchaaaknckhoadkcbo\1.0.2_0
CHR Extension: (Popup HTML Editor) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjpagcblmlakmpcihopmpfknakkimjdh\0.2_0
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.10_0
CHR Extension: (Stylebot) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiaejidbmkiecgbjeifoejpgmdaleoha\1.7.3.1_0
CHR Extension: (Gmail) - C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [jgfpelakfkbbkkdchaaaknckhoadkcbo] - C:\Program Files (x86)\Mein Gutscheincode Finder\Chrome\chrome-extension.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Ingo\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 avast! Antivirus; C:\Program Files (x86)\Avast5\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 Backup Service Home-Dienst; C:\Program Files (x86)\Backup Service Home 3\BSHService.exe [17920 2012-02-15] (Alexander Seeliger Software)
R2 DHCPServer; F:\DHCP-Server\dhcpsrv.exe [106496 2011-12-17] (Uwe A. Ruttkamp)
S3 MyWiFiDHCPDNS; C:\PROGRAM FILES\INTEL\WIFI\BIN\PANDHCPDNS.EXE [340240 2011-05-02] ()
R2 Prosieben; D:\programme\maxdome\DCBin\DCService.exe [77032 2009-05-01] (Entriq, Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
S3 RServer3; C:\Windows\SysWOW64\rserver30\RServer3.exe [1246536 2007-10-31] (Famatech International Corp.)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 Secunia PSI Agent; D:\Programme\Secunia\PSI\PSIA.exe [993848 2011-01-10] (Secunia)
R2 Secunia Update Agent; D:\Programme\Secunia\PSI\sua.exe [399416 2011-01-10] (Secunia)
R3 SystemExplorerHelpService; D:\Programme\System Explorer\service\SystemExplorerService64.exe [807896 2012-05-21] (Mister Group)
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2009-12-18] ()
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2009-12-18] ()
S3 CrystalSysInfo; D:\Programme\MediaCoder\SysInfoX64.sys [18128 2007-09-25] ()
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [658944 2011-12-12] (Hauppauge Computer Works, Inc.)
S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [19840 2011-12-12] (Hauppauge Computer Works, Inc.)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 mirrorv3; C:\Windows\System32\DRIVERS\rminiv3.sys [5632 2007-08-17] (Famatech International Corp.)
R1 raddrvv3; C:\Windows\SysWOW64\rserver30\raddrvv3.sys [68632 2007-10-31] (Famatech International Corp.)
S1 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [15672 2011-09-08] ()
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-11-17] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-11-17] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-11-17] (Paragon)
U5 UnlockerDriver5; D:\Programme\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [x]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-05 10:01 - 2013-10-05 16:15 - 00000112 _____ C:\Windows\setupact.log
2013-10-05 10:01 - 2013-10-05 10:01 - 00000000 _____ C:\Windows\setuperr.log
2013-10-05 09:59 - 2013-10-05 16:15 - 00000592 _____ C:\Windows\PFRO.log
2013-10-02 21:36 - 2013-10-02 21:36 - 00000000 ____D C:\Windows\ERUNT
2013-10-02 20:34 - 2013-10-02 20:34 - 00000000 ____D C:\FRST
2013-10-01 21:14 - 2013-10-01 21:36 - 00000000 ____D C:\AdwCleaner
2013-10-01 21:11 - 2013-10-01 21:11 - 00003152 _____ C:\Windows\System32\Tasks\{A968F0EA-B486-4AA9-A39A-1C751C1F20EA}
2013-10-01 20:11 - 2013-10-01 20:21 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-10-01 19:30 - 2013-10-01 19:29 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-01 19:30 - 2013-10-01 19:29 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-01 19:30 - 2013-10-01 19:29 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-01 19:30 - 2013-10-01 19:29 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-01 19:29 - 2013-10-01 19:29 - 00000000 ____D C:\Program Files\Java
2013-10-01 19:15 - 2013-10-01 22:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-28 11:41 - 2013-09-28 11:41 - 00001274 _____ C:\Users\Ingo\Desktop\WebCam.lnk
2013-09-22 12:37 - 2013-10-05 16:22 - 01479143 _____ C:\Windows\WindowsUpdate.log
2013-09-11 22:37 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 22:37 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 22:37 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 22:37 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 22:37 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 22:37 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 22:37 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 22:37 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 22:37 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 22:37 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 22:37 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 22:37 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 22:37 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 22:37 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 22:37 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 22:37 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 22:37 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 22:37 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 22:37 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 22:37 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 22:37 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-11 22:37 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-11 22:37 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-11 22:37 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 22:37 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-11 22:37 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 22:37 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 22:37 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 22:37 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-11 22:36 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 22:36 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 20:29 - 2013-09-24 18:16 - 00000000 ____D C:\Users\Ingo\Desktop\Iris
2013-09-11 20:22 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 20:20 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-11 20:20 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-11 20:20 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-11 20:20 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-11 20:20 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 20:20 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 20:20 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 20:20 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-11 20:20 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 20:20 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 20:20 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 20:20 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 20:20 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 20:20 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 20:20 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-11 20:19 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-11 20:19 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 20:19 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 20:19 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 20:19 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 20:19 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 20:19 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 20:17 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 20:16 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 20:16 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 20:16 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 20:16 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-08 14:11 - 2013-09-08 14:11 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7
2013-09-05 19:37 - 2013-09-05 19:48 - 00000000 ____D C:\Users\Ingo\Desktop\Ahnenforschung

==================== One Month Modified Files and Folders =======

2013-10-05 17:28 - 2010-08-31 21:05 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\clipdiary
2013-10-05 17:06 - 2010-08-23 19:02 - 00000000 ____D C:\Users\Ingo
2013-10-05 16:59 - 2012-03-31 22:10 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-05 16:44 - 2012-02-02 09:56 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-05 16:36 - 2013-01-22 21:06 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3237284612-487690776-1710373329-1001UA.job
2013-10-05 16:24 - 2009-07-14 06:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-05 16:24 - 2009-07-14 06:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-05 16:22 - 2013-09-22 12:37 - 01479143 _____ C:\Windows\WindowsUpdate.log
2013-10-05 16:21 - 2009-11-08 05:20 - 00700592 _____ C:\Windows\system32\perfh007.dat
2013-10-05 16:21 - 2009-11-08 05:20 - 00149356 _____ C:\Windows\system32\perfc007.dat
2013-10-05 16:21 - 2009-07-14 07:13 - 01622004 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-05 16:17 - 2012-07-25 10:39 - 00004166 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-10-05 16:15 - 2013-10-05 10:01 - 00000112 _____ C:\Windows\setupact.log
2013-10-05 16:15 - 2013-10-05 09:59 - 00000592 _____ C:\Windows\PFRO.log
2013-10-05 16:15 - 2012-02-02 09:56 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-05 16:15 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-05 12:51 - 2010-08-31 21:14 - 00000000 ____D C:\Users\Ingo\Desktop\Tools
2013-10-05 12:32 - 2013-01-22 21:06 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3237284612-487690776-1710373329-1001Core.job
2013-10-05 10:14 - 2010-09-10 18:14 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CA70E5AD-9D55-49AB-9231-E8CBF2D6A45F}
2013-10-05 10:01 - 2013-10-05 10:01 - 00000000 _____ C:\Windows\setuperr.log
2013-10-04 22:42 - 2011-11-12 19:22 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-03 17:40 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-03 13:38 - 2010-08-31 21:04 - 00000000 ___RD C:\Users\Ingo\Desktop\Wartung
2013-10-02 21:36 - 2013-10-02 21:36 - 00000000 ____D C:\Windows\ERUNT
2013-10-02 20:34 - 2013-10-02 20:34 - 00000000 ____D C:\FRST
2013-10-02 17:53 - 2012-07-04 20:05 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\KeePass
2013-10-02 17:51 - 2012-09-14 18:21 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2013-10-01 22:26 - 2013-10-01 19:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-01 21:37 - 2012-04-23 20:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-01 21:36 - 2013-10-01 21:14 - 00000000 ____D C:\AdwCleaner
2013-10-01 21:34 - 2011-05-15 11:01 - 00000000 ____D C:\Program Files (x86)\NirSoft Utilities
2013-10-01 21:11 - 2013-10-01 21:11 - 00003152 _____ C:\Windows\System32\Tasks\{A968F0EA-B486-4AA9-A39A-1C751C1F20EA}
2013-10-01 20:21 - 2013-10-01 20:11 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-10-01 19:29 - 2013-10-01 19:30 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-01 19:29 - 2013-10-01 19:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-01 19:29 - 2013-10-01 19:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-01 19:29 - 2013-10-01 19:30 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-01 19:29 - 2013-10-01 19:29 - 00000000 ____D C:\Program Files\Java
2013-10-01 19:29 - 2013-01-22 23:25 - 01095080 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-10-01 19:29 - 2010-09-09 20:59 - 00973736 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-10-01 19:23 - 2009-11-07 22:02 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-10-01 19:17 - 2010-08-23 21:50 - 00000000 ____D C:\Users\Ingo\AppData\Local\Mozilla
2013-10-01 18:46 - 2010-08-23 20:47 - 00000000 ____D C:\Program Files (x86)\Avast5
2013-10-01 18:45 - 2010-08-23 20:47 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-09-29 08:58 - 2010-10-11 20:41 - 00007680 _____ C:\Users\Ingo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-28 11:41 - 2013-09-28 11:41 - 00001274 _____ C:\Users\Ingo\Desktop\WebCam.lnk
2013-09-28 11:25 - 2013-03-05 21:35 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2013-09-24 18:16 - 2013-09-11 20:29 - 00000000 ____D C:\Users\Ingo\Desktop\Iris
2013-09-22 12:35 - 2009-09-07 03:57 - 00000000 ____D C:\Windows\Panther
2013-09-19 19:59 - 2012-03-31 22:10 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 19:59 - 2012-03-31 22:10 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-19 19:59 - 2011-05-21 12:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-15 10:48 - 2010-08-23 21:50 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\Mozilla
2013-09-13 19:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-12 19:53 - 2010-08-23 20:32 - 00000000 ___RD C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-12 19:53 - 2010-08-23 20:32 - 00000000 ___RD C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 19:53 - 2010-08-23 19:02 - 00000000 ___RD C:\Users\Ingo\Dokumente
2013-09-12 19:38 - 2009-07-14 06:45 - 00569096 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 22:36 - 2013-08-14 20:23 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 22:33 - 2010-08-23 21:06 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 22:33 - 2009-11-07 21:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-08 14:17 - 2011-05-03 12:00 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\vlc
2013-09-08 14:11 - 2013-09-08 14:11 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7
2013-09-08 14:11 - 2012-03-15 20:41 - 00000694 _____ C:\Users\UpdatusUser\Desktop\PhotoFiltre 7.lnk
2013-09-08 14:11 - 2012-03-15 20:41 - 00000694 _____ C:\Users\Gast\Desktop\PhotoFiltre 7.lnk
2013-09-08 14:11 - 2012-03-15 20:41 - 00000694 _____ C:\Users\Administrator\Desktop\PhotoFiltre 7.lnk
2013-09-05 19:48 - 2013-09-05 19:37 - 00000000 ____D C:\Users\Ingo\Desktop\Ahnenforschung

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-01 19:53

==================== End Of Log ============================
         
--- --- ---


Schöne Grüße,
imebro

Geändert von imebro (05.10.2013 um 16:57 Uhr)

Alt 05.10.2013, 19:47   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab - Standard

Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab



Navigiere im Explorer mal zu dem angegebenen Autostart Ordner und lösche was drin is.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKCU\...\Run: [SystemExplorerAutoStart] - D:\Programme\System Explorer\SystemExplorer.exe [2610648 2012-06-18] (Mister Group)
Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled ()
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.10.2013, 09:35   #11
imebro
 
Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab - Standard

Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab



Hallo...

Hier die Fixlog.txt:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by Ingo at 2013-10-05 21:13:53 Run:2
Running from C:\Users\Ingo\Desktop\Wartung\Trojanerboard Hilfen
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\...\Run: [SystemExplorerAutoStart] - D:\Programme\System Explorer\SystemExplorer.exe [2610648 2012-06-18] (Mister Group)
Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled ()
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\SystemExplorerAutoStart => Value deleted successfully.
"C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled" => Could not move.

==== End of Fixlog ====
         
Schöne Grüße,
imebro

---------------------------

Und auch heute Morgen wurde beim Start des Laptops wieder das Explorer-Fenster geöffnet "SystemExplorerDisab".

Hier der Screenshot:


Oder hier wieder der Direktlink (wieder hxxp durch http ersetzen):
hxxp://www.bilder-hochladen.net/files/erc4-3-eccb.jpg

Wie kann ich das verhindern?

Danke & schöne Grüße,
imebro

Geändert von imebro (06.10.2013 um 09:41 Uhr)

Alt 06.10.2013, 16:39   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab - Standard

Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab



Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
  • Doppelklick auf die OTL.exe
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimal Ausgabe
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.10.2013, 19:06   #13
imebro
 
Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab - Standard

Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab



OK... habe die OTL-Logfiles nun erstellt.

Logfile 1:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.10.2013 19:31:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ingo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 36,15% Memory free
7,93 Gb Paging File | 5,02 Gb Available in Paging File | 63,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 125,46 Gb Total Space | 48,73 Gb Free Space | 38,84% Space Free | Partition Type: NTFS
Drive D: | 88,36 Gb Total Space | 77,89 Gb Free Space | 88,15% Space Free | Partition Type: NTFS
Drive F: | 19,53 Gb Total Space | 6,90 Gb Free Space | 35,33% Space Free | Partition Type: NTFS
Drive G: | 37,11 Gb Total Space | 11,07 Gb Free Space | 29,84% Space Free | Partition Type: NTFS
Drive H: | 14,67 Gb Total Space | 7,92 Gb Free Space | 54,01% Space Free | Partition Type: NTFS
Drive X: | 12,76 Gb Total Space | 2,13 Gb Free Space | 16,69% Space Free | Partition Type: NTFS
 
Computer Name: INGOS-LAPTOP | User Name: Ingo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Ingo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Users\Ingo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files (x86)\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\PureSync\PureSyncTray.exe (Jumping Bytes)
PRC - d:\Programme\UltraSearch\UltraSearch.exe (JAM Software)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - F:\DHCP-Server\dhcpsrv.exe (Uwe A. Ruttkamp)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - D:\Programme\Secunia\PSI\psia.exe (Secunia)
PRC - D:\Programme\Secunia\PSI\sua.exe (Secunia)
PRC - D:\Programme\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Windows\SysWOW64\NlsSrv32.exe (Nalpeiron Ltd.)
PRC - D:\Programme\maxdome\DCBin\DCService.exe (Entriq, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - D:\Programme\Desksave\DeskSave.exe ()
PRC - D:\Programme\Clipdiary\ClipDiary.exe ()
PRC - C:\Program Files (x86)\MWSnap\MWSnap.exe (Mirek Wojtowicz)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Ingo\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - D:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Users\Ingo\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
MOD - D:\Programme\Desksave\DeskSave.exe ()
MOD - D:\Programme\Clipdiary\ClipDiary.exe ()
MOD - D:\Programme\Clipdiary\sqlite3.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files (x86)\Avast5\AvastSvc.exe (AVAST Software)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (SystemExplorerHelpService) -- D:\Programme\System Explorer\service\SystemExplorerService64.exe (Mister Group)
SRV - (SamsungAllShareV2.0) -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.)
SRV - (SimpleSlideShowServer) -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe (Samsung Electronics Co., Ltd.)
SRV - (Backup Service Home-Dienst) -- C:\Program Files (x86)\Backup Service Home 3\BSHService.exe (Alexander Seeliger Software)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (DHCPServer) -- F:\DHCP-Server\dhcpsrv.exe (Uwe A. Ruttkamp)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Secunia PSI Agent) -- D:\Programme\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- D:\Programme\Secunia\PSI\sua.exe (Secunia)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (LVPrcS64) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\NlsSrv32.exe (Nalpeiron Ltd.)
SRV - (Prosieben) -- D:\programme\maxdome\DCBin\DCService.exe (Entriq, Inc.)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (AAV UpdateService) -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (RServer3) -- C:\Windows\SysWOW64\rserver30\RServer3.exe (Famatech International Corp.)
SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Programme\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (hcw95rc) -- C:\Windows\SysNative\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hcw95bda) -- C:\Windows\SysNative\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows (R) 2000 DDK provider)
DRV:64bit: - (Uim_VIM) -- C:\Windows\SysNative\drivers\uim_vimx64.sys (Paragon)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys ()
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (NETw1v64) -- C:\Windows\SysNative\drivers\NETw1v64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (mirrorv3) -- C:\Windows\SysNative\drivers\rminiv3.sys (Famatech International Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV - (cleanhlp) -- D:\Programme\Emsisoft Emergency Kit\Run\cleanhlp64.sys (Emsisoft GmbH)
DRV - (UnlockerDriver5) -- D:\Programme\Unlocker\UnlockerDriver5.sys ()
DRV - (cpudrv64) -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys ()
DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (raddrvv3) -- C:\Windows\SysWOW64\rserver30\raddrvv3.sys (Famatech International Corp.)
DRV - (CrystalSysInfo) -- D:\Programme\MediaCoder\SysInfoX64.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D4F58562-A3C4-48B7-AE7B-98467EA87900}
IE:64bit: - HKLM\..\SearchScopes\{D4F58562-A3C4-48B7-AE7B-98467EA87900}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D4F58562-A3C4-48B7-AE7B-98467EA87900}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQNOT/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
IE - HKCU\..\SearchScopes,DefaultScope = {D4F58562-A3C4-48B7-AE7B-98467EA87900}
IE - HKCU\..\SearchScopes\{BA3E27DB-425D-4E00-AD57-83689D8ECADD}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\..\SearchScopes\{D4F58562-A3C4-48B7-AE7B-98467EA87900}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: "hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: de-AT@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {2E18002D-DF43-4c65-9FDA-40D02F066D9E}:1.6.1
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.1.1
FF - prefs.js..extensions.enabledItems: fb_add_on@avm.de:1.5.5
FF - prefs.js..extensions.enabledItems: {cdbbb3f6-a50e-4b20-a154-5fcbb3bbf43d}:1.2.6
FF - prefs.js..extensions.enabledItems: linkalert.conlan@addons.mozilla.com:1.0.1
FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.2
FF - prefs.js..extensions.enabledItems: imagetab@next.gen.nz:1.1
FF - prefs.js..extensions.enabledItems: {c151d79e-e61b-4a90-a887-5a46d38fba99}:2.6
FF - prefs.js..extensions.enabledItems: {f199da35-0a9a-4ce9-8f59-c68524deba93}:0.3.3
FF - prefs.js..extensions.enabledItems: {9ab67d74-ec41-4cb2-b417-df5d93ba1beb}:1.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: info@youtube-mp3.org:1.0.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: D:\Programme\VLC-Player\npvlc.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0-git-20120125-2155: D:\Programme\VLC-Player\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: D:\Programme\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: D:\Programme\VLC-Player\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ingo\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ingo\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\PHPEditXdebugExtension@waterproof.fr: C:\Program Files\PHPEdit\Tools\FirefoxExtension\unpacked
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files (x86)\Avast5\WebRep\FF [2013.10.01 18:45:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.10.01 19:15:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.10.01 19:15:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\PHPEditXdebugExtension@waterproof.fr: C:\Program Files\PHPEdit\Tools\FirefoxExtension\unpacked
 
[2010.12.20 20:44:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\Extensions
[2010.12.20 20:44:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de
[2013.10.01 21:35:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions
[2010.08.26 21:41:48 | 000,000,000 | ---D | M] (New Tab Button Position) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{05BF52F6-A4F9-48B9-84ED-F8D83762E619}
[2010.08.26 21:41:48 | 000,000,000 | ---D | M] (New Tab Button on Tab Right) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{05BF52F6-A4F9-48B9-84ED-F8D83762E619}(2)
[2010.08.26 21:41:47 | 000,000,000 | ---D | M] ("Open Long Url [de]") -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{10F04CC7-50E2-4564-99EC-6E9B27985908}
[2010.08.26 21:41:46 | 000,000,000 | ---D | M] (Metal Lion - iCe) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{1AFC82C3-0154-4b09-878B-D68500EFBE76}(2)
[2010.08.26 21:41:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.26 21:41:44 | 000,000,000 | ---D | M] (Extended Copy Menu) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{2E18002D-DF43-4c65-9FDA-40D02F066D9E}
[2010.08.26 21:41:44 | 000,000,000 | ---D | M] (Modern Modoki) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{4a428302-5267-4749-bb22-459b3236695f}(2)
[2010.08.26 21:41:43 | 000,000,000 | ---D | M] (Walnut for Firefox) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}(2)
[2010.08.26 21:41:43 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2010.08.26 21:41:42 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010.08.26 21:41:39 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.08.26 21:41:35 | 000,000,000 | ---D | M] (TableTools) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{7C7F5C11-4ACD-4CDB-9293-2E3F46654E2A}
[2010.08.26 21:41:34 | 000,000,000 | ---D | M] (Modern Aluminum) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{835A3F80-DF39-11D9-A0B5-000D0B3AEB26}(2)
[2010.08.26 21:41:34 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010.08.26 21:41:34 | 000,000,000 | ---D | M] (Table2Clipboard) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}
[2010.08.26 21:41:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.08.26 21:41:30 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
[2010.08.26 21:41:29 | 000,000,000 | ---D | M] (Pearl Crescent Page Saver Basic) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}
[2010.08.26 21:41:28 | 000,000,000 | ---D | M] (Plain Text to Link [de]) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{C90B0826-5A17-4970-A5BF-A43D22452E21}
[2010.08.26 21:41:26 | 000,000,000 | ---D | M] (JavaScript Options) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{cdbbb3f6-a50e-4b20-a154-5fcbb3bbf43d}
[2010.08.26 21:41:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.08.26 21:41:24 | 000,000,000 | ---D | M] (Whitehart) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9}(2)
[2010.08.26 21:41:22 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.08.26 21:41:21 | 000,000,000 | ---D | M] (Print) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{f199da35-0a9a-4ce9-8f59-c68524deba93}
[2010.08.26 21:41:21 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2010.08.26 21:42:06 | 000,000,000 | ---D | M] (German Dictionary, extended for Austria) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\de-AT@dictionaries.addons.mozilla.org
[2010.08.26 21:41:54 | 000,000,000 | ---D | M] ("Deutsches Wörterbuch">) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\de-DE@dictionaries.addons.mozilla(2).org
[2010.08.26 21:41:50 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\fb_add_on@avm.de
[2010.08.26 21:41:49 | 000,000,000 | ---D | M] (Open Image In New Tab) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\imagetab@next.gen.nz
[2010.08.26 21:41:49 | 000,000,000 | ---D | M] (YouTube mp3) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\info@youtube-mp3.org
[2010.08.26 21:41:48 | 000,000,000 | ---D | M] ("Link Alert") -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\lo97a2qd.default\extensions\linkalert.conlan@addons.mozilla.com
[2013.10.04 20:57:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions
[2010.08.26 22:11:32 | 000,000,000 | ---D | M] (New Tab Button on Tab Right) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\{05BF52F6-A4F9-48B9-84ED-F8D83762E619}(2)
[2012.12.01 11:55:27 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010.08.26 22:11:32 | 000,000,000 | ---D | M] (Metal Lion - iCe) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\{1AFC82C3-0154-4b09-878B-D68500EFBE76}(2)
[2012.11.29 18:51:52 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2010.08.26 22:11:32 | 000,000,000 | ---D | M] (Modern Modoki) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\{4a428302-5267-4749-bb22-459b3236695f}(2)
[2010.08.26 22:11:33 | 000,000,000 | ---D | M] (Walnut for Firefox) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}(2)
[2012.08.02 08:29:08 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010.08.26 22:11:33 | 000,000,000 | ---D | M] (Modern Aluminum) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\{835A3F80-DF39-11D9-A0B5-000D0B3AEB26}(2)
[2010.08.26 22:11:34 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2013.08.28 20:09:11 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.08.26 22:11:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
[2010.08.26 22:11:36 | 000,000,000 | ---D | M] (Whitehart) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9}(2)
[2011.01.22 15:17:50 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2011.02.17 19:36:05 | 000,000,000 | ---D | M] (Print) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\{f199da35-0a9a-4ce9-8f59-c68524deba93}
[2012.10.14 15:59:40 | 000,000,000 | ---D | M] (German Dictionary, extended for Austria) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\de-AT@dictionaries.addons.mozilla.org
[2010.08.26 22:11:31 | 000,000,000 | ---D | M] ("Deutsches Wörterbuch">) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\de-DE@dictionaries.addons.mozilla(2).org
[2012.10.14 15:59:40 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2013.07.21 17:19:05 | 000,000,000 | ---D | M] (Fast Translation) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\fasttrans@kemot
[2013.04.14 09:36:37 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\fb_add_on@avm.de
[2013.06.22 14:59:43 | 000,000,000 | ---D | M] (FlashFirebug) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\flashfirebug@o-minds.com
[2013.07.25 16:09:51 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\ich@maltegoetz.de
[2010.08.26 22:11:32 | 000,000,000 | ---D | M] (Open Image In New Tab) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\imagetab@next.gen.nz
[2011.03.16 19:22:46 | 000,000,000 | ---D | M] ("Link Alert") -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\n64mq0a4.default\extensions\linkalert.conlan@addons.mozilla.com
[2006.11.08 22:56:36 | 000,461,885 | ---- | M] () (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\lo97a2qd.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}(2)\chrome(2)\tmp.xpi
[2006.11.08 22:45:26 | 000,290,557 | ---- | M] () (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\lo97a2qd.default\extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9}(2)\chrome(2)\tmp.xpi
[2013.07.02 19:25:32 | 000,853,030 | ---- | M] () (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\extensions\aeroimproved@rsjtdrjgfuzkfg.com.xpi
[2013.10.04 20:57:12 | 002,209,401 | ---- | M] () (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\extensions\firebug@software.joehewitt.com.xpi
[2012.04.19 20:45:38 | 000,870,767 | ---- | M] () (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\extensions\firebug@tools.sitepoint.com.xpi
[2013.09.07 16:36:58 | 000,084,201 | ---- | M] () (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\extensions\FirePHPExtension-Build@firephp.org.xpi
[2011.10.19 14:08:19 | 000,174,405 | ---- | M] () (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\extensions\guiconfig@slosd.net.xpi
[2013.10.01 19:17:54 | 000,348,387 | ---- | M] () (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\extensions\langpack-de@firefox.mozilla.org.xpi
[2013.10.02 23:09:38 | 000,051,994 | ---- | M] () (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\extensions\newtaburl@sogame.cat.xpi
[2013.05.04 09:13:34 | 000,114,250 | ---- | M] () (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\extensions\nosquint@urandom.ca.xpi
[2013.08.03 11:24:46 | 000,276,275 | ---- | M] () (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\extensions\sroussey@illumination-for-developers.com.xpi
[2012.03.01 20:11:10 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\extensions\youtube2mp3@mondayx.de.xpi
[2011.08.12 19:36:49 | 000,031,532 | ---- | M] () (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}.xpi
[2013.08.02 10:44:07 | 000,224,035 | ---- | M] () (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012.07.20 16:24:40 | 000,111,899 | ---- | M] () (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}.xpi
[2013.07.31 09:39:45 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2006.11.08 22:56:36 | 000,461,885 | ---- | M] () (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}(2)\chrome(2)\tmp.xpi
[2006.11.08 22:45:26 | 000,290,557 | ---- | M] () (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n64mq0a4.default\extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9}(2)\chrome(2)\tmp.xpi
[2013.10.01 19:15:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.10.01 19:15:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\{2E18002D-DF43-4C65-9FDA-40D02F066D9E}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\{66E978CD-981F-47DF-AC42-E3CF417C1467}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\{6AC85730-7D0F-4DE0-B3FA-21142DD85326}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\{987311C6-B504-4AA2-90BF-60CC49808D42}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\{9AB67D74-EC41-4CB2-B417-DF5D93BA1BEB}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\{C151D79E-E61B-4A90-A887-5A46D38FBA99}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\{C50CA3C4-5656-43C2-A061-13E717F73FC8}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\{CDBBB3F6-A50E-4B20-A154-5FCBB3BBF43D}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\{F199DA35-0A9A-4CE9-8F59-C68524DEBA93}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\DE-AT@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\FB_ADD_ON@AVM.DE
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\IMAGETAB@NEXT.GEN.NZ
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\INFO@YOUTUBE-MP3.ORG
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INGO-M\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LO97A2QD.DEFAULT\EXTENSIONS\LINKALERT.CONLAN@ADDONS.MOZILLA.COM
File not found (No name found) -- D:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
File not found (No name found) -- D:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
File not found (No name found) -- D:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
File not found (No name found) -- D:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
File not found (No name found) -- D:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- D:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.09.21 20:48:15 | 000,065,536 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npfoxitpdf.dll
[2010.10.27 14:41:47 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2009.08.03 15:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npOGAPlugin.dll
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: 
CHR - Extension: No name found = C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aofkhphjhkanpddmfmbckdlcajhnehlf\1.3_0\
CHR - Extension: No name found = C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4.1_0\
CHR - Extension: No name found = C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0\
CHR - Extension: No name found = C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: No name found = C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko\2.1.3_0\
CHR - Extension: No name found = C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: No name found = C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: No name found = C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.5_0\
CHR - Extension: No name found = C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfpelakfkbbkkdchaaaknckhoadkcbo\1.0.2_0\
CHR - Extension: No name found = C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjpagcblmlakmpcihopmpfknakkimjdh\0.2_0\
CHR - Extension: No name found = C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.10_0\
CHR - Extension: No name found = C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.9_0\
CHR - Extension: No name found = C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiaejidbmkiecgbjeifoejpgmdaleoha\1.7.3.1_0\
CHR - Extension: No name found = C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiaejidbmkiecgbjeifoejpgmdaleoha\1.7_0\
CHR - Extension: No name found = C:\Users\Ingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {11111111-1111-1111-1111-110311301136} - No CLSID value found.
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files (x86)\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (ExplorerWatcher Class) - {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} - d:\Programme\Clover\TabHelper64.dll (EJIE Technology)
O2 - BHO: (no name) - {11111111-1111-1111-1111-110311301136} - No CLSID value found.
O2 - BHO: (no name) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - No CLSID value found.
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files (x86)\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files (x86)\Avast5\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files (x86)\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AdressLittle] D:\Programme\Adress Little 2.0\ageb.exe (Joachim Stroemer)
O4 - HKLM..\Run: [avast] C:\Program Files (x86)\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKCU..\Run: [clipdiary] D:\Programme\Clipdiary\ClipDiary.exe ()
O4 - HKCU..\Run: [DeskSave] D:\Programme\Desksave\DeskSave.exe ()
O4 - HKCU..\Run: [MWSnap] C:\Program Files (x86)\MWSnap\MWSnap.exe (Mirek Wojtowicz)
O4 - HKCU..\Run: [PureSync] C:\Program Files (x86)\PureSync\PureSyncTray.exe (Jumping Bytes)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ingo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk = D:\Programme\Personal Backup 5\Persbackup.exe (J. Rathlev, IEAP, Uni-Kiel)
O4 - Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled [2013.10.04 22:15:38 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: add to &BOM - D:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Ingo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ingo\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm File not found
O8 - Extra context menu item: add to &BOM - D:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Ingo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ingo\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27B2EBF4-4FE1-4E15-85D3-A92B7F9110BF}: NameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0DE66A5-7F08-4BB9-B55E-D34FE758B7CE}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O28 - HKLM ShellExecuteHooks: UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.03.12 23:30:26 | 000,000,000 | ---D | M] - F:\Auto-Shutdown -- [ NTFS ]
O32 - AutoRun File - [2010.08.24 20:32:47 | 000,000,000 | ---D | M] - F:\Autoruns -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.10.06 19:30:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ingo\Desktop\OTL.exe
[2013.10.06 15:36:08 | 000,000,000 | ---D | C] -- C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013.10.06 15:35:04 | 000,000,000 | ---D | C] -- C:\Users\Ingo\AppData\Roaming\Dropbox
[2013.10.05 18:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.10.02 21:36:27 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.10.02 20:34:46 | 000,000,000 | ---D | C] -- C:\FRST
[2013.10.01 21:14:50 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013.10.01 19:34:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.10.01 19:30:17 | 000,312,744 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.10.01 19:30:08 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.10.01 19:30:08 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.10.01 19:30:08 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.10.01 19:30:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013.10.01 19:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.10.01 19:15:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.09.28 11:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2013.09.11 22:37:20 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.09.11 22:37:20 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.09.11 22:37:17 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.09.11 22:37:17 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.09.11 22:37:17 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.09.11 22:37:17 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.09.11 22:37:16 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.09.11 22:37:16 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.09.11 22:37:16 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.09.11 22:37:16 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.09.11 22:37:15 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.09.11 22:37:11 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.09.11 22:37:10 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.09.11 22:37:10 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.09.11 22:37:09 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.09.11 20:29:43 | 000,000,000 | ---D | C] -- C:\Users\Ingo\Desktop\Iris
[2013.09.11 20:22:48 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2013.09.11 20:20:10 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.09.11 20:20:09 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.09.11 20:20:08 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.09.11 20:20:07 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013.09.11 20:20:06 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.09.11 20:20:04 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.09.11 20:20:02 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.09.11 20:20:01 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.09.11 20:20:01 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.09.11 20:20:00 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.09.11 20:20:00 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.09.11 20:20:00 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.09.11 20:19:59 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.09.11 20:19:59 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.09.11 20:19:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.09.11 20:19:58 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.09.11 20:19:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.09.11 20:19:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.09.11 20:19:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.09.11 20:19:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.09.11 20:19:56 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.09.11 20:19:52 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.09.11 20:19:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.09.11 20:19:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.09.11 20:19:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.09.11 20:19:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.09.11 20:19:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.09.11 20:19:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.09.11 20:19:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.09.11 20:19:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.09.11 20:19:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.09.11 20:19:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.09.11 20:19:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.09.11 20:19:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.09.11 20:19:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.09.11 20:19:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.09.11 20:19:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.09.11 20:19:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.09.11 20:19:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.09.11 20:19:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.09.11 20:19:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.09.11 20:19:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.09.11 20:19:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.09.11 20:19:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.09.11 20:19:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.09.11 20:19:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.09.11 20:19:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.09.11 20:19:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.09.11 20:19:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.09.11 20:19:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.09.11 20:19:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.09.11 20:19:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.09.11 20:19:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.09.11 20:19:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.09.11 20:19:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.09.11 20:19:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.09.11 20:19:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.09.11 20:19:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.09.11 20:19:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.09.11 20:19:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.09.11 20:19:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.09.11 20:19:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.09.11 20:19:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.09.11 20:19:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.09.11 20:19:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.09.11 20:19:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.09.11 20:19:21 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.09.11 20:19:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.09.11 20:19:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.09.11 20:19:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.09.11 20:19:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.09.11 20:19:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.09.11 20:19:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.09.11 20:19:18 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.09.11 20:19:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.09.11 20:19:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2013.09.11 20:19:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.09.11 20:16:08 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.09.08 14:11:40 | 000,000,000 | ---D | C] -- C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7
[2010.08.30 22:14:15 | 000,703,352 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files (x86)\autoruns.exe
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.10.06 19:32:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3237284612-487690776-1710373329-1001UA.job
[2013.10.06 18:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.10.06 18:44:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.10.06 15:36:33 | 000,001,060 | ---- | M] () -- C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.10.06 13:17:28 | 000,026,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.10.06 13:17:28 | 000,026,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.10.06 13:05:39 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.10.06 13:04:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.10.06 13:04:16 | 3195,211,776 | -HS- | M] () -- C:\hiberfil.sys
[2013.10.06 10:19:33 | 000,076,322 | ---- | M] () -- C:\Users\Ingo\Desktop\SystemExplorerDisab.jpg
[2013.10.05 16:21:46 | 001,622,004 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.10.05 16:21:46 | 000,700,592 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.10.05 16:21:46 | 000,655,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.10.05 16:21:46 | 000,149,356 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.10.05 16:21:46 | 000,122,136 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.10.05 12:32:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3237284612-487690776-1710373329-1001Core.job
[2013.10.03 13:36:22 | 000,042,359 | ---- | M] () -- C:\Users\Ingo\Desktop\Firefox Startseite wiederherstellen (about_config).jpg
[2013.10.02 08:38:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ingo\Desktop\OTL.exe
[2013.10.01 20:21:08 | 000,000,898 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013.10.01 19:29:53 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.10.01 19:29:48 | 000,312,744 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.10.01 19:29:48 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.10.01 19:29:47 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.10.01 19:29:44 | 001,095,080 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013.10.01 19:29:44 | 000,973,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013.10.01 18:45:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.09.29 08:58:17 | 000,007,680 | ---- | M] () -- C:\Users\Ingo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.09.28 11:41:14 | 000,001,274 | ---- | M] () -- C:\Users\Ingo\Desktop\WebCam.lnk
[2013.09.28 11:25:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2013.09.19 19:59:47 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.09.19 19:59:46 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.09.18 19:59:41 | 000,074,253 | ---- | M] () -- C:\Users\Ingo\Desktop\Kleid.jpg
[2013.09.12 19:38:19 | 000,569,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.10.06 15:36:33 | 000,001,060 | ---- | C] () -- C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.10.06 10:19:33 | 000,076,322 | ---- | C] () -- C:\Users\Ingo\Desktop\SystemExplorerDisab.jpg
[2013.10.03 13:36:22 | 000,042,359 | ---- | C] () -- C:\Users\Ingo\Desktop\Firefox Startseite wiederherstellen (about_config).jpg
[2013.10.01 20:11:26 | 000,000,898 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013.09.28 11:41:14 | 000,001,274 | ---- | C] () -- C:\Users\Ingo\Desktop\WebCam.lnk
[2013.09.18 19:59:41 | 000,074,253 | ---- | C] () -- C:\Users\Ingo\Desktop\Kleid.jpg
[2013.07.23 17:02:05 | 000,000,367 | ---- | C] () -- C:\Users\Ingo\Heimnetzgruppe - Verknüpfung.lnk
[2013.04.08 18:33:01 | 000,001,464 | ---- | C] () -- C:\Users\Ingo\AppData\Local\recently-used.xbel
[2012.08.29 21:34:56 | 000,001,011 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.08.29 21:34:56 | 000,000,159 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.08.29 21:34:36 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.08.29 21:34:36 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7840W.DAT
[2012.08.29 21:33:29 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2012.08.29 21:33:29 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.08.29 21:33:29 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.08.29 21:33:22 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012.08.29 21:33:10 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012.04.19 20:45:46 | 000,000,000 | ---- | C] () -- C:\Users\Ingo\mm_backup.cfg
[2012.03.22 19:36:17 | 000,007,250 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2012.03.21 21:29:59 | 000,038,194 | ---- | C] () -- C:\Windows\Irremote.ini
[2012.03.21 21:29:33 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.03.21 21:29:32 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.03.21 21:29:07 | 000,142,337 | ---- | C] () -- C:\Windows\SysWow64\Wait.exe
[2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012.01.04 13:28:18 | 000,000,030 | ---- | C] () -- C:\Windows\Iedit_.INI
[2011.07.31 14:21:53 | 000,004,096 | -H-- | C] () -- C:\Users\Ingo\AppData\Local\keyfile3.drm
[2011.05.21 23:10:58 | 000,000,017 | ---- | C] () -- C:\Users\Ingo\AppData\Local\resmon.resmoncfg
[2011.03.21 19:41:21 | 000,001,854 | ---- | C] () -- C:\Users\Ingo\AppData\Roaming\GhostObjGAFix.xml
[2011.02.12 21:11:50 | 000,001,478 | ---- | C] () -- C:\Users\Ingo\AppData\Local\RecConfig.xml
[2010.10.11 20:41:15 | 000,007,680 | ---- | C] () -- C:\Users\Ingo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.25 21:23:01 | 000,000,970 | ---- | C] () -- C:\Users\Ingo\Windows-EasyTransfer.lnk
[2010.08.25 21:23:01 | 000,000,758 | ---- | C] () -- C:\Users\Ingo\autorun.inf
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:D282699C
@Alternate Data Stream - 128 bytes -> C:\Windows:nlsPreferences

< End of report >
         
--- --- ---


Danke und schöne Grüße,
imebro

Alt 06.10.2013, 19:08   #14
imebro
 
Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab - Standard

Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab



Logfile 2:

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 06.10.2013 19:31:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ingo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 36,15% Memory free
7,93 Gb Paging File | 5,02 Gb Available in Paging File | 63,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 125,46 Gb Total Space | 48,73 Gb Free Space | 38,84% Space Free | Partition Type: NTFS
Drive D: | 88,36 Gb Total Space | 77,89 Gb Free Space | 88,15% Space Free | Partition Type: NTFS
Drive F: | 19,53 Gb Total Space | 6,90 Gb Free Space | 35,33% Space Free | Partition Type: NTFS
Drive G: | 37,11 Gb Total Space | 11,07 Gb Free Space | 29,84% Space Free | Partition Type: NTFS
Drive H: | 14,67 Gb Total Space | 7,92 Gb Free Space | 54,01% Space Free | Partition Type: NTFS
Drive X: | 12,76 Gb Total Space | 2,13 Gb Free Space | 16,69% Space Free | Partition Type: NTFS
 
Computer Name: INGOS-LAPTOP | User Name: Ingo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "D:\Programme\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "D:\Programme\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06366168-DAD6-4C6E-80FA-1E89689AA882}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{074EBFF9-35EB-4B11-BBA0-64EF42217D8C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{198F806B-9732-4A0C-BBB9-591C612A0501}" = lport=138 | protocol=17 | dir=in | app=system | 
"{1A757C14-7185-4B2D-BA6E-ECDA2F88F7FF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1A809390-A4C9-4A7A-93C1-17A5C6337459}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4D303C6E-7A3E-4DC8-A2A9-8FE28D63F765}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4F2E3E09-1F18-43EE-A626-00E28E92A86E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{64F5D961-8FAC-46C6-ACD1-051FD2E398D8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6581DF9B-4339-4CC9-AEEC-D672163FDD37}" = lport=137 | protocol=17 | dir=in | app=system | 
"{680346CE-C737-4A84-A89C-DB6FF8A73D16}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{71904ABB-BC06-4068-A237-343BDC0E7823}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{719B96B4-4512-4241-8F59-6BB5F58456B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7B52DB5C-CE39-4579-B2C6-E7DB474E3A2F}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
"{7D07B51A-1BE5-44EE-8407-96A372139024}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{815AAF9C-92C9-444D-802A-E53D5B9AE7B4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{84EBC75B-FD34-4F56-AE70-6016D37C1E3C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{855154D1-96DF-498E-BBFA-6C34DCCC42F8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{85FD5620-8316-4E67-8985-416BD3F308C6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{87B119B7-1FE6-4F1A-B4A7-6777BABE365E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8AA6527B-6FB4-49CB-ADC5-F89E49AA1F1D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{9B040E42-784C-4209-9EFB-269C1C44CC8A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A84FE5C1-184A-4B26-9134-396A75848214}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A850FF5C-B389-4C76-AA8F-469E840F3FB7}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B33F91B8-7279-47C0-B1EC-D39627A35FC7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B5B9E1D6-BE5F-4B62-9B8D-E863C9B954A7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BAC23F8D-6981-4406-BBCC-C137E3F50017}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BD5FC5E2-84FC-4C40-8ED2-7919FA3C2160}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{C43F2715-742C-46C3-8856-C36FFBB1169E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{CCAA4026-37E8-4A17-97B0-E152346C3490}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D0B6277F-C631-4EB8-8A6C-07E540B6823F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D36D9AC0-B95D-4C37-A17C-F3CE6574B49C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{E3142ADE-C50A-490A-B81F-FC6C986C6EB0}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E93FED5E-49AC-403B-A8E1-D571E161D9FE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EDA8D151-7095-40B7-8222-9862A21E8B06}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{F54CD8E5-7C90-4B7A-AAC9-76073BDD10A6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FBD8D561-E344-483F-B904-4C0F181F03DA}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02A46836-0FF8-440A-A33F-8C07E501284E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{09ECBB24-5D36-4837-95E5-65B0FE9AEF42}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{0EC56A15-79C2-4D62-AC51-2D6F4A13E8A2}" = protocol=6 | dir=in | app=f:\treiber mfc-7840w\mflpro\data\disk1\setup.exe | 
"{21574E57-7113-4A3B-9C64-9B825A57AF7C}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{23B71276-1738-4640-A054-3E47D42B7754}" = protocol=6 | dir=in | app=f:\dhcp-server\dhcpsrv.exe | 
"{2C14D968-CAAF-4E68-B6B2-DC2CEB4502B6}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{31563EB8-10C4-4E11-9468-B174E506EC66}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe | 
"{4195E1BB-9224-4421-9517-21E0EB3D981E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{43F84C40-C6A4-4F9A-834B-1EA35F20F66E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4B086F20-0C84-417F-BE1B-35F627C99949}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{4B68C902-ABE4-4C9F-9E7F-04AFC73E0BF8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4C168F4B-9088-4825-B4CA-E229242A78D0}" = protocol=17 | dir=in | app=f:\dhcp-server\dhcpsrv.exe | 
"{5276215A-A624-42A8-9280-26F2F685852D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{58567428-1EB4-47A0-BA6B-3A6CCEB66D48}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{58CF6643-98BF-4688-9983-C08A5D28ECF9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{58F1A695-F09E-4C88-ADE6-A004444001B0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5F24F9EA-0A09-4309-9CB4-B2B71506EDD1}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl07b\faxrx.exe | 
"{7076A16A-28A6-4750-AA4E-2B27A7593EF4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{74999CFD-76D8-486D-A511-5C90F74AA5C9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{779D3E59-398A-4481-888C-14801DD84E70}" = protocol=17 | dir=in | app=c:\windows\syswow64\rserver30\rserver3.exe | 
"{7BFD4E40-8B54-4AB6-A6DF-C24D34A8E0C3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd9\powerdvd9.exe | 
"{8115DC36-7184-4043-8814-9B36BF45B0E7}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl07b\faxrx.exe | 
"{842D286C-D1E2-480D-BEF5-022C1575C223}" = protocol=17 | dir=in | app=f:\dhcp-server\dhcpsrv.exe | 
"{89BED5BC-A0BB-412E-B764-FBA8F732500E}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{8A56E43D-4C9D-4274-B77F-F5E6C201F0AA}" = protocol=6 | dir=in | app=c:\users\ingo\appdata\roaming\dropbox\bin\dropbox.exe | 
"{8AB8F995-1D76-4F3E-8703-E52B9C3F06D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8D5802AF-899C-4A8D-893E-E3A59823DCE8}" = protocol=6 | dir=in | app=f:\dhcp-server\dhcpsrv.exe | 
"{972A8B14-A4AB-48DA-9B0C-003F966428FC}" = protocol=17 | dir=in | app=f:\dhcp-server\dhcpsrv.exe | 
"{9CE5C5AF-114F-4B57-8775-3D4E31D17447}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9EC1A2CD-FA3B-4B09-9102-06104F9931D4}" = protocol=6 | dir=in | app=c:\windows\syswow64\rserver30\rserver3.exe | 
"{A8C2632C-F5E5-4378-9A11-7FF730550C41}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{AC695EE5-7B41-424B-8A94-FF4E4B6551D4}" = protocol=17 | dir=in | app=c:\users\ingo\appdata\roaming\dropbox\bin\dropbox.exe | 
"{AF536ACB-6A67-4E74-9E26-60939810B411}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B89777F6-9450-4D3D-B312-09D7CBFD9F0B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B91BCEEA-2D90-4160-9CAA-0929E42F9935}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BC33EE4C-1B97-423F-B5CD-BBA6AA15C243}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BEDD31F8-E2FD-4CF5-8BA7-916CE18E4FC1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C26AB08B-7AC8-4F52-BFB7-4EC575FAC0BC}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{C97F0BE4-4BEC-4276-BDFE-AC9B013850D8}" = protocol=17 | dir=in | app=f:\treiber mfc-7840w\mflpro\data\disk1\setup.exe | 
"{CA884448-E191-474F-AD4F-8D21B0B3DA7C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CAB335AC-1636-4F6A-8111-C647C584855E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CDAF3765-266B-4861-8AD2-4CF232EEC860}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe | 
"{D22E2EDA-4D5C-42A5-B64D-BB007AB36609}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{D775D469-94D4-423B-B6F0-0867D7D644AC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D8A039E8-0219-4E17-BFB0-2314775F69F7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D9EB1BFE-6404-402F-BDA6-053018ABEDEB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E864882B-FD90-4116-B531-091CB86AB4B3}" = protocol=6 | dir=in | app=f:\dhcp-server\dhcpsrv.exe | 
"{F5AA5E7D-D1D7-4F8A-9864-B7A1B0A5EE9B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F61DA2C0-BED1-4003-B3D8-91D15CF7DD75}" = protocol=6 | dir=out | app=system | 
"{FB27B6A7-B83D-47C9-A165-126BCFD5E43B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FCC5CDC6-DA1A-4B05-849B-0121CCA67D80}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe | 
"TCP Query User{06903B51-649C-4BAE-9FDB-D7F1B86E39F8}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{388D31BC-FB58-4168-90DC-4C0F0D0298DF}C:\program files (x86)\brother\brmfl07b\faxrx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl07b\faxrx.exe | 
"TCP Query User{392AA1D8-1F5D-4010-865C-8BD64D0E6B5F}D:\programme\screamer radio\screamer.exe" = protocol=6 | dir=in | app=d:\programme\screamer radio\screamer.exe | 
"TCP Query User{393F8C24-8EE9-4A86-AB24-F5C6CD94AE93}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{3EAAE2DF-F5E1-4726-B55D-7419A2F0AFDC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{676136DA-377E-4D29-BDC6-D466BB8730F5}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{699FBCAB-CA15-451A-813E-788726B67BDF}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{724A27DB-0209-4DCC-B710-834245DAB3BF}D:\programme\screamer radio\screamer.exe" = protocol=6 | dir=in | app=d:\programme\screamer radio\screamer.exe | 
"TCP Query User{76434226-4834-4650-A537-BB2E161E1037}D:\programme\atube catcher 2.0\yct.exe" = protocol=6 | dir=in | app=d:\programme\atube catcher 2.0\yct.exe | 
"TCP Query User{8951CB7F-CFE3-499B-847B-BAE19102E85B}C:\users\gast\appdata\roaming\icq\application\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\users\gast\appdata\roaming\icq\application\icq7.2\icq.exe | 
"TCP Query User{958B0B1B-F7AF-4442-8773-1273D7A84B96}C:\users\gast\appdata\roaming\icq\application\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\users\gast\appdata\roaming\icq\application\icq7.2\icq.exe | 
"TCP Query User{98BD4E89-938A-4DCD-A157-DE3E9A86ECE3}C:\program files (x86)\microsoft office\office14\groove.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"TCP Query User{A416389E-8594-403A-9EA4-8BCD84DCA489}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"TCP Query User{FE8081C6-8873-41FC-8351-85D416B939DE}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"UDP Query User{0D7811D9-4DA4-443F-B9D1-1B8A76702A16}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"UDP Query User{2326E0AD-E1D7-4027-80ED-32E79D049D4C}C:\program files (x86)\microsoft office\office14\groove.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"UDP Query User{2B868334-FF07-4643-ACB9-18FF68A9E3DC}C:\users\gast\appdata\roaming\icq\application\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\users\gast\appdata\roaming\icq\application\icq7.2\icq.exe | 
"UDP Query User{2D816D3E-67DA-49FA-86E0-1F9FDE98F329}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{458F9C4E-517C-4B70-882C-969F08AA0F47}D:\programme\atube catcher 2.0\yct.exe" = protocol=17 | dir=in | app=d:\programme\atube catcher 2.0\yct.exe | 
"UDP Query User{506E0B3F-1E27-448C-9CB7-E59AD4D81F9F}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{6F3FB105-6EBC-42A3-83F4-D7AB7369AA5A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{9445C9C5-DC66-40E2-87C5-885C34551EFD}D:\programme\screamer radio\screamer.exe" = protocol=17 | dir=in | app=d:\programme\screamer radio\screamer.exe | 
"UDP Query User{964F3624-B37B-4042-8608-0FFD4B1ACAE3}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"UDP Query User{A17F91D2-1D08-4E4A-AA3D-BE00FF61A687}D:\programme\screamer radio\screamer.exe" = protocol=17 | dir=in | app=d:\programme\screamer radio\screamer.exe | 
"UDP Query User{A990BA79-211C-4ADA-8BAA-E53FCFF9C758}C:\users\gast\appdata\roaming\icq\application\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\users\gast\appdata\roaming\icq\application\icq7.2\icq.exe | 
"UDP Query User{BEEFE771-D8DC-4EBA-AFA2-3A12FBD8BD85}C:\program files (x86)\brother\brmfl07b\faxrx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl07b\faxrx.exe | 
"UDP Query User{C1820C29-D326-4241-ADEE-AC9D480CA1E8}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{E94E6F64-9F15-410E-9307-721056A868DD}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU 
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{21ee2cf4-b39a-4456-9137-345405891e36}.sdb" = Meine Ausnahmen
"{23170F69-40C1-2702-0930-000001000000}" = 7-Zip 9.30 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417040FF}" = Java 7 Update 40 (64-bit)
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi-Software
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7F2E5C3B-DBDF-469D-AD8D-F686D3B71176}" = Debugging Tools for Windows (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU 
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.1.34
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D86BF639-AFA1-462A-AB44-593F71A4D7E2}" = O&O SafeErase
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
"Defraggler" = Defraggler
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"GIMP-2_is1" = GIMP 2.8.4
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"MediaCoder x64" = MediaCoder x64 0.8.17
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"ProInst" = Intel PROSet Wireless
"REAPER" = REAPER (x64)
"Recuva" = Recuva
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SpeedCommander 13 (x64)" = SpeedCommander 13 (x64)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeraCopy_is1" = TeraCopy 2.27
"Unlocker" = Unlocker 1.9.0-x64
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A07E5D2-DAFB-42A9-8927-05C5F8E35F1A}" = Serif PagePlus 11
"{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}" = Microsoft Application Compatibility Toolkit 5.6
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{1C943495-B69F-4D41-AE0E-23C57ECD90EE}" = Debugging Tools for Windows
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2517B7EA-6C03-4D86-A1B1-F3FE1C3BC03B}" = Radmin Viewer 3.4
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 25
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D4FEB69-2D56-42FA-9854-B47C53B398A3}_is1" = Serif PagePlus 11 - Installer
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{409ECFF1-9CC7-43A8-B28A-B7F0B7CB04D1}_is1" = Classic Menu 3.x for Office 2007
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite MFC-7840W
"{48BCA9A6-1D2A-4E4B-BB55-F82A888CE344}" = Garmin POI Loader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55718B4B90B54F7EADC5621C750A14E6}" = DivX Author 1.5
"{5979B77A-9AE6-4E75-AED8-283C5E16C02D}_is1" = Backup Service Home 3.4.4.1
"{5B5A4F65-E053-4F25-0001-73D921B41131}" = QuickConvert Video
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AA4C799-BF98-4573-9C83-0C8E4EA46D14}" = Manual CanoScan LiDE 35
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BF1780B-36EA-432B-9451-DD84FF5C9D52}" = Radmin Server 3.1
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D3C6846-CDB6-418F-8FDB-DA21FE064F86}" = YAMAHA Musicsoft Downloader 5
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{751F6A0B-FDEC-47B6-B45D-7A1AE742A87A}" = SlimDrivers
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{96A9A1C8-FBAD-4703-ABF1-E93AA8FE85A0}_is1" = Artweaver Free 3.0
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A7595B3A-6EB9-46BA-AB80-E020963D30C3}" = AquaSoft SnapTip
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AA2E6BFE-4351-481C-A720-47CB3506570B}" = ACDSee 8
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.10.29
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AD80049E-8CB4-4794-BF58-4A2834CFD37C}" = PureSync
"{AEB61F7A-4BBA-4292-A096-7893E09034A4}" = Steuer-Spar-Erklärung 2013
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2012 Free
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCB71FF8-DE82-469C-8641-44378F4443EB}" = Garmin WebUpdater
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU 
"{D3FD74FE-BF2C-46E3-B708-8FBF535364A1}" = tango solo
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E948B551-08DB-4163-8995-8C43B03D1B19}" = maxdome Download Manager 4.1.300.78
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF2A5498-4EFE-430F-A138-7EB365DBEBAD}" = Adobe Shockwave Player 11.6
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU 
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Adress Little 2.0_is1" = Adress Little 2.0
"Any Video Converter_is1" = Any Video Converter 3.0.7
"Ashampoo Burning Studio 2013_is1" = Ashampoo Burning Studio 2013 v.11.0.5
"aTube Catcher" = aTube Catcher
"Audacity_is1" = Audacity 2.0.3
"avast" = avast! Free Antivirus
"Biet-O-Matic v2.14.6" = Biet-O-Matic v2.14.6
"Clipdiary" = Clipdiary 1.4
"Clover" = Clover 3.0
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DivX Setup.divx.com" = DivX-Setup
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Corporate Edition_is1" = EVEREST Corporate Edition v5.02
"Exifer_is1" = Exifer
"FormatFactory" = FormatFactory 2.60
"Fotosizer" = Fotosizer 1.37
"Foxit Reader_is1" = Foxit Reader
"Free CD Ripper_is1" = Free CD Ripper V2.0
"Free FLV Converter_is1" = Free FLV Converter V 6.92.0
"Free Video to JPG Converter_is1" = Free Video to JPG Converter version 5.0.21.1212
"Free Word/Doc Txt to Image Jpg/Jpeg Bmp Tiff Png~F15BC2F8_is1" = Free Word/Doc Txt to Image Jpg/Jpeg Bmp Tiff Png Converter 5.6
"Free YouTube Download_is1" = Free YouTube Download version 3.0.18.1123
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"FreePDF_XP" = FreePDF (Remove only)
"Glary Registry Repair_is1" = Glary Registry Repair 3.3.0.852
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"IrfanView" = IrfanView (remove only)
"KaloMa_is1" = KaloMa 4.72
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.22
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MediaCoder x64" = MediaCoder x64 0.7.3.4685
"Mozilla Firefox 24.0 (x86 de)" = Mozilla Firefox 24.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.55a
"MWSnap 3" = MWSnap 3
"No23 Recorder" = No23 Recorder
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Personal Backup 5_is1" = Personal Backup 5.4
"Prism" = Prism Videodatei-Konverter
"ProInst" = Intel PROSet Wireless
"PureSync" = PureSync 3.7.6
"Revo Uninstaller" = Revo Uninstaller 1.92
"Scribus 1.4.1" = Scribus 1.4.1
"Secunia PSI" = Secunia PSI (2.0.0.3001)
"SopCast" = SopCast 3.5.0
"SuperMailer_is1" = SuperMailer 5.71
"System Explorer_is1" = System Explorer 3.9.0
"UltraSearch_is1" = UltraSearch V1.7.1
"Uninstall_is1" = Uninstall 1.0.0.1
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 2.1.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winmail Opener" = Winmail Opener 1.4
"WinMend Folder Hidden_is1" = WinMend Folder Hidden 1.4.1
"Wise Registry Cleaner_is1" = Wise Registry Cleaner Free 5.72
"WOW Slider_is1" = WOW Slider
"xampp" = XAMPP 1.7.7
"Xenu's Link Sleuth" = Xenu's Link Sleuth
"Yahoo! Messenger" = Yahoo! Messenger
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AquaSoft SnapTip" = AquaSoft SnapTip
"Dropbox" = Dropbox
"FileZilla Client" = FileZilla Client 3.7.3
"Google Chrome" = Google Chrome
"PhotoFiltre 7" = PhotoFiltre 7
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.10.2013 04:19:46 | Computer Name = Ingos-Laptop | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Ingo\Desktop\Trojanerboard
 Hilfen\esetsmartinstaller_enu.exe". Fehler in  Manifest- oder Richtliniendatei ""
 in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 03.10.2013 04:24:53 | Computer Name = Ingos-Laptop | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Ingo\Desktop\Trojanerboard
 Hilfen\esetsmartinstaller_enu.exe". Fehler in  Manifest- oder Richtliniendatei ""
 in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 03.10.2013 06:52:25 | Computer Name = Ingos-Laptop | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 03.10.2013 07:02:11 | Computer Name = Ingos-Laptop | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Ingo\Desktop\Trojanerboard
 Hilfen\esetsmartinstaller_enu.exe". Fehler in  Manifest- oder Richtliniendatei ""
 in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 03.10.2013 07:23:43 | Computer Name = Ingos-Laptop | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Ingo\Desktop\Wartung\Trojanerboard
 Hilfen\esetsmartinstaller_enu.exe". Fehler in  Manifest- oder Richtliniendatei ""
 in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 04.10.2013 16:14:57 | Computer Name = Ingos-Laptop | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Ingo\Desktop\Wartung\Trojanerboard
 Hilfen\esetsmartinstaller_enu.exe". Fehler in  Manifest- oder Richtliniendatei ""
 in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 05.10.2013 05:06:51 | Computer Name = Ingos-Laptop | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Ingo\Desktop\Wartung\Trojanerboard
 Hilfen\esetsmartinstaller_enu.exe". Fehler in  Manifest- oder Richtliniendatei ""
 in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 05.10.2013 11:29:53 | Computer Name = Ingos-Laptop | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Ingo\Desktop\Wartung\Trojanerboard
 Hilfen\esetsmartinstaller_enu.exe". Fehler in  Manifest- oder Richtliniendatei ""
 in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 06.10.2013 09:37:38 | Computer Name = Ingos-Laptop | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Windows-Explorer" konnte nicht heruntergefahren
 werden.
 
Error - 06.10.2013 13:30:21 | Computer Name = Ingos-Laptop | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Ingo\Desktop\Wartung\Trojanerboard
 Hilfen\esetsmartinstaller_enu.exe". Fehler in  Manifest- oder Richtliniendatei ""
 in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ Backup Service Home Events ]
Error - 06.12.2012 12:47:04 | Computer Name = Ingos-Laptop | Source = BackupServiceHome | ID = 7
Description = "G:\Personal-Backup-Ingo\LwC\Users\Ingo\Desktop\WEB\Websitebaker (WFP)\WBPortable_2.8.3_(Rev.1638)_DE
 - Version 3.6.12\htdocs\wbdemo\modules\fckeditor\fckeditor\editor\filemanager\browser\default\images\icons\cs.gif"
 wurde aufgrund Problem (Der angegebene Pfad und/oder Dateiname ist zu lang. Der
 vollständig qualifizierte Dateiname muss kürzer als 260 Zeichen und der Pfadname
 kürzer als 248 Zeichen sein.) nicht gesichert.
 
Error - 06.12.2012 12:47:04 | Computer Name = Ingos-Laptop | Source = BackupServiceHome | ID = 7
Description = "G:\Personal-Backup-Ingo\LwC\Users\Ingo\Desktop\WEB\Websitebaker (WFP)\WBPortable_2.8.3_(Rev.1638)_DE
 - Version 3.6.12\htdocs\wbdemo\modules\fckeditor\fckeditor\editor\filemanager\browser\default\images\icons\js.gif"
 wurde aufgrund Problem (Der angegebene Pfad und/oder Dateiname ist zu lang. Der
 vollständig qualifizierte Dateiname muss kürzer als 260 Zeichen und der Pfadname
 kürzer als 248 Zeichen sein.) nicht gesichert.
 
Error - 06.12.2012 12:47:05 | Computer Name = Ingos-Laptop | Source = BackupServiceHome | ID = 39
Description = "G:\Personal-Backup-Ingo\LwC\Users\Ingo\Desktop\WEB\Websitebaker (WFP)\WBPortable_2.8.3_(Rev.1638)_DE
 - Version 3.6.12\htdocs\wbdemo\temp\compiled\J-\WBPortable_2.8.3_(Rev.1638)_DE 
- Version 13.5.12\htdocs\wbdemo\modules\flex_table\htt\backend.body.htt.d17.php.gz"
 konnte nicht in die Sicherung aufgenommen werden. Die Dateiattribute konnten nicht
 ausgelesen werden (Der angegebene Pfad und/oder Dateiname ist zu lang. Der vollständig
 qualifizierte Dateiname muss kürzer als 260 Zeichen und der Pfadname kürzer als
 248 Zeichen sein.).
 
Error - 06.12.2012 12:47:05 | Computer Name = Ingos-Laptop | Source = BackupServiceHome | ID = 39
Description = "G:\Personal-Backup-Ingo\LwC\Users\Ingo\Desktop\WEB\Websitebaker (WFP)\WBPortable_2.8.3_(Rev.1638)_DE
 - Version 3.6.12\htdocs\wbdemo\temp\compiled\J-\WBPortable_2.8.3_(Rev.1638)_DE 
- Version 13.5.12\htdocs\wbdemo\modules\flex_table\htt\backend.table.edit.htt.d17.php.gz"
 konnte nicht in die Sicherung aufgenommen werden. Die Dateiattribute konnten nicht
 ausgelesen werden (Der angegebene Pfad und/oder Dateiname ist zu lang. Der vollständig
 qualifizierte Dateiname muss kürzer als 260 Zeichen und der Pfadname kürzer als
 248 Zeichen sein.).
 
Error - 06.12.2012 12:47:05 | Computer Name = Ingos-Laptop | Source = BackupServiceHome | ID = 39
Description = "G:\Personal-Backup-Ingo\LwC\Users\Ingo\Desktop\WEB\Websitebaker (WFP)\WBPortable_2.8.3_(Rev.1638)_DE
 - Version 3.6.12\htdocs\wbdemo\temp\compiled\J-\WBPortable_2.8.3_(Rev.1638)_DE 
- Version 13.5.12\htdocs\wbdemo\modules\flex_table\htt\backend.table.list.htt.d17.php.gz"
 konnte nicht in die Sicherung aufgenommen werden. Die Dateiattribute konnten nicht
 ausgelesen werden (Der angegebene Pfad und/oder Dateiname ist zu lang. Der vollständig
 qualifizierte Dateiname muss kürzer als 260 Zeichen und der Pfadname kürzer als
 248 Zeichen sein.).
 
Error - 06.12.2012 12:47:05 | Computer Name = Ingos-Laptop | Source = BackupServiceHome | ID = 39
Description = "G:\Personal-Backup-Ingo\LwC\Users\Ingo\Desktop\WEB\Websitebaker (WFP)\WBPortable_2.8.3_(Rev.1638)_DE
 - Version 3.6.12\htdocs\wbdemo\temp\compiled\J-\WBPortable_2.8.3_(Rev.1638)_DE 
- Version 15.5.12\htdocs\wbdemo\modules\flex_table\htt\1\DE\error.htt.d17.php.gz"
 konnte nicht in die Sicherung aufgenommen werden. Die Dateiattribute konnten nicht
 ausgelesen werden (Der angegebene Pfad und/oder Dateiname ist zu lang. Der vollständig
 qualifizierte Dateiname muss kürzer als 260 Zeichen und der Pfadname kürzer als
 248 Zeichen sein.).
 
Error - 06.12.2012 12:47:08 | Computer Name = Ingos-Laptop | Source = BackupServiceHome | ID = 39
Description = "G:\Personal-Backup-Ingo\LwC\Users\Ingo\Desktop\WEB\Websitebaker (WFP)\WBPortable_2.8.3_(Rev.1638)_DE
 - Version 31.5.12\htdocs\wbdemo\temp\compiled\J-\WBPortable_2.8.3_(Rev.1638)_DE
 - Version 13.5.12\htdocs\wbdemo\modules\flex_table\htt\backend.body.htt.d17.php.gz"
 konnte nicht in die Sicherung aufgenommen werden. Die Dateiattribute konnten nicht
 ausgelesen werden (Der angegebene Pfad und/oder Dateiname ist zu lang. Der vollständig
 qualifizierte Dateiname muss kürzer als 260 Zeichen und der Pfadname kürzer als
 248 Zeichen sein.).
 
Error - 06.12.2012 12:47:08 | Computer Name = Ingos-Laptop | Source = BackupServiceHome | ID = 39
Description = "G:\Personal-Backup-Ingo\LwC\Users\Ingo\Desktop\WEB\Websitebaker (WFP)\WBPortable_2.8.3_(Rev.1638)_DE
 - Version 31.5.12\htdocs\wbdemo\temp\compiled\J-\WBPortable_2.8.3_(Rev.1638)_DE
 - Version 13.5.12\htdocs\wbdemo\modules\flex_table\htt\backend.table.edit.htt.d17.php.gz"
 konnte nicht in die Sicherung aufgenommen werden. Die Dateiattribute konnten nicht
 ausgelesen werden (Der angegebene Pfad und/oder Dateiname ist zu lang. Der vollständig
 qualifizierte Dateiname muss kürzer als 260 Zeichen und der Pfadname kürzer als
 248 Zeichen sein.).
 
Error - 06.12.2012 12:47:08 | Computer Name = Ingos-Laptop | Source = BackupServiceHome | ID = 39
Description = "G:\Personal-Backup-Ingo\LwC\Users\Ingo\Desktop\WEB\Websitebaker (WFP)\WBPortable_2.8.3_(Rev.1638)_DE
 - Version 31.5.12\htdocs\wbdemo\temp\compiled\J-\WBPortable_2.8.3_(Rev.1638)_DE
 - Version 13.5.12\htdocs\wbdemo\modules\flex_table\htt\backend.table.list.htt.d17.php.gz"
 konnte nicht in die Sicherung aufgenommen werden. Die Dateiattribute konnten nicht
 ausgelesen werden (Der angegebene Pfad und/oder Dateiname ist zu lang. Der vollständig
 qualifizierte Dateiname muss kürzer als 260 Zeichen und der Pfadname kürzer als
 248 Zeichen sein.).
 
Error - 06.12.2012 12:47:08 | Computer Name = Ingos-Laptop | Source = BackupServiceHome | ID = 39
Description = "G:\Personal-Backup-Ingo\LwC\Users\Ingo\Desktop\WEB\Websitebaker (WFP)\WBPortable_2.8.3_(Rev.1638)_DE
 - Version 31.5.12\htdocs\wbdemo\temp\compiled\J-\WBPortable_2.8.3_(Rev.1638)_DE
 - Version 15.5.12\htdocs\wbdemo\modules\flex_table\htt\1\DE\error.htt.d17.php.gz"
 konnte nicht in die Sicherung aufgenommen werden. Die Dateiattribute konnten nicht
 ausgelesen werden (Der angegebene Pfad und/oder Dateiname ist zu lang. Der vollständig
 qualifizierte Dateiname muss kürzer als 260 Zeichen und der Pfadname kürzer als
 248 Zeichen sein.).
 
[ Hewlett-Packard Events ]
Error - 04.10.2010 14:07:05 | Computer Name = Ingos-Laptop | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101004080701.xml
 File not created by asset agent
 
Error - 02.01.2011 08:35:30 | Computer Name = Ingos-Laptop | Source = Hewlett-Packard | ID = 0
Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
HP.ActiveSupportLibrary

   bei HP.ActiveSupportLibrary.Issues.HPSFSession.?() 
 
Error - 24.01.2011 12:23:37 | Computer Name = Ingos-Laptop | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011124052334.xml
 File not created by asset agent
 
Error - 21.03.2011 13:41:20 | Computer Name = Ingos-Laptop | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031121064116.xml
 File not created by asset agent
 
Error - 21.03.2011 13:41:23 | Computer Name = Ingos-Laptop | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031121064120.xml
 File not created by asset agent
 
Error - 21.03.2011 13:45:28 | Computer Name = Ingos-Laptop | Source = Hewlett-Packard | ID = 0
Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
HP.ActiveSupportLibrary

   bei HP.ActiveSupportLibrary.Issues.HPSFSession.?() 
 
Error - 11.04.2011 11:53:02 | Computer Name = Ingos-Laptop | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041111055259.xml
 File not created by asset agent
 
[ System Events ]
Error - 04.10.2013 13:39:16 | Computer Name = Ingos-Laptop | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Search" wurde nicht richtig gestartet.
 
Error - 04.10.2013 13:43:59 | Computer Name = Ingos-Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597
 (Definition 1.159.1395.0)
 
Error - 05.10.2013 04:08:17 | Computer Name = Ingos-Laptop | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
 
Error - 05.10.2013 05:07:50 | Computer Name = Ingos-Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 05.10.2013 06:49:05 | Computer Name = Ingos-Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 06.10.2013 03:16:12 | Computer Name = Ingos-Laptop | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
 
 
< End of report >
         
--- --- ---


Danke und schöne Grüsse,
imebro

Alt 07.10.2013, 09:33   #15
schrauber
/// the machine
/// TB-Ausbilder
 

Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab - Standard

Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
O4 - Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled [2013.10.04 22:15:38 | 000,000,000 | ---D | M]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab
4d36e972-e325-11ce-bfc1-08002be10318, adw-cleaner, antivirus, appdatalow, avast, bingbar, browser, converter, cpu-z, defender, desktop, flash player, installation, internet explorer, monitor, mp3, plugin, preferences, programm, pup.optional.hdvidcodec.a, pup.optional.iminent, pup.optional.iminent.a, pup.optional.sweetim.a, registrierungsdatenbank, registry, secunia psi, security, svchost.exe, vista, windows 7 64-bit



Ähnliche Themen: Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab


  1. Firefox Neue Tabs werden als resource://jid1-g80ec8llebk5fq-at-jetpack/newtab/data/newtab.html geöffnet
    Log-Analyse und Auswertung - 10.11.2015 (13)
  2. resource://jid1-g80ec8llebk5fq-at-jetpack/newtab/data/newtab.html entfernen aus Firefox geht nicht
    Plagegeister aller Art und deren Bekämpfung - 30.09.2015 (9)
  3. Neuerdings erscheint folgende Meldung: chrome-extension://nafaimnnclfjfedmmabolbppcngeolgf/newtab/newtab-hp.html
    Plagegeister aller Art und deren Bekämpfung - 16.03.2015 (7)
  4. Quick Start NewTab Virus in Chrome
    Plagegeister aller Art und deren Bekämpfung - 18.07.2014 (24)
  5. "Lightning Newtab" entfernen
    Anleitungen, FAQs & Links - 25.06.2014 (2)
  6. "Quick Start NewTab" entfernen
    Plagegeister aller Art und deren Bekämpfung - 23.04.2014 (14)
  7. Quick Start NewTab und mehr?
    Log-Analyse und Auswertung - 31.03.2014 (22)
  8. browser.newtab.url ändert sich selbstständig auf "search.conduit.com"
    Plagegeister aller Art und deren Bekämpfung - 26.02.2014 (13)
  9. "Quick Start NewTab" entfernen
    Anleitungen, FAQs & Links - 18.02.2014 (2)
  10. Browser: Suchmaschine und "Start" / "Neuer Tab" - Seite und kurze Hintergrundprogramme
    Log-Analyse und Auswertung - 05.01.2014 (11)
  11. Windows XP Nach Installation von HP Player immer zwei Startseiten beim Öffnen von Google chrome "start.iminent.com" und "Search gol"
    Log-Analyse und Auswertung - 08.10.2013 (5)
  12. Windows Vista, Firefox, "http://www.searchnu.com/406?tag=newtab"
    Plagegeister aller Art und deren Bekämpfung - 26.03.2013 (17)
  13. http://www.searchnu.com/406?tag=newtab als Startseite
    Log-Analyse und Auswertung - 13.12.2012 (15)
  14. http://www.searchnu.com/413?tag=newtab nac Inst. einiger Freeware für Filme
    Plagegeister aller Art und deren Bekämpfung - 11.08.2012 (9)
  15. Problem mit http://www.searchnu.com/413?tag=newtab
    Plagegeister aller Art und deren Bekämpfung - 20.04.2012 (1)
  16. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)

Zum Thema Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab - Hallo, gestern Abend wollte ich mir das Fußballspiel Dortmund : Marseille anschauen. Der Livestream startete nicht sofort... man mußte zunächst ein Programm installieren. Das habe ich getan und das war - Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab...
Archiv
Du betrachtest: Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.