| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virus! Entfernung von rvzr-a.akamaihd.netWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.01.2014, 21:31
| #1 |
| |  Virus! Entfernung von rvzr-a.akamaihd.net Guten Abend, auch ich bin mit dem "rvzr-a.akamaihd.net" seit Dezember dabei. Ich hatte mir eine Camerasoftware für Foscam herunter geladen, dann gings los. Kann mir jemand beim Entfernen behilflich sein? Alle Versuch da etwas selbst zu machen scheiterten bisher. Das ist echt nervig und solange der "rvzr-a.akamaihd.net" aktive ist kann ich kein banking machen. Was mir aufgefallen ist, der "rvzr-a.akamaihd.net" mag auch diese Seite nicht so gerne!! Gruß Jochen |
|
09.01.2014, 22:02
| #2 |
| /// the machine /// TB-Ausbilder    | Virus! Entfernung von rvzr-a.akamaihd.net hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
10.01.2014, 08:15
| #3 |
| | Virus! Entfernung von rvzr-a.akamaihd.net OK,
__________________mache ich. Bin heute erst sehr spät von der Arbeit zurück, d.h. ich kann es noch nicht auf heute Abend versprechen, aber wenn doch dann erst gegen ca. 22:00. Gruß Jochen Ich habe gerade der FRST 64 heruntergeladen un versucht diese zu starten. das Ergebnis ist: --------------------------------------------------------------------------------------------------- Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-01-2014 Ran by Ermano (administrator) on BUERO on 10-01-2014 08:07:52 Running from C:\Download\Tools\RVZ- Dings remove alle SW\FRST 64 10.01.2013 Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ATTENTION: If processes are not listed WMI should be repaired. ==================== Processes (Whitelisted) ================= ------------------------------------------------------------------------------------------------- Das ist wohl zu wenig die SW Startet nicht aus dem Verzeichnis oder überhaupt nicht. was ist da schon falsch? Jetzt muss ich aber wirklich eilig weg..... Gruß Jochen |
|
10.01.2014, 14:40
| #4 |
| /// the machine /// TB-Ausbilder | Virus! Entfernung von rvzr-a.akamaihd.net Lade FRST mal neu und versuch es wieder. Wenn es nicht will dann: Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.01.2014, 22:36
| #5 |
| | Virus! Entfernung von rvzr-a.akamaihd.net Guten Abend, und hier sind die Files!! FRST 64 neu geladen ist aber auch nicht gelaufen --------------------------------------------------------------------------------------------- OTL EXTRAS Logfile: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.01.2014 21:50:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ermano\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,99 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 45,06% Memory free
12,29 Gb Paging File | 9,16 Gb Available in Paging File | 74,50% Paging File free
Paging file location(s): c:\pagefile.sys 8500 14000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 154,79 Gb Free Space | 33,23% Space Free | Partition Type: NTFS
Computer Name: BUERO | User Name: Ermano | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPP\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPP\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{15D07D6F-E4CC-41D9-88A3-94115E5E5A10}" = Desktop Restore
"{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}" = Intel(R) PROSet/Wireless WiFi-Software
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417025FF}" = Java 7 Update 25 (64-bit)
"{2FD0FA0A-7A21-4C4A-B268-1142B54E035E}" = Windows Live Family Safety
"{3F03D486-A4C3-4FC9-B652-BE6F511FAB4F}" = Phocus 2.6
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4A5A427F-BA39-4BF0-9A47-7777FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64)
"{5EEC477F-8E9B-4420-8829-16E7426227DB}" = Windows Live MIME IFilter
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8505C641-422E-4E3C-B6B0-0F070E289FDD}" = TAPI Services for FRITZ!Box
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8961E141-B307-4882-ABAD-77A3E76A40C1}" = ASCOM Platform 6 - SP1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8FCE3895-45F7-4C42-9AB2-4A6D6ED6324F}" = DisplayLink Core Software
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{A0D450C6-07C4-40C7-8D2B-840565E91987}" = Spamihilator 1.5.0 (64-Bit)
"{A261F28E-6053-4414-9B84-AA8FE5F47AD4}_is1" = Cartes du Ciel V3.2
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AD73C813-335F-45E7-9772-A4583FDFD177}" = HP USB Docking Video
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D8A22D8A-0883-484B-92FA-765C5237EC6A}" = Free Driver Scout
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"3932CA781A7894D20116FDF60F878301800EA8AB" = Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"CCleaner" = CCleaner
"EPSON PX830 Series" = EPSON PX830 Series Printer Uninstall
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"PhotomatixPro4.0x64_is1" = Photomatix Pro version 4.0.2
"ProInst" = Intel PROSet Wireless
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SP6" = Logitech SetPoint 6.32
"SpeedCommander 14 (x64)" = SpeedCommander 14 (x64)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tyre_is1" = Tyre
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C141E39-BFED-40B3-ADA2-C58A6DC055E5}" = IP Camera Tool
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FD66C6F-4023-4C74-AF8E-9B8B2053868E}" = Fotogalerie
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{1424E141-E3C3-4A9C-BB8D-FFFFF32111EA}_is1" = AnyPasskey Windows Password Recovery Ultimate
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18B00AC5-C082-471E-88B0-F02FE5A2541A}" = Eye-Fi Center 3.4
"{1B8FE958-A304-4902-BF7A-4E2F0F5B7017}_is1" = GPSBabel 1.4.2
"{1EFB835F-DD75-48EC-BB3D-1A71CF604457}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22C58DA3-FA02-4DD3-8C5B-23570411E95B}" = Windows Live Writer Resources
"{23484C5A-E7AE-4F59-B7DF-88D63BEF18F4}" = Meade LPI
"{23B93929-FAD4-40E5-96C6-0E977BB87204}" = Windows Live Essentials
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{31B620F7-A6E7-4F91-AF10-6EC9DB2EA564}" = ArcSoft Panorama Maker 5
"{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon Camera WIA Driver
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{36e136d1-209a-4733-9b4e-bcfa2797265a}" = Free Driver Scout
"{37569A10-CB38-4615-8B32-0BF9FF5D887D}_is1" = concept/design Video Jukebox
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis*True*Image*Home
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3EB7A19B-690F-49BA-B494-CADA547D0DB9}_is1" = Virtual Moon Atlas Pro 3.5
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{41564952-412D-5637-00A7-A758B70C0A00}" = Avira SearchFree Toolbar
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{46BADE08-F9BE-4365-8B91-11FDCE73FF9D}" = Windows Live Family Safety
"{49DC9658-D26A-4AAB-A83A-2655B8033056}" = Photo Common
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{563254C9-FBFC-0200-0000-000000000000}" = Android Sync Manager WiFi
"{56D4499E-AC3E-4B8D-91C9-C700C148C44B}" = Google Drive
"{573F095F-3408-4B4E-8BB4-5F8F1FECC577}" = IP Camera
"{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = EOS Capture 1.5
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5BF5331F-E271-4A1F-AF5D-30A93EFF2584}_is1" = concept/design onlineTV 6
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{6066D3FE-3692-4449-A3C8-D1EAA2C0E9E7}" = Movie Maker
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6389F199-1D6C-4974-9557-693F9DD48736}" = Windows Live Writer Resources
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A8985B1-3936-49B1-8F58-4B826A497155}" = PhoenixRC
"{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}" = Crystal Reports for .NET Framework 2.0 (x86)
"{7C6F0282-3DCD-4A80-95AC-BB298E821C44}" = Windows Live Writer
"{7DF2077A-652D-4C98-9CD9-9333EC8E9FA7}" = Garmin BaseCamp
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81388290-5DFA-493E-83D6-244B652DE5AA}" = NASDetector(German)
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89870E0D-9602-41F8-9E83-14F6849346A4}" = Windows Live Mail
"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8F4FBF0D-C49B-4325-84E7-935D6D722E1A}" = Sequence Generator
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{96F51932-0944-4D62-945F-E6837E510462}" = AVM FRITZ!Box AddOn (IE)
"{99072AB4-D795-44D5-9D65-E3C9F8322C97}" = TomTom HOME
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6D5C94-386A-4DE7-B99F-523D3F167B9A}" = Windows Live Messenger
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A261F28E-6053-4414-9B84-AA8FE5F47AD4}_is1" = Cartes du Ciel V3.4.1
"{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA94EAA-40A4-458C-9D86-D1DA765B51D5}" = Windows Live Writer
"{AAF91344-2808-4D6B-9242-FBE5AF79D60A}" = Windows Live Family Safety
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_933" = Adobe Acrobat 9.3.3 - CPSID_83708
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AC94622D-D899-44DF-9857-7DD31958C541}" = Crystal Reports für .NET Framework 2.0 Language Pack (x86) - DEU
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B286BAC3-CBE6-4854-BF68-EB72A34CEA56}" = Windows Live Messenger
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BEE8AFD4-907F-4BD5-B2E9-6606291415E8}_is1" = FREE Word and Excel password recovery Wizard version 2.0.9
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{C6E44C01-0DF8-465D-A6C0-F8B1159CBBB1}" = Garmin Communicator Plugin
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C881BB19-CEFC-4EF3-B012-CF7075CB7F65}" = QuickShare
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CCC7C18E-1BEA-409F-B7A9-6C9740B99119}" = Windows Live UX Platform Language Pack
"{CF3A3816-7E48-4556-8614-654377EDE1B5}" = BlackBerry App World Browser Plugin
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D29B0575-C3DE-4746-A893-4FDF0F7D68B2}" = Windows Live Mail
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
"{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
"{DC0C5A78-6DBF-3444-0120-0FE8F0134FCD}" = Adobe Download Assistant
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{E06C8E13-7A8C-434C-8548-34BC4762212D}" = Logitech Harmony Remote Software 7
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E34E730A-9385-4648-8E4C-0FEC75E73E90}" = Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
"{F8C279EA-C67F-4B99-8FAA-EF526D98D39C}" = WISO Fahrtenbuch 2011
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FC5F20C5-C44E-40DE-927C-4C7D7994912F}" = Windows Live Messenger
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFF841F3-9A15-4F61-BD16-C19F132E5A27}" = Epson Easy Photo Print 2
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_5445c5ddd9a5c69582d3c1e2bba18f7" = Adobe Creative Suite 4 Master Collection
"ARBEITSZEUGNIS" = ARBEITSZEUGNIS
"ASCOM Celestron Telescope Driver_is1" = ASCOM Celestron Telescope Driver 5.0.14
"ASCOM Meade LX200GPS/R Telescope Driver_is1" = MeadeLX200GPS 5.0.0
"ASCOM Platform 6 - SP1" = ASCOM Platform 6 - SP1
"ASCOM SX Camera Driver_is1" = ASCOM SX Camera Driver 2.1.1.2
"Astroart_is1" = Astroart 4.0
"Autostar Suite" = Autostar Suite
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxMonitor" = AVM FRITZ!Box Monitor
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CleanUp!" = CleanUp!
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"DeInst_d2vexcrd C:/Program Files (x86)/Top25 V2" = Top25 Viewer basierend auf Geogrid®-Viewer Version 2.2
"DPP" = Canon Utilities Digital Photo Professional 3.9
"DSLR Shutter_is1" = DSLR Shutter 1.10
"dslr timer" = DSLR Timer
"eMule" = eMule
"Envisage Install" = Envisage Install
"EOS Utility" = Canon Utilities EOS Utility
"EPSON PX830 Series Netg" = Netzwerkhandbuch EPSON PX830 Series
"EPSON PX830 Series Useg" = Benutzerhandbuch EPSON PX830 Series
"EPSON Scanner" = EPSON Scan
"FileZilla Client" = FileZilla Client 3.5.3
"FreeCommander_is1" = FreeCommander 2009.02b
"FreeFileSync" = FreeFileSync v5.0
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"Geogrid_DynPerspView" = Geogrid® DynPerspView
"Google Chrome" = Google Chrome
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon EOS Kiss_N REBEL_XT 350D WIA-Treiber
"InstallShield_{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = Canon Utilities EOS Capture 1.5
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MOBackup-DatensicherungfürOutlook" = MOBackup - Datensicherung für Outlook (Testversion)
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 26.0 (x86 de)" = Mozilla Firefox 26.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PROPLUS" = Microsoft Office Professional Plus 2007
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RarZilla Free Unrar" = RarZilla Free Unrar
"Schiffe-versenken_is1" = Schiffe-versenken 3.0.2
"SchnapperPro" = SchnapperPro 2.0.47
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"Software Update Wizard (Redist)" = Software Update Wizard (Redist) 4.5
"Speed Test 127" = Speed Test 127
"ST6UNST #1" = New Astronomy CCDCalc 1.4.15
"sxASCOM_is1" = ASCOM SX Camera Driver 5.5.1.13082
"TeamViewer 8" = TeamViewer 8
"TVgenial" = TVgenial 5.20
"Tyre_is1" = Tyre
"UN060501" = BUFFALO NAS Navigator
"web to date 6.0_is1" = DATA BECKER web to date 6.0
"Webcam Zone Trigger" = Webcam Zone Trigger
"WFTK" = Canon Utilities WFT Utility
"Windows Updates Downloader" = Windows Updates Downloader
"WinLiveSuite" = Windows Live Essentials
"WinZip" = WinZip
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe" = SanDiskSecureAccess_Manager.exe
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
"RadarSync PC Updater 2011" = RadarSync PC Updater 2011
"SkyDriveSetup.exe" = Microsoft SkyDrive
< End of report >
--- --- --- ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.01.2014 21:50:00 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ermano\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16750) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 45,06% Memory free 12,29 Gb Paging File | 9,16 Gb Available in Paging File | 74,50% Paging File free Paging file location(s): c:\pagefile.sys 8500 14000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,76 Gb Total Space | 154,79 Gb Free Space | 33,23% Space Free | Partition Type: NTFS Computer Name: BUERO | User Name: Ermano | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Ermano\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.) PRC - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.) PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Users\Ermano\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\PROGRA~2\WinTV\TVServer\CAD1B6~1.EXE (Hauppauge Computer Works) PRC - C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE (Hauppauge Computer Works) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe (Eye-Fi, Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) PRC - C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) PRC - C:\Program Files (x86)\WinTV\Ir.exe (Hauppauge Computer Works) PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.) PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG) PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Program Files (x86)\Canon\EOS Utility\WFTPairing\WFTPairing.exe (CANON INC.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Canon\EOS Utility\WFTPairing\EOSUPNPSV.exe (CANON INC.) PRC - C:\Program Files (x86)\FRITZ!Box Monitor\FRITZBoxMonitor.exe (AVM Berlin) PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) PRC - C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) PRC - C:\Windows\SysWOW64\WebUpdateSvc4.exe (Data Perceptions / PowerProgrammer) PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe () PRC - C:\ProgramData\U3\U3Launcher\LaunchU3.exe () PRC - C:\Program Files (x86)\SchnapperPro\TimeSync.exe (Schnapper-Software Robert Beer) PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (SEIKO EPSON CORPORATION) PRC - C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing LP) ========== Modules (No Company Name) ========== MOD - C:\Users\Ermano\AppData\Local\Temp\_MEI25642\_ssl.pyd () MOD - C:\Users\Ermano\AppData\Local\Temp\_MEI25642\wx._gdi_.pyd () MOD - C:\Users\Ermano\AppData\Local\Temp\_MEI25642\_hashlib.pyd () MOD - C:\Users\Ermano\AppData\Local\Temp\_MEI25642\pywintypes27.dll () MOD - C:\Users\Ermano\AppData\Local\Temp\_MEI25642\_multiprocessing.pyd () MOD - C:\Users\Ermano\AppData\Local\Temp\_MEI25642\wx._core_.pyd () MOD - C:\Users\Ermano\AppData\Local\Temp\_MEI25642\wx._controls_.pyd () MOD - C:\Users\Ermano\AppData\Local\Temp\_MEI25642\wx._windows_.pyd () MOD - C:\Users\Ermano\AppData\Local\Temp\_MEI25642\unicodedata.pyd () MOD - C:\Users\Ermano\AppData\Local\Temp\_MEI25642\pysqlite2._sqlite.pyd () MOD - C:\Users\Ermano\AppData\Local\Temp\_MEI25642\windows._lib_cacheinvalidation.pyd () MOD - C:\Users\Ermano\AppData\Local\Temp\_MEI25642\pythoncom27.dll () MOD - C:\Users\Ermano\AppData\Local\Temp\_MEI25642\win32com.shell.shell.pyd () MOD - C:\Users\Ermano\AppData\Local\Temp\_MEI25642\_elementtree.pyd () MOD - C:\Users\Ermano\AppData\Local\Temp\_MEI25642\pyexpat.pyd () MOD - C:\Users\Ermano\AppData\Local\Temp\_MEI25642\win32file.pyd () MOD - C:\Users\Ermano\AppData\Local\Temp\_MEI25642\win32security.pyd () MOD - C:\Users\Ermano\AppData\Local\Temp\_MEI25642\win32api.pyd () MOD - C:\Users\Ermano\AppData\Local\Temp\_MEI25642\_ctypes.pyd () MOD - C:\Users\Ermano\AppData\Local\Temp\_MEI25642\wx._html2.pyd () MOD - C:\Users\Ermano\AppData\Local\Temp\_MEI25642\_socket.pyd () MOD - C:\Users\Ermano\AppData\Local\Temp\_MEI25642\win32inet.pyd () MOD - C:\Users\Ermano\AppData\Local\Temp\_MEI25642\win32process.pyd () MOD - C:\Users\Ermano\AppData\Local\Temp\_MEI25642\win32pdh.pyd () MOD - C:\Users\Ermano\AppData\Local\Temp\_MEI25642\win32pipe.pyd () MOD - C:\Users\Ermano\AppData\Local\Temp\_MEI25642\win32ts.pyd () MOD - C:\Users\Ermano\AppData\Local\Temp\_MEI25642\win32event.pyd () MOD - C:\Users\Ermano\AppData\Local\Temp\_MEI25642\win32profile.pyd () MOD - C:\Users\Ermano\AppData\Local\Temp\_MEI25642\select.pyd () MOD - C:\Users\Ermano\AppData\Local\Temp\_MEI25642\wx._misc_.pyd () MOD - C:\Users\Ermano\AppData\Local\Temp\_MEI25642\wx._wizard.pyd () MOD - C:\Users\Ermano\AppData\Local\Temp\_MEI25642\win32crypt.pyd () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\3bc7ec22c021d74dce4f8230f3631fca\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\639f444db9491d25b5d158531e1f7d9b\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\034c34ee777c7a2efc9c631b1179211c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a2eb039301af47660eebc7566ce02b9c\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b9fe579783a35b57dd7e69375f35e239\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d91f3556f8011a5d48e1448e3fa8df9e\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\4e69f1e7d86d79012db2d7e0dadc8880\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1f56d5786274992934de0c900431c447\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef90aeb894485d14b249d102309b6df3\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\79f6324a598a7c4446a4a1168be7c4b1\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\045c9588954c3662d542b53f4462268b\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e1d6482355cf83afab1904ee0cd72168\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6229267850cd8058e6c9d34006d039f8\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6b3be3ca03fcac86340195d721d4dd2d\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f5cff49f1a827754ae2ba6d951b12a07\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\4802a2f7b7a69969a7cec274030aa373\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL () MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll () MOD - C:\Program Files (x86)\Eye-Fi\Helper\Locales\de\Helper.dll () MOD - C:\Program Files (x86)\Eye-Fi\Helper\libexif.dll () MOD - C:\Program Files (x86)\Eye-Fi\Helper\libopenraw.dll () MOD - C:\PROGRA~2\MICROS~2\Office12\ADDINS\UMOUTL~1.DLL () MOD - C:\PROGRA~2\MICROS~2\Office12\OUTLCTL.DLL () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.deu () MOD - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA () MOD - C:\PROGRA~2\MICROS~2\Office12\ADDINS\COLLEA~1.DLL () MOD - C:\ProgramData\U3\U3Launcher\LaunchU3.exe () ========== Services (SafeList) ========== SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company) SRV:64bit: - (EPSON_EB_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) SRV:64bit: - (EPSON_PM_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION) SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation) SRV:64bit: - (DisplayLinkService) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.) SRV:64bit: - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (APNMCP) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (rpcnet) -- C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.) SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (HauppaugeTVServer) -- C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE (Hauppauge Computer Works) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (DBService) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) SRV - (WebUpdate4) -- C:\Windows\SysWOW64\WebUpdateSvc4.exe (Data Perceptions / PowerProgrammer) SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (NasPmService) -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe () SRV - (SchnapperPro-TimeSync) -- C:\Program Files (x86)\SchnapperPro\TimeSync.exe (Schnapper-Software Robert Beer) SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (avmaudio) -- C:\Windows\SysNative\drivers\avmaudio.sys (AVM Berlin) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (hcw95rc) -- C:\Windows\SysNative\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hcw95bda) -- C:\Windows\SysNative\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company) DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (vmm) -- C:\Windows\SysNative\Treiber\VMM.sys (Microsoft Corporation) DRV:64bit: - (NETwLv64) -- C:\Windows\SysNative\drivers\NETwLv64.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (HBtnKey) -- C:\Windows\SysNative\drivers\CPQBTTN.sys (Hewlett-Packard Company) DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (tdrpman139) -- C:\Windows\SysNative\drivers\tdrpm139.sys (Acronis) DRV:64bit: - (snapman380) -- C:\Windows\SysNative\drivers\snman380.sys (Acronis) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation) DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (dlkmd) -- C:\Windows\SysNative\drivers\dlkmd.sys (DisplayLink Corp.) DRV:64bit: - (dlkmdldr) -- C:\Windows\SysNative\drivers\dlkmdldr.sys (DisplayLink Corp.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (NETw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd) DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.) DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{BD597A9D-DA6F-47AF-A3A4-164A05B6D384}: "URL" = hxxp://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: "false" FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.1 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll () FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Ermano\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{00F0643E-B367-4779-B45D-7046EBA37A88}: C:\Program Files (x86)\Steganos Privacy Suite 11\spmplugin3 FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{09F060FA-566D-42D7-BF79-97AB30863433}: C:\Program Files (x86)\Steganos Privacy Suite 11\pfplugin FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.11.30 19:43:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.11.25 19:35:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.12.21 19:45:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.12.21 19:45:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox [2011.10.11 19:29:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ermano\AppData\Roaming\mozilla\Extensions [2011.01.26 12:04:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ermano\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2014.01.08 18:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ermano\AppData\Roaming\mozilla\Firefox\Profiles\w3au1tlg.default\extensions [2013.12.23 12:30:30 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ermano\AppData\Roaming\mozilla\Firefox\Profiles\w3au1tlg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.08.17 11:24:28 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\Ermano\AppData\Roaming\mozilla\firefox\profiles\w3au1tlg.default\extensions\adblockpopups@jessehakanen.net.xpi [2013.12.21 19:45:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.12.21 19:45:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.12.21 19:45:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.12.21 19:45:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013.12.21 19:45:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.12.21 19:45:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2011.01.15 12:36:05 | 000,001,456 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober80871292.xml ========== Chrome ========== CHR - default_search_provider: Conduit Search (Enabled) CHR - default_search_provider: search_url = hxxp://search.conduit.com/Results.aspx?ctid=CT3318155&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP9E7D2062-202C-4244-91D0-182BCFA9463D&q={searchTerms}&SSPV= CHR - default_search_provider: suggest_url = hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}, CHR - homepage: hxxp://google.de/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\Ermano\AppData\Roaming\Mozilla\plugins\np-mswmp.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll CHR - plugin: Windows Live0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\Ermano\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll CHR - plugin: Java Deployment Toolkit 6.0.390.4 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll CHR - Extension: Google Docs = C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Plus-HD-2.4 = C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmbfiljpkaijkdifoaacbpallpfkkf\1.26.102_0\crossrider CHR - Extension: Plus-HD-2.4 = C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmbfiljpkaijkdifoaacbpallpfkkf\1.26.102_0\ CHR - Extension: Speed Test 127 = C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0_1\ CHR - Extension: Google Wallet = C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\ CHR - Extension: Google Mail = C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2011.07.06 21:47:01 | 000,436,437 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 15015 more lines... O2:64bit: - BHO: (Speed Test 127) - {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} - C:\Program Files (x86)\Speed Test 127\ScriptHost64.dll (BestOffers) O2:64bit: - BHO: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Speed Test 127) - {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} - C:\Program Files (x86)\Speed Test 127\ScriptHost.dll (BestOffers) O2 - BHO: (no name) - {41564952-412D-5637-00A7-7A786E7484D7} - No CLSID value found. O2 - BHO: (no name) - {5263b5d9-3a68-6849-6f0e-60be83929f6c} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (no name) - {84B94901-3645-4D80-A6B7-4D0050B19455} - No CLSID value found. O2 - BHO: (no name) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No CLSID value found. O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SplitButtonBHO Class) - {C0C86BBE-9509-4296-8459-FDBFDAF4B673} - C:\Program Files (x86)\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll (AVM Berlin) O2 - BHO: (no name) - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - No CLSID value found. O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (no name) - {41564952-412D-5637-00A7-7A786E7484D7} - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMFBoxMonitor] C:\Program Files (x86)\FRITZ!Box Monitor\FRITZBoxMonitor.exe (AVM Berlin) O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [EPSON PX830 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHOE.EXE /FU "C:\Users\Ermano\AppData\Local\Temp\E_S2933.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [Epson Stylus Photo PX830(Netzwerk) (1 kopieren)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHOE.EXE /FU "C:\Users\Ermano\AppData\Local\Temp\E_S29BF.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [Eye-Fi] C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe (Eye-Fi, Inc.) O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKCU..\Run: [SkyDrive] C:\Users\Ermano\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - Startup: C:\Users\Ermano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk = File not found O4 - Startup: C:\Users\Ermano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WFTPairing.lnk = C:\Program Files (x86)\Canon\EOS Utility\WFTPairing\WFTPairing.exe (CANON INC.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = 1 O8:64bit: - Extra context menu item: An SchnapperPro senden - hxxp://www.sniper-tool.de/SchnapperPro/IE-MenuExt.html File not found O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Mit FRITZ!Box Anrufen - C:\Program Files (x86)\FRITZ!Box\AddOn (IE)\fb_addon_dial_ie.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: An SchnapperPro senden - hxxp://www.sniper-tool.de/SchnapperPro/IE-MenuExt.html File not found O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Mit FRITZ!Box Anrufen - C:\Program Files (x86)\FRITZ!Box\AddOn (IE)\fb_addon_dial_ie.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: SchnapperPro - {D6243B39-211B-440E-B4C5-26D2A579CAC8} - Reg Error: Key error. File not found O9 - Extra Button: FRITZ!Box AddOn - {328ECD19-C167-40eb-A0C7-16FE7634105F} - C:\Program Files (x86)\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll (AVM Berlin) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: SchnapperPro - {D6243B39-211B-440E-B4C5-26D2A579CAC8} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {3746422E-4692-4429-9698-E3EB34FE07BC} hxxp://192.168.178.30:88/FSIPCam.cab (ocxIPcam Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4C3AF30-B20B-48BB-AD73-96058D08C83A}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.03.20 16:42:25 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.11.29 14:33:11 | 000,000,000 | ---D | M] - C:\autosave -- [ NTFS ] O33 - MountPoints2\{887a54df-0f43-11df-b412-404e57434401}\Shell - "" = AutoRun O33 - MountPoints2\{887a54df-0f43-11df-b412-404e57434401}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{c6617742-2989-11e1-a1ff-001cc4c89a5b}\Shell - "" = AutoRun O33 - MountPoints2\{c6617742-2989-11e1-a1ff-001cc4c89a5b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{c7b30aaa-4658-11e0-a999-001cc4c89a5b}\Shell - "" = AutoRun O33 - MountPoints2\{c7b30aaa-4658-11e0-a999-001cc4c89a5b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014.01.10 18:10:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ermano\Desktop\OTL.exe [2014.01.09 20:47:34 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2014.01.08 14:49:10 | 000,000,000 | ---D | C] -- C:\Users\Ermano\AppData\Roaming\speedtest4354 [2014.01.08 14:49:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Speed Test 127 [2014.01.08 14:48:49 | 000,000,000 | ---D | C] -- C:\Users\Ermano\AppData\Roaming\freegames111 [2014.01.08 09:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2014.01.08 09:00:40 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2014.01.08 09:00:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2014.01.06 16:43:01 | 000,000,000 | ---D | C] -- C:\Windows\Migration [2013.12.30 12:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Mobiscope [2013.12.30 12:37:16 | 000,000,000 | ---D | C] -- C:\Users\Ermano\Documents\WebcamZoneTrigger [2013.12.30 12:37:16 | 000,000,000 | ---D | C] -- C:\Users\Ermano\AppData\Roaming\WebcamZoneTrigger [2013.12.30 12:37:07 | 000,000,000 | ---D | C] -- C:\Users\Ermano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webcam Zone Trigger [2013.12.30 12:37:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webcam Zone Trigger [2013.12.26 13:38:42 | 007,123,640 | ---- | C] (FreeDownloadManager.ORG ) -- C:\fdminst.exe [2013.12.25 13:13:15 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL [2013.12.25 13:13:14 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL [2013.12.25 13:13:14 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2013.12.25 13:13:13 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2013.12.25 13:10:15 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.12.25 13:10:15 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.12.25 13:10:14 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.12.25 13:10:14 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.12.25 13:10:14 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.12.25 13:10:14 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.12.25 13:10:14 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.12.25 13:10:14 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.12.25 13:10:14 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.12.25 13:10:14 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.12.25 13:10:14 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.12.25 13:10:12 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.12.25 13:10:11 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.12.25 13:10:11 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.12.25 13:10:11 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.12.25 13:00:35 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys [2013.12.25 13:00:35 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys [2013.12.25 13:00:33 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll [2013.12.25 13:00:33 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll [2013.12.25 13:00:29 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll [2013.12.25 13:00:27 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.12.25 13:00:27 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.12.25 12:58:29 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll [2013.12.25 12:58:29 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll [2013.12.25 12:58:29 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe [2013.12.25 12:58:29 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx [2013.12.25 12:58:29 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe [2013.12.25 12:58:29 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx [2013.12.21 19:45:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.12.15 03:56:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014.01.10 21:53:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cc01f1ed650a84.job [2014.01.10 21:48:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014.01.10 21:45:27 | 000,005,766 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2014.01.10 21:30:28 | 000,271,360 | ---- | M] () -- C:\Users\Ermano\Documents\Ordnertest.pst [2014.01.10 18:10:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ermano\Desktop\OTL.exe [2014.01.09 23:53:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014.01.09 20:42:59 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014.01.09 20:42:59 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014.01.09 20:35:32 | 000,005,622 | ---- | M] () -- C:\Users\Ermano\Desktop\DesktopOK.ini [2014.01.09 20:30:40 | 000,017,408 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe [2014.01.09 20:30:38 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll [2014.01.09 20:29:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014.01.09 20:29:47 | 3214,385,152 | -HS- | M] () -- C:\hiberfil.sys [2014.01.08 19:09:05 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll [2014.01.08 19:06:59 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe [2014.01.08 14:48:59 | 000,001,230 | ---- | M] () -- C:\Users\Ermano\Desktop\Speed Test.lnk [2014.01.08 09:00:43 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2014.01.06 16:50:04 | 001,655,114 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014.01.06 16:50:04 | 000,704,894 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2014.01.06 16:50:04 | 000,658,084 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014.01.06 16:50:04 | 000,151,542 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2014.01.06 16:50:04 | 000,123,896 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014.01.06 16:46:51 | 001,607,576 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.12.30 12:37:07 | 000,001,285 | ---- | M] () -- C:\Users\Ermano\Desktop\Webcam Zone Trigger.lnk [2013.12.27 21:55:17 | 000,001,338 | ---- | M] () -- C:\Users\Ermano\Desktop\Movie Maker (2).lnk [2013.12.26 13:38:42 | 007,123,640 | ---- | M] (FreeDownloadManager.ORG ) -- C:\fdminst.exe [2013.12.25 18:02:28 | 005,057,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.12.15 03:56:34 | 000,002,245 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013.12.12 10:43:24 | 000,131,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.12.12 10:43:24 | 000,108,440 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.12.12 10:43:24 | 000,084,720 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Ermano\Documents\*.tmp files -> C:\Users\Ermano\Documents\*.tmp -> ] [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] ========== Files Created - No Company Name ========== [2014.01.08 14:48:59 | 000,001,230 | ---- | C] () -- C:\Users\Ermano\Desktop\Speed Test.lnk [2014.01.08 09:00:43 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.12.30 12:37:07 | 000,001,285 | ---- | C] () -- C:\Users\Ermano\Desktop\Webcam Zone Trigger.lnk [2013.12.27 21:55:17 | 000,001,338 | ---- | C] () -- C:\Users\Ermano\Desktop\Movie Maker (2).lnk [2013.12.15 03:56:34 | 000,002,245 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013.07.18 13:32:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2013.06.29 15:18:58 | 000,031,816 | ---- | C] () -- C:\Windows\Launcher.exe [2013.02.26 17:37:29 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\SearchLib.dll [2013.02.26 17:37:29 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\IPCamera.exe [2013.02.26 17:37:29 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\FCSDK.dll [2013.02.26 17:37:28 | 000,798,720 | ---- | C] () -- C:\Windows\SysWow64\FCPlayer.dll [2013.02.26 17:37:28 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\FCPlayer.exe [2013.02.26 17:37:27 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\FCNetLib.dll [2013.02.09 14:04:12 | 000,000,000 | ---- | C] () -- C:\Windows\PanelExe.INI [2013.02.09 14:04:12 | 000,000,000 | ---- | C] () -- C:\Windows\EngineExe.INI [2013.02.02 18:50:01 | 000,012,980 | ---- | C] () -- C:\Users\Ermano\AppData\Roaming\Kommagetrennte Werte (Windows).CAL [2013.02.02 18:37:42 | 000,012,976 | ---- | C] () -- C:\Users\Ermano\AppData\Roaming\Kommagetrennte Werte (DOS).CAL [2012.07.14 22:13:39 | 000,511,488 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2012.07.14 22:13:39 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll [2012.07.14 22:13:39 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll [2012.07.02 19:52:35 | 000,000,692 | RHS- | C] () -- C:\Users\Ermano\ntuser.pol [2012.06.15 12:54:55 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2012.06.15 12:50:00 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2012.05.23 17:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.05.23 17:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.05.23 17:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.05.23 17:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.05.05 07:16:48 | 000,172,468 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2012.04.24 20:08:26 | 000,005,766 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.03.31 19:05:17 | 000,000,288 | ---- | C] () -- C:\Users\Ermano\AppData\Roaming\.backup.dm [2012.02.12 13:07:00 | 000,000,132 | ---- | C] () -- C:\Users\Ermano\AppData\Roaming\Adobe BMP Format CS5 Prefs [2011.11.21 16:44:24 | 000,038,424 | ---- | C] () -- C:\Users\Ermano\AppData\Roaming\Kommagetrennte Werte (DOS).ADR [2011.09.29 22:06:03 | 000,000,375 | ---- | C] () -- C:\Users\Ermano\AppData\Roaming\BOINC Monitor_Settings.ini [2011.09.24 09:34:32 | 000,000,126 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.02.02 23:20:29 | 000,015,360 | ---- | C] () -- C:\Users\Ermano\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.02 13:57:31 | 000,003,518 | ---- | C] () -- C:\Users\Ermano\AppData\Roaming\SAS7_000.DAT ========== ZeroAccess Check ========== [2011.11.17 07:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{465702c2-f175-f76d-f6a3-ee665734556b}\@ [2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{465702c2-f175-f76d-f6a3-ee665734556b}\L [2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{465702c2-f175-f76d-f6a3-ee665734556b}\U [2011.11.17 07:41:18 | 000,002,048 | -HS- | M] () -- C:\Users\Ermano\AppData\Local\{465702c2-f175-f76d-f6a3-ee665734556b}\@ [2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Ermano\AppData\Local\{465702c2-f175-f76d-f6a3-ee665734556b}\L [2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Ermano\AppData\Local\{465702c2-f175-f76d-f6a3-ee665734556b}\U [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\Users\Ermano\AppData\Local\{465702c2-f175-f76d-f6a3-ee665734556b}\n. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = \\.\globalroot\systemroot\Installer\{465702c2-f175-f76d-f6a3-ee665734556b}\n. "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 957 bytes -> C:\Users\Ermano\AppData\Local\sTOT96aKxv2lnt:5yh8dbXAtKainO0C6NBf09bj @Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:F35A93AD @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:BF31A799 @Alternate Data Stream - 1107 bytes -> C:\ProgramData\Microsoft:soQLkGBXPto96hnXqGVzY @Alternate Data Stream - 1057 bytes -> C:\ProgramData\Microsoft:kGO8EYGPjth73rQxiJA < End of report > |
|
11.01.2014, 15:16
| #6 |
| /// the machine /// TB-Ausbilder | Virus! Entfernung von rvzr-a.akamaihd.net Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches OTL log bitte.
__________________ --> Virus! Entfernung von rvzr-a.akamaihd.net |
|
11.01.2014, 22:53
| #7 |
| | Virus! Entfernung von rvzr-a.akamaihd.net So, das eine habe ich schon mal. Die anderen 2 Aufgaben mache ich anschließend. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.11.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16750 Ermano :: BUERO [Administrator] 11.01.2014 16:34:36 mbam-log-2014-01-11 (16-34-36).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 797183 Laufzeit: 4 Stunde(n), 21 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 19 HKCR\Speed Test 127.BackgroundHostObject (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Speed Test 127.BackgroundHostObject.1 (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Speed Test 127.Navbar (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Speed Test 127.Navbar.1 (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Speed Test 127.ScriptHostObject (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Speed Test 127.ScriptHostObject.1 (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Speed Test 127.Tool (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Speed Test 127.Tool.1 (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Google\Chrome\Extensions\jljheddigenhleadfofeccneimcmlefp (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{3013E03D-89D5-4580-8560-DB198297CC29} (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{BBBE01ED-0F1E-44DB-88C1-5CC1AEE3B462} (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{B69509B5-4A90-4433-A2DE-BE439F6581F2} (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{E09EF104-3849-47F4-B005-A120558F3FEF} (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{53FDCCB0-2404-4274-9002-5A3A1FD40426} (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{F2F1AE7C-149B-46D3-9498-12572C7AFE11} (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Speed Test 127 (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 5 C:\Users\Ermano\AppData\Roaming\speedtest4354 (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp (PUP.Optional.SpeedAnalysis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0_1 (PUP.Optional.SpeedAnalysis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Roaming\freegames111 (PUP.Optional.FreeGames.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Speed Test 127 (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 88 C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\CltMngSvc.exe.vir (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\SPTool.dll.vir (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\uninstall.exe.vir (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\cltmng.exe.vir (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPTool64.exe.vir (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC32.dll.vir (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC32Loader.dll.vir (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC64.dll.vir (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC64Loader.dll.vir (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\UI\bin\cltmngui.exe.vir (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\IP Camera\NvrServer.exe (Trojan.Agent.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Local\Temp\nsj1C89.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Local\Temp\nsj7CD6.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Local\Temp\nso7729.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Local\Temp\nso79E8.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Local\Temp\nsy1FF3.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Local\Temp\nsy2264.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Local\Temp\verifier.exe (PUP.Optional.Conduit) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\Downloads\DownloadManagerSetup (1).exe (PUP.Optional.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\Downloads\DownloadManagerSetup (2).exe (PUP.Optional.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\Downloads\DownloadManagerSetup (3).exe (PUP.Optional.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\Downloads\DownloadManagerSetup.exe (PUP.Optional.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Roaming\speedtest4354\install_helper.exe (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Roaming\speedtest4354\speedtest4354.crx (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Roaming\speedtest4354\speedtest4354.xpi (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0_1\background.html (PUP.Optional.SpeedAnalysis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0_1\button.js (PUP.Optional.SpeedAnalysis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0_1\ci.bg.pack.js (PUP.Optional.SpeedAnalysis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0_1\ci.browser.helper.js (PUP.Optional.SpeedAnalysis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0_1\ci.content.pack.js (PUP.Optional.SpeedAnalysis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0_1\content.js (PUP.Optional.SpeedAnalysis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0_1\icon128.ico (PUP.Optional.SpeedAnalysis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0_1\icon128.png (PUP.Optional.SpeedAnalysis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0_1\icon16.ico (PUP.Optional.SpeedAnalysis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0_1\icon16.png (PUP.Optional.SpeedAnalysis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0_1\icon18.ico (PUP.Optional.SpeedAnalysis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0_1\icon18.png (PUP.Optional.SpeedAnalysis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0_1\icon24.ico (PUP.Optional.SpeedAnalysis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0_1\icon24.png (PUP.Optional.SpeedAnalysis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0_1\icon32.ico (PUP.Optional.SpeedAnalysis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0_1\icon32.png (PUP.Optional.SpeedAnalysis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0_1\icon48.ico (PUP.Optional.SpeedAnalysis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0_1\icon48.png (PUP.Optional.SpeedAnalysis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0_1\icon64.ico (PUP.Optional.SpeedAnalysis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0_1\icon64.png (PUP.Optional.SpeedAnalysis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0_1\jquery-1.9.1.min.js (PUP.Optional.SpeedAnalysis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0_1\jquery.uuid.js (PUP.Optional.SpeedAnalysis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0_1\manifest.json (PUP.Optional.SpeedAnalysis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0_1\popup.js (PUP.Optional.SpeedAnalysis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0_1\rjs.js (PUP.Optional.SpeedAnalysis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0_1\settings.json (PUP.Optional.SpeedAnalysis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Roaming\freegames111\DeskTopIcon.ico (PUP.Optional.FreeGames.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Roaming\freegames111\freegames111.crx (PUP.Optional.FreeGames.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Roaming\freegames111\freegames111.xpi (PUP.Optional.FreeGames.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ermano\AppData\Roaming\freegames111\install_helper.exe (PUP.Optional.FreeGames.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Speed Test 127\AddonsFramework.Typelib.dll (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Speed Test 127\AddonsFramework.Typelib64.dll (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Speed Test 127\background.html (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Speed Test 127\BackgroundHost.exe (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Speed Test 127\BackgroundHost64.exe (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Speed Test 127\button.js (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Speed Test 127\ButtonSite.dll (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Speed Test 127\ButtonSite64.dll (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Speed Test 127\config.xml (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Speed Test 127\content.js (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Speed Test 127\icon128.ico (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Speed Test 127\icon128.png (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Speed Test 127\icon16.ico (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Speed Test 127\icon16.png (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Speed Test 127\icon18.ico (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Speed Test 127\icon18.png (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Speed Test 127\icon24.ico (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Speed Test 127\icon24.png (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Speed Test 127\icon32.ico (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Speed Test 127\icon32.png (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Speed Test 127\icon48.ico (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Speed Test 127\icon48.png (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Speed Test 127\icon64.ico (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Speed Test 127\icon64.png (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Speed Test 127\jquery-1.9.1.min.js (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Speed Test 127\json2.min.js (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Speed Test 127\options.htm (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Speed Test 127\rjs.js (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Speed Test 127\ScriptHost.dll (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Speed Test 127\ScriptHost64.dll (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Speed Test 127\uninstall.exe (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Speed Test 127\updater.js (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Speed Test 127\updaterWrapper.js (PUP.Optional.SpeedTest.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Gruß Jochen Guten Abend, hier das Log vom AWD Cleaner. Der Cleaner ist aber nur sehr kurz gelaufen, ist das schon normal?AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.016 - Bericht erstellt am 11/01/2014 um 22:13:59
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Ermano - BUERO
# Gestartet von : C:\Download\Tools\RVZ- Dings remove alle SW\AWD Cleaner\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gelöscht : C:\Windows\System32\Tasks\NCH Software
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16750
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\Ermano\AppData\Roaming\Mozilla\Firefox\Profiles\w3au1tlg.default\prefs.js ]
-\\ Google Chrome v31.0.1650.63
[ Datei : C:\Users\Ermano\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : search_url
Gelöscht : suggest_url
Gelöscht : keyword
*************************
AdwCleaner[R0].txt - [50885 octets] - [11/11/2013 21:09:17]
AdwCleaner[R1].txt - [50946 octets] - [11/11/2013 21:11:17]
AdwCleaner[R2].txt - [5647 octets] - [08/01/2014 19:02:37]
AdwCleaner[R3].txt - [1435 octets] - [09/01/2014 20:25:49]
AdwCleaner[R4].txt - [1576 octets] - [11/01/2014 22:01:37]
AdwCleaner[S0].txt - [50292 octets] - [11/11/2013 21:12:46]
AdwCleaner[S1].txt - [5350 octets] - [08/01/2014 19:04:17]
AdwCleaner[S2].txt - [1426 octets] - [09/01/2014 20:27:28]
AdwCleaner[S3].txt - [1427 octets] - [11/01/2014 22:13:59]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1487 octets] ##########
nach deiner Antwort mache ich noch Teil 3. Im Übrigen der Virus ist immer noch aktiv. Gruß Jochen Habs dann doch gleich laufen lassen, hier das File. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.0 (01.07.2014:1) OS: Windows 7 Ultimate x64 Ran by Ermano on 11.01.2014 at 22:39:05,92 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\Ermano\appdata\local\{465702c2-f175-f76d-f6a3-ee665734556b} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 11.01.2014 at 22:47:23,63 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ der Virus ist immer noch da, der schein hartnäckig zu sein, oder habe ich etwas falsch gemacht? Gruß Jochen |
|
12.01.2014, 09:14
| #8 |
| /// the machine /// TB-Ausbilder | Virus! Entfernung von rvzr-a.akamaihd.net In welchem Browser?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.01.2014, 20:10
| #9 |
| | Virus! Entfernung von rvzr-a.akamaihd.net Hallo, bei Google Chrom Bei Firefox könnte es sauber sein. Gruß Jochen Hallo Schrauber, so jetzt hatte ich Zeit zum Testen. es ist zur Zeit nur Google Chrom betroffen! Gruß Jochen Guten Morgen Schrauber, Der Virus ist noch da und nervt mich bereits schon wieder. Soll ich die Prozedur wiederhohlen? Gruß Jochen ach ja, das Programm FRST64 läuft auch noch nicht, bricht mit einer Fehlermeldung ab. Gruß Jochen |
|
14.01.2014, 10:18
| #10 | |
| /// the machine /// TB-Ausbilder | Virus! Entfernung von rvzr-a.akamaihd.netZitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.01.2014, 12:35
| #11 |
| | Virus! Entfernung von rvzr-a.akamaihd.net Guten Tag Schrauber, gerade noch einmal getestet, in Chrome noch vorhanden, in Firefox wohl nicht mehr (oder ist gerade still). aber die SW FRST 64 läuft wie beschrieben, nicht und bricht sofort ab. Gruß Jochen |
|
15.01.2014, 09:19
| #12 |
| /// the machine /// TB-Ausbilder | Virus! Entfernung von rvzr-a.akamaihd.net FRST mal neu laden und nochmal versuchen, da wurde was geändert.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.01.2014, 18:21
| #13 |
| | Virus! Entfernung von rvzr-a.akamaihd.net zur Zeit nur bei Chrome aber dafür nervt der kräftig. auf jedem Feld das ich auf dem Board anklicke startet der ein neues Fenster........ Gruß (genervt) Jochen Mit FRST 64 geht nichts, aber auch gar nichts!!!! So langsam muss ich jetzt hier in die Pötte kommen, gibt es außer das System neu auf zu setzten, einen anderen Plan? Offensichtlich gehen die Reparaturtools alle samt nicht, oder sehe ich das falsch? Was haben die anderen gemacht was ich nicht gemacht habe? Dieser Virus ist doch hier schon oft behandelt worden. Oder soll ich die Ganze Prozedur noch einmal wiederhohlen?? was außer Zeitverschwendung nichts bringt. Gruß Jochen |
|
16.01.2014, 09:21
| #14 | |
| /// the machine /// TB-Ausbilder | Virus! Entfernung von rvzr-a.akamaihd.netZitat:
 Bevor man einen Browser repariert muss erstmal die Ursache runter. Das ist nun getan. Chrome ist einfach Dreck, da hilft nach Entfernen der Adware nur eines: Revo Uninstaller - Download - Filepony damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Falls Du mit einem Google Konto verbindest in Chrome haben wir gleich den nächsten Spass. Dann ist die Adware auch im Konto gepseichert und wird immer wieder schön in Chrome rein synchronisiert.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.01.2014, 12:47
| #15 |
| | Virus! Entfernung von rvzr-a.akamaihd.net Danke, danke, habe gerade den Chromesch... mit dem Tool herunter geschmissen und neu installiert. mit dem Konto habe ich mich noch nicht verbunden, ich möchte zuerst abwarten wie es sich entwickelt. Auch möchte ich nun ein paar Geschäfte erledigen die Mahnungen nach sich gezogen haben. erst wenn ich alles soweit im Griff habe werde ich versuchen mich mit dem Konto zu verbinden, dann sehen wir was dann los ist. Ich werde das Ergebnis auf jeden Fall posten. Danke noch einmal, das was eine mittelschwere Geburt, für mich jedenfalls. einen erleichterten Gruß Jochen |
|
| Themen zu Virus! Entfernung von rvzr-a.akamaihd.net |
| pup.optional.conduit, pup.optional.conduit.a, pup.optional.freegames.a, pup.optional.installbrain, pup.optional.searchprotect.a, pup.optional.speedanalysis.a, pup.optional.speedtest.a, trojan.agent.ed |
Linear-Darstellung
