| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PC hat eigenmächtig Internetseite h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad geöffnetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.06.2014, 23:01
| #1 |
| |  PC hat eigenmächtig Internetseite h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad geöffnet Guten Abend zusammen, mein PC hat heute Abend eigenmächtig die Internetseite "h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad", danach ca. 50 Mal "watch4.de" und am Ende nochmal "h**p://98uj8.de/r?u=CSAJFB4fIwMAUycLJQA3BTYFHHkvKQonCA8wAQgrJAopEyQMDVM7XSsZDFA3UzFRPzcQECAzYQcBGD4WIQxMJRBSHWM5CBAlBTU9ByMiWQc1JHRXIzIOJygiETE%3D#noad" geöffnet. Leider geschah das in einem Zeitraum von rund 20 Minuten, in denen ich nicht am PC saß. Anschließend habe ich kurz danach gegoogelt und bin auf euer Forum gestoßen. Habe entsprechend eurer Anleitung meinen Computer mit FRST und GMER gescannt. Bei dem zweiten gab es jedoch Probleme, die Logfile ließ sich nicht speichern und der Computer reagierte nur noch extrem langsam und dann gar nicht mehr so dass ich ihn zwangsweise ausgeschaltet habe. Hier sollten die Logfiles von Avira und FRST folgen, jedoch wurde der Text dadurch zu lang, daher habe ich vorerst auf die Dateien meines Antivirenprogramms verzichtet, da dort auf den ersten Blick keine Probleme zu sehen waren. Es folgen die Logfiles von FRST: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:16-06-2014
Ran by Nino (administrator) on NINO-PC on 18-06-2014 19:41:08
Running from C:\Users\Nino\Downloads
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
(Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
() C:\Program Files\ICQ6Toolbar\ICQ Service.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(National Instruments, Inc.) C:\Windows\System32\lkcitdl.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(National Instruments Corporation) C:\Windows\System32\lkads.exe
(National Instruments Corporation) C:\Windows\System32\lktsrv.exe
() C:\Acer\Mobility Center\MobilityService.exe
(National Instruments Corporation) C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corp.) C:\Windows\System32\nisvcloc.exe
(Realtek Semiconductor Corp.) C:\Users\Nino\AppData\Local\Temp\RtkBtMnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files\Join Air\AssistantServices.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
() C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
(acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(National Instruments) C:\Program Files\National Instruments\Shared\Update Service\BackgroundService.exe
() C:\Program Files\Join Air\UIExec.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avscan.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avscan.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-07] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4853760 2008-01-08] (Realtek Semiconductor)
HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [521776 2008-01-03] (Egis Incorporated)
HKLM\...\Run: [WarReg_PopUp] => C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [303104 2008-01-29] (Acer Incorporated)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [858632 2008-01-08] (Dritek System Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] => C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1089536 2008-02-19] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [86016 2007-12-21] (Brother Industries, Ltd.)
HKLM\...\Run: [NI Background Service] => C:\Program Files\National Instruments\Shared\Update Service\BackgroundService.exe [77824 2008-04-03] (National Instruments)
HKLM\...\Run: [UIExec] => C:\Program Files\Join Air\UIExec.exe [132608 2009-08-31] ()
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-03] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4257226603-2756161322-550577746-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-4257226603-2756161322-550577746-1003\...\Run: [SpybotSD TeaTimer] => C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [1833296 2008-09-16] (Safer Networking Limited)
HKU\S-1-5-21-4257226603-2756161322-550577746-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-4257226603-2756161322-550577746-1003\...\Run: [Google Update] => C:\Users\Nino\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-02-18] (Google Inc.)
HKU\S-1-5-21-4257226603-2756161322-550577746-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{08B785C1-3893-4154-B53B-F5D341D0AAAA}\Icon3E5562ED7.ico ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
SearchScopes: HKLM - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1700389
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1700389
SearchScopes: HKCU - DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=HIP&o=102875&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=6F&apn_dtid=YYYYYYYYDE&apn_uid=2c4efcc8-6a06-4267-a62d-7daba39e5acf&apn_sauid=3AA3459A-8D2D-417E-A921-8A9ECBA763AB
SearchScopes: HKCU - {12520993-F63A-465C-92EF-EA73A3ACE58F} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=HIP&o=102875&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=6F&apn_dtid=YYYYYYYYDE&apn_uid=2c4efcc8-6a06-4267-a62d-7daba39e5acf&apn_sauid=3AA3459A-8D2D-417E-A921-8A9ECBA763AB
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1700389
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_05-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 217.68.161.141 217.68.161.171
FireFox:
========
FF ProfilePath: C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.de/
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1700389&q=
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "proxy.htwk-leipzig.de"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "gopher", ""
FF NetworkProxy: "gopher_port", 0
FF NetworkProxy: "http", "proxy.htwk-leipzig.de"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "proxy.htwk-leipzig.de"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "proxy.htwk-leipzig.de"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Nino\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Nino\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Nino\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Nino\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPLV82Win32.dll (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nplv85win32.dll (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Nino\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Nino\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\searchplugins\icqplugin-3.xml
FF SearchPlugin: C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\searchplugins\znout-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: YouTube Unblocker - C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\Extensions\youtubeunblocker@unblocker.yt [2014-04-18]
FF Extension: Free Hide IP - C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\Extensions\support@free-hideip.com.xpi [2012-09-03]
FF Extension: {572ae458-3f7c-4678-aa10-b22b5979d2c1} - C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\Extensions\{572ae458-3f7c-4678-aa10-b22b5979d2c1}.xpi [2013-10-30]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF Extension: Adblock Plus - C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-24]
FF Extension: Unity Web Player Wizard Light - C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\Extensions\{e5a64d20-3633-48ca-823e-6de40a412f20}.xpi [2013-11-05]
FF Extension: ICQ Toolbar - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2014-06-11]
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-01-25]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528624 2009-08-23] (Cisco Systems, Inc.)
R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [506416 2008-01-03] (Egis Incorporated)
R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-01] (Acer Inc.) [File not signed]
R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2007-12-20] (Acer Inc.) [File not signed]
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.) [File not signed]
R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] () [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2011-07-27] (Flexera Software, Inc.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-06-04] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-06-04] (Hewlett-Packard Co.) [File not signed]
R2 ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [222456 2008-06-10] ()
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 LkCitadelServer; C:\Windows\system32\lkcitdl.exe [695136 2007-11-27] (National Instruments, Inc.)
R2 lkClassAds; C:\Windows\system32\lkads.exe [40488 2007-11-27] (National Instruments Corporation)
R2 lkTimeSync; C:\Windows\system32\lktsrv.exe [50736 2007-11-27] (National Instruments Corporation)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-11-27] () [File not signed]
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 NIDomainService; C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe [213552 2007-11-27] (National Instruments Corporation)
S4 NILM License Manager; C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1007616 2007-01-29] (Macrovision Corporation) [File not signed]
R2 niSvcLoc; C:\Windows\system32\nisvcloc.exe [48704 2007-07-19] (National Instruments Corp.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [575488 2008-08-07] (Nokia.) [File not signed]
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [361728 2008-09-19] (TuneUp Software GmbH)
R2 UI Assistant Service; C:\Program Files\Join Air\AssistantServices.exe [241664 2009-08-31] () [File not signed]
R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-20] (acer) [File not signed]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 cvintdrv; C:\Windows\system32\Drivers\cvintdrv.sys [4096 2007-10-23] () [File not signed]
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2009-08-23] (Cisco Systems, Inc.) [File not signed]
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2008-03-27] (NewTech Infosystems, Inc.) [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8064 2008-06-06] (Windows (R) Codename Longhorn DDK provider)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8064 2008-05-07] (Windows (R) Codename Longhorn DDK provider)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 WisINT15; \??\C:\Elements\1stboot\WisINT15.SYS [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-18 19:41 - 2014-06-18 19:46 - 00025365 _____ () C:\Users\Nino\Downloads\FRST.txt
2014-06-18 19:34 - 2014-06-18 19:41 - 00000000 ____D () C:\FRST
2014-06-18 19:27 - 2014-06-18 19:27 - 01072640 _____ (Farbar) C:\Users\Nino\Downloads\FRST.exe
2014-06-12 20:49 - 2014-06-12 20:49 - 00000000 ____D () C:\Users\Nino\AppData\Local\Adobe
2014-06-12 18:12 - 2014-05-06 06:46 - 03630592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 18:12 - 2014-05-06 06:46 - 01177600 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 18:12 - 2014-05-06 06:46 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 18:12 - 2014-05-06 06:46 - 00671744 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-06-12 18:12 - 2014-05-06 06:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 18:12 - 2014-05-06 06:46 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 18:12 - 2014-05-06 06:46 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-12 18:12 - 2014-05-06 06:45 - 06119424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 18:12 - 2014-05-06 06:45 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 18:12 - 2014-05-06 06:45 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 18:12 - 2014-05-06 06:45 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-06-12 18:12 - 2014-05-06 06:45 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 18:12 - 2014-05-06 06:45 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 18:12 - 2014-05-06 06:45 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2014-06-12 18:12 - 2014-05-06 05:16 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-06-12 18:12 - 2014-05-06 05:07 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 18:12 - 2014-04-26 18:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 18:12 - 2014-04-05 04:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 18:12 - 2014-03-10 03:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 18:12 - 2014-03-10 03:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 18:44 - 2014-06-11 18:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-31 10:06 - 2014-05-31 10:06 - 00000000 ____D () C:\Program Files\Common Files\Skype
==================== One Month Modified Files and Folders =======
2014-06-18 19:46 - 2014-06-18 19:41 - 00025365 _____ () C:\Users\Nino\Downloads\FRST.txt
2014-06-18 19:46 - 2008-09-19 18:16 - 00000000 ____D () C:\Users\Nino\AppData\Local\Temp
2014-06-18 19:45 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-18 19:45 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-18 19:43 - 2014-03-23 19:19 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4257226603-2756161322-550577746-1003UA.job
2014-06-18 19:42 - 2011-12-18 20:26 - 00000000 ____D () C:\Users\Nino\AppData\Roaming\Skype
2014-06-18 19:42 - 2008-11-19 10:47 - 00000416 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{CFFA0713-7CE4-4E47-A2F3-3D61073123BF}.job
2014-06-18 19:41 - 2014-06-18 19:34 - 00000000 ____D () C:\FRST
2014-06-18 19:27 - 2014-06-18 19:27 - 01072640 _____ (Farbar) C:\Users\Nino\Downloads\FRST.exe
2014-06-18 19:24 - 2010-01-06 22:56 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-18 19:13 - 2012-04-06 22:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-18 19:00 - 2008-09-19 22:45 - 00000498 _____ () C:\Windows\Tasks\1-Klick-Wartung.job
2014-06-18 18:42 - 2014-03-23 19:19 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4257226603-2756161322-550577746-1003Core.job
2014-06-18 18:06 - 2008-07-26 04:54 - 01113577 _____ () C:\Windows\WindowsUpdate.log
2014-06-18 17:45 - 2010-01-06 22:56 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-18 17:45 - 2009-10-17 18:30 - 21921214 _____ () C:\Windows\PFRO.log
2014-06-18 17:45 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-17 23:02 - 2008-07-26 04:56 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-06-17 23:02 - 2006-11-02 15:01 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-14 14:38 - 2009-03-24 21:20 - 00001022 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-06-13 17:17 - 2009-10-19 10:37 - 00000000 ____D () C:\Users\Nino\Documents\Privat
2014-06-12 20:49 - 2014-06-12 20:49 - 00000000 ____D () C:\Users\Nino\AppData\Local\Adobe
2014-06-12 19:00 - 2012-04-06 22:53 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-12 19:00 - 2011-05-20 21:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-12 18:51 - 2012-04-26 14:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-12 18:31 - 2008-03-27 22:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 18:29 - 2013-08-14 11:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 18:26 - 2006-11-02 12:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-06-12 17:56 - 2014-04-09 17:49 - 00000000 ____D () C:\Users\Nino\Documents\Arbeit
2014-06-12 17:53 - 2006-11-02 12:33 - 01715048 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-11 18:44 - 2014-06-11 18:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-09 13:38 - 2008-09-19 22:46 - 00000000 ____D () C:\Users\Nino\AppData\Roaming\Mozilla
2014-06-09 13:26 - 2011-07-26 21:46 - 00000000 ____D () C:\Users\Nino\AppData\Local\FreePDF_XP
2014-06-09 13:18 - 2008-09-19 23:03 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-09 13:17 - 2014-04-18 20:24 - 00010406 _____ () C:\Users\Nino\Desktop\Meine Schulden.xlsx
2014-06-03 18:01 - 2012-12-18 11:19 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-03 18:01 - 2012-12-18 11:19 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-02 19:01 - 2013-11-26 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-06-02 19:01 - 2011-01-01 17:26 - 00000000 ____D () C:\ProgramData\DivX
2014-06-02 19:00 - 2011-01-01 17:27 - 00000000 ____D () C:\Program Files\DivX
2014-05-31 10:06 - 2014-05-31 10:06 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-31 10:06 - 2014-03-03 08:11 - 00000000 ___RD () C:\Program Files\Skype
2014-05-31 10:06 - 2011-12-18 20:26 - 00000000 ____D () C:\ProgramData\Skype
2014-05-31 10:05 - 2011-02-24 11:39 - 00000680 _____ () C:\Users\Nino\AppData\Local\d3d9caps.dat
Files to move or delete:
====================
C:\Users\Nino\CTX.DAT
Some content of TEMP:
====================
C:\Users\Nino\AppData\Local\Temp\avgnt.exe
C:\Users\Nino\AppData\Local\Temp\RtkBtMnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-18 17:57
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:16-06-2014
Ran by Nino at 2014-06-18 19:46:52
Running from C:\Users\Nino\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 2.8.4354 - Egis Inc.)
Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.4302 - Acer Inc.)
Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4301 - Acer Inc.)
Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.4303 - Acer Inc.)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.4310 - Acer Inc.)
Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.4300 - Acer Inc.)
Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4302 - Acer Inc.)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.4301 - Acer Inc.)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 2.11.20071207 - Acer Inc.)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.12.36 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM\...\{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}) (Version: 9.0.16.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.7.609 - Adobe Systems, Inc.)
AIO_Scan (Version: 90.0.222.000 - Hewlett-Packard) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - )
Amazon MP3-Downloader 1.0.9 (HKLM\...\Amazon MP3-Downloader) (Version: - )
AutoCAD Mechanical 2012 (HKLM\...\AutoCAD Mechanical 2012) (Version: 16.0.49.0 - Autodesk)
AutoCAD Mechanical 2012 (Version: 16.0.49.0 - Autodesk) Hidden
AutoCAD Mechanical 2012 Language Pack - Deutsch (Version: 16.0.49.0 - Autodesk) Hidden
Autodesk Content Service (HKLM\...\{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}) (Version: 2.0.90 - Autodesk)
Autodesk Design Review 2008 (HKLM\...\{FCF3DFF4-CB33-4343-9878-DEEC6D131DF8}) (Version: 4.0.0 - Autodesk, Inc.)
Autodesk Design Review 2010 (HKLM\...\Autodesk Design Review 2010) (Version: 10.0.0.108 - Autodesk, Inc.)
Autodesk Design Review 2010 (Version: 10.0.0.108 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion 2012 (HKLM\...\Autodesk Inventor Fusion 2012) (Version: 1.0.0.79 - Autodesk, Inc.)
Autodesk Inventor Fusion 2012 (Version: 1.0.0.79 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion 2012 Language Pack (Version: 1.0.0.79 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion plug-in for AutoCAD 2012 (HKLM\...\Autodesk Inventor Fusion Plugin for AutoCAD 2012) (Version: 0.0.1.138 - Autodesk)
Autodesk Inventor Fusion Plugin for AutoCAD 2012 (Version: 0.0.1.138 - Autodesk) Hidden
Autodesk Inventor Fusion Plugin Language Pack for AutoCAD 2012 (Version: 0.0.1.138 - Autodesk) Hidden
Autodesk Material Library 2012 (HKLM\...\{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}) (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2012 (HKLM\...\{65420DC9-306E-4371-905F-F4DC3B418E52}) (Version: 2.5.0.8 - Autodesk)
Autodesk Navisworks 2012 2004-6 DWG File Reader Runtimes (HKLM\...\{8C3B5851-5A51-4FF6-A3C8-3422EE2D0109}) (Version: 1.0.0 - Autodesk)
Autodesk Navisworks 2012 32 bit Exporter Plug-ins (HKLM\...\Autodesk Navisworks 2012 32 bit Exporter Plug-ins) (Version: 9.0.69.686 - Autodesk)
Autodesk Navisworks 2012 32 bit Exporter Plug-ins (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks 2012 32 bit Exporter Plug-ins Language Pack (Deutsch) (HKLM\...\{5EDF1B95-251E-0407-8232-38B90D666EE2}) (Version: 9.0.69.324 - Autodesk)
Autodesk Navisworks Freedom 2012 (HKLM\...\Autodesk Navisworks Freedom 2012) (Version: 9.0.69.686 - Autodesk)
Autodesk Navisworks Freedom 2012 (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks Freedom 2012 Language Pack (Deutsch) (HKLM\...\{4C5EBB8E-FE25-0407-ABF9-653822766EF5}) (Version: 9.0.69.324 - Autodesk)
Autodesk Navisworks Manage 2012 - 2004 DWG File Reader (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks Manage 2012 - 2005 DWG File Reader (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks Manage 2012 - 2006 DWG File Reader (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks Manage 2012 - 2007 DWG File Reader (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks Manage 2012 - 2008 DWG File Reader (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks Manage 2012 - 2009 DWG File Reader (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks Manage 2012 - 2010 DWG File Reader (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks Manage 2012 - 2011 DWG File Reader (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks Manage 2012 - 2012 DWG File Reader (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks Manage 2012 (HKLM\...\Autodesk Navisworks Manage 2012) (Version: 9.0.69.686 - Autodesk)
Autodesk Navisworks Manage 2012 (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks Manage 2012 Language Pack (Deutsch) (HKLM\...\{55533772-CCA4-0407-9D08-4BF031E3EE32}) (Version: 9.0.69.324 - Autodesk)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.4.672 - Avira)
Broadcom Gigabit Integrated Controller (HKLM\...\{FC57FC53-104C-415C-98D7-B05E659461A9}) (Version: 10.50.08 - Broadcom Corporation)
Brother MFL-Pro Suite DCP-145C (HKLM\...\{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Business Contact Manager für Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Cisco Systems VPN Client 5.0.06.0110 (HKLM\...\{08B785C1-3893-4154-B53B-F5D341D0AAAA}) (Version: 5.0.6 - Cisco Systems, Inc.)
Classic Menu 3.x for Office 2007 (HKLM\...\{409ECFF1-9CC7-43A8-B28A-B7F0B7CB04D1}_is1) (Version: - Addintools)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (Version: 90.0.146.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destination Component (Version: 090.000.091.086 - Hewlett-Packard) Hidden
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM\...\Dev-C++) (Version: - )
DeviceDiscovery (Version: 90.0.205.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.3.22 - DivX, LLC)
DJ_AIO_ProductContext (Version: 90.0.236.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (Version: 90.0.222.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (Version: 90.0.222.000 - Hewlett-Packard) Hidden
Driver Detective (HKLM\...\{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}) (Version: 7.0.0 - PC Drivers HeadQuarters)
Dropbox (HKCU\...\Dropbox) (Version: 1.2.51 - Dropbox, Inc.)
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version: - )
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
F4100 (Version: 90.0.222.000 - Hewlett-Packard) Hidden
F4100_doccd (Version: 90.0.222.000 - Hewlett-Packard) Hidden
F4100_Help (Version: 90.0.222.000 - Hewlett-Packard) Hidden
FARO LS 1.1.406.58 (HKLM\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
Free YouTube to MP3 Converter version 3.11.35.1031 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.35.1031 - DVDVideoSoft Ltd.)
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version: - )
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version: - )
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version: - )
HI-TECH C51-lite V9.60PL0 (HKLM\...\HC51 9.60PL0) (Version: 9.60 - HI-TECH Software)
HI-TECH PICC lite V9.60PL0 (HKLM\...\PICC 9.60PL0) (Version: 9.60 - HI-TECH Software)
HP Customer Participation Program 9.0 (HKLM\...\HPExtendedCapabilities) (Version: 9.0 - HP)
HP Deskjet All-In-One Software 9.0 (HKLM\...\{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}) (Version: 9.0 - HP)
HP Imaging Device Functions 9.0 (HKLM\...\HP Imaging Device Functions) (Version: 9.0 - HP)
HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
HP Photosmart Essential2.01 (Version: 1.01.0000 - Hewlett-Packard) Hidden
HP Smart Web Printing (HKLM\...\{415CDA53-9100-476F-A7B2-476691E117C7}) (Version: 2.15.7.0 - Ihr Firmenname)
HP Solution Center 9.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 9.0 - HP)
HP Update (HKLM\...\{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}) (Version: 4.000.006.003 - Hewlett-Packard)
HPProductAssistant (Version: 90.0.146.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Ihr Firmenname)
ICQ Toolbar (HKLM\...\ICQToolbar) (Version: 3.0.0 - ICQ)
ICQ7.4 (HKLM\...\{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}) (Version: 7.4 - ICQ)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
ITI SimulationX 3.4 (HKLM\...\ITI SimulationX 3.4) (Version: 3.4.404.55 - ITI GmbH)
ITI SimulationX 3.4 (Version: 3.4.404.55 - ITI GmbH) Hidden
Japanese Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-5760-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
Java 2 Runtime Environment, SE v1.4.2_05 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142050}) (Version: 1.4.2_05 - Sun Microsystems, Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Join Air (HKLM\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.1 - ZTE Corporation)
Launch Manager (HKLM\...\LManager) (Version: - )
LightScribe 1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
MarketResearch (Version: 90.0.146.000 - Hewlett-Packard) Hidden
McAfee Security Scan (HKLM\...\McAfee Security Scan) (Version: - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Age of Empires II (HKLM\...\Age of Empires 2.0) (Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{FDE96E86-7780-431C-92F7-679C6A7CEC51}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0407-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Microsoft WSE 3.0 (HKLM\...\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}) (Version: 3.0.5305.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
National Instruments-Software (HKLM\...\NI Uninstaller) (Version: - National Instruments)
NI Circuit Design Suite 10.1 Core (Version: 10.1.197 - National Instruments) Hidden
NI Circuit Design Suite 10.1 Edu Licenses (Version: 10.1.197 - National Instruments) Hidden
NI Circuit Design Suite 10.1 Education (Version: 10.1.197 - National Instruments) Hidden
NI DN 2.0 installer (Version: 2.00.49154 - National Instruments) Hidden
NI EULA Depot (Version: 2.51.88 - National Instruments) Hidden
NI Help Assistant (Version: 1.0.10 - National Instruments) Hidden
NI LabVIEW Real-Time FIFO for Runtime (Version: 8.2.74.0 - National Instruments) Hidden
NI LabVIEW Real-Time FIFO for Runtime (Version: 8.5.264.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 8.2.1 (Version: 8.2.379.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 8.5.1 (Version: 8.5.306.0 - National Instruments) Hidden
NI LabWindows/CVI 8.1.1 Run-Time Engine (Version: 8.1.1361 - National Instruments) Hidden
NI License Manager (Version: 3.2.1026 - National Instruments) Hidden
NI Logos 4.9.1 (Version: 4.9.105.0 - National Instruments) Hidden
NI Logos XT Support (Version: 4.9.44.0 - National Instruments) Hidden
NI Math Kernel Libraries (Version: 1.0.861.0 - National Instruments) Hidden
NI MDF Support (Version: 2.51.88 - National Instruments) Hidden
NI MetaSuite Installer (Version: 2.51.93 - National Instruments) Hidden
NI Service Locator (Version: 8.5.160.0 - National Instruments) Hidden
NI TDMS (Version: 1.1.286.0 - National Instruments) Hidden
NI Uninstaller (Version: 2.51.88 - National Instruments) Hidden
NI Update Service 1.0 (Version: 1.0.254.0 - National Instruments) Hidden
NI Update Service Extras 1.0 (Version: 1.0.257.0 - National Instruments) Hidden
NI USI 1.5.0 (Version: 1.5.03128 - National Instruments) Hidden
NI VC2005MSMs x86 (Version: 8.01.2 - National Instruments) Hidden
Nokia Connectivity Cable Driver (HKLM\...\{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}) (Version: 7.0.2.0 - Nokia)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.0.8.2 - Nokia)
Nokia PC Suite (Version: 7.0.8.2 - Nokia) Hidden
NTI Backup NOW! 4.7 (HKLM\...\InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}) (Version: 1.00.0000 - NewTech Infosystems)
NTI Backup NOW! 4.7 (Version: 1.00.0000 - NewTech Infosystems) Hidden
NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden
NTI Shadow (HKLM\...\InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}) (Version: 3.7.6.37 - NewTech Infosystems)
NTI Shadow (Version: 3.7.6.37 - NewTech Infosystems) Hidden
OpenOffice.org 3.1 (HKLM\...\{D765F1CE-5AE5-4C47-B134-AE58AC474740}) (Version: 3.1.9399 - OpenOffice.org)
PaperPort Image Printer (HKLM\...\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PC Connectivity Solution (HKLM\...\{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}) (Version: 8.22.4.0 - Nokia)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.32.3730a.0 - CyberLink Corporation)
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5543 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Scan (Version: 9.0.0.0 - Hewlett-Packard) Hidden
ScanSoft PaperPort 11 (HKLM\...\{7A8FF745-BBC5-482B-88E4-18D3178249A9}) (Version: 11.1.0000 - Nuance Communications, Inc.)
SCwin_April201004-03 (Version: 2000.11.28 - SOLAR-COMPUTER GmbH) Hidden
SecureW2 EAP Suite 1.1.3 for Windows (HKLM\...\SecureW2 EAP Suite) (Version: - )
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SOLAR-COMPUTER-Software (HKLM\...\SOLAR-COMPUTER-Software) (Version: - )
SolutionCenter (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.0 - Safer Networking Limited)
Status (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.15.0 - Synaptics)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}) (Version: 2.00.0002 - Texas Instruments Inc.)
TIPCI (Version: 2.00.0002 - Texas Instruments Inc.) Hidden
Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
TrayApp (Version: 90.0.146.000 - Hewlett-Packard) Hidden
TuneUp Utilities 2008 (HKLM\...\{5888428E-699C-4E71-BF71-94EE06B497DA}) (Version: 7.0.7991 - TuneUp Software)
UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B7EF38F7-1D58-4085-A9A4-0F6C69A5AA1E}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VBA (2701.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
VLC media player 0.9.9 (HKLM\...\VLC media player) (Version: 0.9.9 - VideoLAN Team)
WebReg (Version: 90.0.146.000 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software 6.1.0.2000 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.1.0.2000 - Broadcom Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Nokia Modem (05/22/2008 3.8) (HKLM\...\C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD) (Version: 05/22/2008 3.8 - Nokia)
Windows-Treiberpaket - Nokia Modem (05/22/2008 7.00.0.1) (HKLM\...\9CD348AE9C64C4B939B624E8E24F3903EFDFC82B) (Version: 05/22/2008 7.00.0.1 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) (HKLM\...\3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F) (Version: 10/12/2007 6.85.4.0 - Nokia)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Wolfram Mathematica 7 (M-WIN-L 7.0.0 1148351) (HKLM\...\M-WIN-L 7.0.0 1148351_is1) (Version: 7.0.0 - Wolfram Research, Inc.)
Wolfram Notebook Indexer 2.0 (HKLM\...\{C260343B-6282-42A2-939F-1FF7E503F608}) (Version: 2.17.34091 - Wolfram Research)
==================== Restore Points =========================
30-05-2014 11:43:32 Windows Update
31-05-2014 12:33:02 Geplanter Prüfpunkt
01-06-2014 18:45:08 Geplanter Prüfpunkt
03-06-2014 16:10:02 Windows Update
05-06-2014 19:23:05 Geplanter Prüfpunkt
09-06-2014 11:41:56 Windows Update
11-06-2014 19:30:14 Geplanter Prüfpunkt
12-06-2014 16:22:02 Windows Update
13-06-2014 18:00:58 Geplanter Prüfpunkt
14-06-2014 11:49:43 Geplanter Prüfpunkt
16-06-2014 16:26:25 Geplanter Prüfpunkt
17-06-2014 16:43:29 Windows Update
==================== Hosts content: ==========================
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1F2C8526-DD5D-4840-96D9-2CA30A29F2F6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4257226603-2756161322-550577746-1003UA => C:\Users\Nino\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-18] (Google Inc.)
Task: {2F42B42E-8675-4E00-BF7B-65412847518D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-12] (Adobe Systems Incorporated)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3DD0E0B1-A409-4E7E-B238-7157DBEB32E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-06] (Google Inc.)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {4AB13B90-3AA7-406C-8474-F9E19733295D} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {561C5E75-6A15-4E5D-832D-AB8474C9DB6F} - System32\Tasks\{3E3E5669-F14D-4C70-A717-4878AFE47DB1} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.0.158/de/eula
Task: {796764E4-B0B6-42FD-8917-1C8B1A65C2F4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-06] (Google Inc.)
Task: {93D14E32-3894-4ECD-AA08-7934BAF63A64} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4257226603-2756161322-550577746-1003Core => C:\Users\Nino\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-18] (Google Inc.)
Task: {AB3F5269-22D2-474B-A197-4E0374595526} - System32\Tasks\1-Klick-Wartung => C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-08-21] (TuneUp Software GmbH)
Task: {C5C7D163-BF3C-4347-A4CB-19BF49F48DC6} - System32\Tasks\{FC7763AD-81ED-4BAC-BFF7-CFAC70F59F5C} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.0.158/de/privacy
Task: {DDA6A420-C6FA-44FC-8158-53864B73581E} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-23] (Google)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\1-Klick-Wartung.job => C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4257226603-2756161322-550577746-1003Core.job => C:\Users\Nino\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4257226603-2756161322-550577746-1003UA.job => C:\Users\Nino\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{CFFA0713-7CE4-4E47-A2F3-3D61073123BF}.job => C:\Windows\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) =============
2011-07-26 21:42 - 2010-06-17 21:56 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2008-01-03 02:00 - 2008-01-03 02:00 - 00227888 _____ () C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
2011-02-02 14:08 - 2011-02-02 14:08 - 00018656 _____ () C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
2009-08-23 21:41 - 2009-08-23 21:41 - 00197424 _____ () C:\Windows\system32\vpnapi.dll
2008-11-20 22:39 - 2008-06-10 20:26 - 00222456 _____ () C:\Program Files\ICQ6Toolbar\ICQ Service.exe
2008-07-26 05:11 - 2007-11-27 18:54 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2008-07-26 05:11 - 2007-11-27 15:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2010-03-28 08:51 - 2009-08-31 10:43 - 00241664 _____ () C:\Program Files\Join Air\AssistantServices.exe
2008-07-26 05:09 - 2007-02-13 06:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
2008-07-26 05:09 - 2007-02-13 06:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\IERYETF.dll
2008-07-26 05:10 - 2007-12-19 18:09 - 00024576 _____ () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
2008-07-26 05:10 - 2007-12-19 18:09 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll
2008-07-26 05:10 - 2007-12-19 18:08 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll
2008-07-26 13:49 - 2003-06-07 23:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2010-03-28 08:51 - 2009-08-31 10:43 - 00132608 _____ () C:\Program Files\Join Air\UIExec.exe
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2014-06-11 18:44 - 2014-06-11 18:44 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:D282699C
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
Name: Microsoft-6zu4-Adapter #2
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Microsoft-ISATAP-Adapter #3
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Microsoft-ISATAP-Adapter
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Microsoft-ISATAP-Adapter #4
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Microsoft-ISATAP-Adapter #5
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Microsoft-ISATAP-Adapter #6
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/18/2014 05:45:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/17/2014 06:30:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/16/2014 05:22:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/15/2014 07:43:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/15/2014 03:59:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/14/2014 00:09:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/13/2014 05:00:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/12/2014 07:07:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung eDSLoader.exe, Version 3.0.329.0, Zeitstempel 0x477bce87, fehlerhaftes Modul ShowErrMsg.dll, Version 3.0.1.1044, Zeitstempel 0x477bcdaa, Ausnahmecode 0x40000015, Fehleroffset 0x0000c705,
Prozess-ID 0x610, Anwendungsstartzeit eDSLoader.exe0.
Error: (06/12/2014 07:07:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/12/2014 06:57:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (06/18/2014 05:45:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/18/2014 05:45:33 PM) (Source: Microsoft-Windows-ResourcePublication) (EventID: 1002) (User: NT-AUTORITÄT)
Description: Provider\Microsoft.Base.Publication/Publication/Computer
Error: (06/17/2014 06:30:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/16/2014 05:22:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/15/2014 07:43:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/15/2014 07:43:25 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Die IP-Adresslease 192.168.1.3 für die Netzwerkkarte mit der Netzwerkadresse 001F3C677909 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).
Error: (06/15/2014 03:59:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/14/2014 00:09:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/14/2014 00:09:26 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Die IP-Adresslease 192.168.0.10 für die Netzwerkkarte mit der Netzwerkadresse 001F3C677909 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).
Error: (06/13/2014 05:00:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Microsoft Office Sessions:
=========================
Error: (02/15/2011 00:30:47 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 74 seconds with 60 seconds of active time. This session ended with a crash.
Error: (01/11/2010 10:29:03 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 21 seconds with 0 seconds of active time. This session ended with a crash.
Error: (01/10/2010 02:04:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6324.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash.
Error: (01/10/2010 01:58:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6324.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.
Error: (01/10/2010 01:58:24 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6324.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.
Error: (01/10/2010 01:58:10 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6324.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.
Error: (11/12/2008 09:16:54 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 8 seconds with 0 seconds of active time. This session ended with a crash.
Error: (10/16/2008 00:29:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 480 seconds with 180 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 69%
Total physical RAM: 3061.68 MB
Available physical RAM: 931.09 MB
Total Pagefile: 6338.38 MB
Available Pagefile: 4011.42 MB
Total Virtual: 2047.88 MB
Available Virtual: 1896.81 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:223.12 GB) (Free:41.21 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:3.01 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 9AA4CFAF)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=223 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Gruß Nino |
|
19.06.2014, 10:26
| #2 |
| /// TB-Ausbilder   | PC hat eigenmächtig Internetseite h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad geöffnet Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind. Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen. Scan mit Combofix
|
|
19.06.2014, 11:26
| #3 |
| | PC hat eigenmächtig Internetseite h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad geöffnet Hallo Matthias,
__________________danke für die Antwort. Ich habe erst am späten Nachmittag/frühen Abend die Möglichkeit diesen Scan durchzuführen. Habe auf meinem PC noch eine Uralt-Version von Spybot installiert, soll die vorher entfernt werden oder reicht ein deaktivieren? Grüße |
|
19.06.2014, 11:43
| #4 |
| /// TB-Ausbilder | PC hat eigenmächtig Internetseite h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad geöffnet Servus, bitte deinstallieren vorher.  |
|
19.06.2014, 11:51
| #5 |
| | PC hat eigenmächtig Internetseite h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad geöffnet Ok, wird gemacht. Dann bis später. |
|
19.06.2014, 11:57
| #6 |
| /// TB-Ausbilder | PC hat eigenmächtig Internetseite h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad geöffnet Bis später. |
|
19.06.2014, 16:52
| #7 |
| | PC hat eigenmächtig Internetseite h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad geöffnet Servus Matthias, ich habe Combofix scannen lassen. Jetzt habe ich wieder eine Verknüpfung des IE auf meinem Desktop und in meiner Schnellstartleiste ist fast alles weg. Ist das normal danach? Hier die Logdatei: Code:
ATTFilter ComboFix 14-06-19.01 - Nino 19.06.2014 17:24:52.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3062.1824 [GMT 2:00]
ausgeführt von:: c:\users\Nino\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SecureW2
c:\program files\SecureW2\Uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk
c:\users\Nino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\windows\system32\CddbCdda.dll
c:\windows\system32\logs
c:\windows\system32\logs\Setup.log
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-05-19 bis 2014-06-19 ))))))))))))))))))))))))))))))
.
.
2014-06-19 15:37 . 2014-06-19 15:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-18 17:34 . 2014-06-18 17:52 -------- d-----w- C:\FRST
2014-06-18 16:09 . 2014-06-18 16:09 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C02EF3E1-7FCE-4B5D-9458-5D4DF624414E}\offreg.dll
2014-06-17 16:46 . 2014-04-30 23:37 8073384 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C02EF3E1-7FCE-4B5D-9458-5D4DF624414E}\mpengine.dll
2014-06-12 18:49 . 2014-06-12 18:49 -------- d-----w- c:\users\Nino\AppData\Local\Adobe
2014-05-31 08:06 . 2014-05-31 08:06 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-12 17:00 . 2012-04-06 20:53 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-12 17:00 . 2011-05-20 19:40 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-03 16:01 . 2012-12-18 09:19 93528 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-06-03 16:01 . 2012-12-18 09:19 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-05-06 04:45 . 2014-06-12 16:12 53760 ----a-w- c:\windows\apppatch\iebrshim.dll
2014-04-16 03:02 . 2014-04-16 03:02 354656 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2014-04-14 18:13 . 2014-04-22 20:42 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-03-31 20:46 . 2014-03-31 20:46 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2014-03-31 20:46 . 2014-03-31 20:46 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-03-31 07:35 . 2009-10-19 06:41 231584 ------w- c:\windows\system32\MpSigStub.exe
2007-02-08 09:48 . 2007-02-08 09:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2007-07-24 17:03 . 2007-07-24 17:03 118784 ----a-w- c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Nino\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Nino\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Nino\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-05-08 21444224]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 4853760]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-01-02 521776]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-07 858632]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"NI Background Service"="c:\program files\National Instruments\Shared\Update Service\BackgroundService.exe" [2008-04-03 77824]
"UIExec"="c:\program files\Join Air\UIExec.exe" [2009-08-31 132608]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-06-03 737872]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2014-04-03 450560]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{08B785C1-3893-4154-B53B-F5D341D0AAAA}\Icon3E5562ED7.ico -user_logon [2013-6-18 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-19 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-09-19 16:47]
.
2014-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 17:00]
.
2014-06-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-08 14:07]
.
2014-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 20:56]
.
2014-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 20:56]
.
2014-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4257226603-2756161322-550577746-1003Core.job
- c:\users\Nino\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-23 11:05]
.
2014-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4257226603-2756161322-550577746-1003UA.job
- c:\users\Nino\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-23 11:05]
.
2014-06-18 c:\windows\Tasks\User_Feed_Synchronization-{CFFA0713-7CE4-4E47-A2F3-3D61073123BF}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://de.intl.acer.yahoo.com
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\users\Nino\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 217.68.161.141 217.68.161.171
FF - ProfilePath - c:\users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1700389&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1700389&q=
FF - prefs.js: network.proxy.ftp - proxy.htwk-leipzig.de
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.http - proxy.htwk-leipzig.de
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - proxy.htwk-leipzig.de
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - proxy.htwk-leipzig.de
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-SecureW2 EAP Suite - c:\program files\SecureW2\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-06-19 17:37
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2014-06-19 17:41:29
ComboFix-quarantined-files.txt 2014-06-19 15:41
.
Vor Suchlauf: 14 Verzeichnis(se), 46.454.624.256 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 46.041.980.928 Bytes frei
.
- - End Of File - - 13DFFF6F74FFCD1EDB6075BDBD308FA4
6FC6F9186C07BCA94E140F63BFE6E9B4
|
|
19.06.2014, 18:09
| #8 | |
| /// TB-Ausbilder | PC hat eigenmächtig Internetseite h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad geöffnetZitat:
Meinst du, du schaffst es, die Tools vom Downloadordner auf den Desktop zu verschieben? Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann. Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
19.06.2014, 20:01
| #9 |
| | PC hat eigenmächtig Internetseite h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad geöffnet So habe alle Scans durchlaufen lassen. AdwCleaner: Code:
ATTFilter # AdwCleaner v3.212 - Bericht erstellt am 19/06/2014 um 19:28:42
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Nino - NINO-PC
# Gestartet von : C:\Users\Nino\Downloads\adwcleaner_3.212.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : ICQ Service
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files\Optimizer Pro
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Nino\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Nino\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Nino\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\Conduit
Ordner Gelöscht : C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\ConduitEngine
Ordner Gelöscht : C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\ICQToolbarData
Ordner Gelöscht : C:\Program Files\Mozilla Firefox\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\searchplugins\icqplugin-3.xml
Datei Gelöscht : C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDA6A420-C6FA-44FC-8158-53864B73581E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT1700389
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\PIP
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
***** [ Browser ] *****
-\\ Internet Explorer v7.0.6002.18005
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
-\\ Mozilla Firefox v30.0 (de)
[ Datei : C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\prefs.js ]
Zeile gelöscht : user_pref("CT1700389.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Zeile gelöscht : user_pref("CT1700389.CTID", "CT1700389");
Zeile gelöscht : user_pref("CT1700389.CommunitiesChangesLastCheckTime", "Thu Jun 03 2010 09:57:56 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.CommunityChanged", true);
Zeile gelöscht : user_pref("CT1700389.CurrentServerDate", "3-6-2010");
Zeile gelöscht : user_pref("CT1700389.DialogsAlignMode", "LTR");
Zeile gelöscht : user_pref("CT1700389.DownloadDomainsCheckInterval", "168");
Zeile gelöscht : user_pref("CT1700389.DownloadDomainsListLastCheckTime", "Thu Jun 03 2010 09:57:57 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.DownloadDomainsListLastServerUpdateTime", "1201073583");
Zeile gelöscht : user_pref("CT1700389.DownloadReferralCookieData", "");
Zeile gelöscht : user_pref("CT1700389.EMailNotifierPollDate", "Thu Jun 03 2010 09:57:59 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.FeedLastCount128491938150862572", 288);
Zeile gelöscht : user_pref("CT1700389.FeedLastCount128575629586249728", 17);
Zeile gelöscht : user_pref("CT1700389.FeedPollDate128575629586249728", "Thu Jun 03 2010 09:57:58 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.FeedPollDate128763355875137803", "Thu Jun 03 2010 09:57:58 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.FeedPollDate128763356097638018", "Thu Jun 03 2010 11:57:58 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.FeedPollDate128763356222169378", "Thu Jun 03 2010 11:57:58 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.FeedPollDate128763356772169656", "Thu Jun 03 2010 11:57:58 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.FeedPollDate128763356922168881", "Thu Jun 03 2010 11:57:58 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.FeedPollDate128763357141387910", "Thu Jun 03 2010 11:57:58 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.FeedPollDate128763358174356670", "Thu Jun 03 2010 09:57:59 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.FeedPollDate128763358378888162", "Thu Jun 03 2010 09:57:59 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.FeedPollDate128763358813731428", "Thu Jun 03 2010 09:57:59 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.FeedPollDate128763359039981926", "Thu Jun 03 2010 09:57:59 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.FeedPollDate128763359203575264", "Thu Jun 03 2010 09:57:59 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.FeedPollDate128763359372794293", "Thu Jun 03 2010 09:57:59 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.FeedPollDate128763359763731872", "Thu Jun 03 2010 11:57:59 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.FeedPollDate128763360041543951", "Thu Jun 03 2010 11:57:59 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.FeedPollDate128763360326700728", "Thu Jun 03 2010 09:57:59 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.FeedPollDate129091015757496686", "Thu Jun 03 2010 09:57:59 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.FeedTTL128763356097638018", 5);
Zeile gelöscht : user_pref("CT1700389.FeedTTL128763356222169378", 10);
Zeile gelöscht : user_pref("CT1700389.FeedTTL128763356772169656", 10);
Zeile gelöscht : user_pref("CT1700389.FeedTTL128763357141387910", 5);
Zeile gelöscht : user_pref("CT1700389.FeedTTL128763359763731872", 5);
Zeile gelöscht : user_pref("CT1700389.FeedTTL128763360326700728", 60);
Zeile gelöscht : user_pref("CT1700389.FirstServerDate", "3-6-2010");
Zeile gelöscht : user_pref("CT1700389.FirstTime", true);
Zeile gelöscht : user_pref("CT1700389.FirstTimeFF3", true);
Zeile gelöscht : user_pref("CT1700389.FirstTimeSettingsDone", true);
Zeile gelöscht : user_pref("CT1700389.FixPageNotFoundErrors", true);
Zeile gelöscht : user_pref("CT1700389.GroupingLastCheckTime", "Thu Jun 03 2010 09:57:57 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.GroupingLastErrorCode", "");
Zeile gelöscht : user_pref("CT1700389.GroupingLastResponse", true);
Zeile gelöscht : user_pref("CT1700389.GroupingLastServerUpdateTime", "129192867627230000");
Zeile gelöscht : user_pref("CT1700389.GroupingServerCheckInterval", 1440);
Zeile gelöscht : user_pref("CT1700389.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Zeile gelöscht : user_pref("CT1700389.Initialize", true);
Zeile gelöscht : user_pref("CT1700389.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("CT1700389.InstallationAndCookieDataSentCount", 1);
Zeile gelöscht : user_pref("CT1700389.InstallationType", "UnknownIntegration");
Zeile gelöscht : user_pref("CT1700389.InstalledDate", "Thu Jun 03 2010 09:57:56 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.InvalidateCache", false);
Zeile gelöscht : user_pref("CT1700389.IsGrouping", true);
Zeile gelöscht : user_pref("CT1700389.IsMulticommunity", true);
Zeile gelöscht : user_pref("CT1700389.IsOpenThankYouPage", true);
Zeile gelöscht : user_pref("CT1700389.IsOpenUninstallPage", true);
Zeile gelöscht : user_pref("CT1700389.LanguagePackLastCheckTime", "Thu Jun 03 2010 09:57:58 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.LanguagePackReloadIntervalMM", 1440);
Zeile gelöscht : user_pref("CT1700389.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Zeile gelöscht : user_pref("CT1700389.LastLogin_2.6.0.15", "Thu Jun 03 2010 09:57:58 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.LatestVersion", "2.1.0.18");
Zeile gelöscht : user_pref("CT1700389.Locale", "en-us");
Zeile gelöscht : user_pref("CT1700389.LoginCache", 4);
Zeile gelöscht : user_pref("CT1700389.MCDetectTooltipHeight", "83");
Zeile gelöscht : user_pref("CT1700389.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gelöscht : user_pref("CT1700389.MCDetectTooltipWidth", "295");
Zeile gelöscht : user_pref("CT1700389.RadioIsPodcast", false);
Zeile gelöscht : user_pref("CT1700389.RadioLastCheckTime", "Thu Jun 03 2010 09:57:59 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.RadioLastUpdateIPServer", "3");
Zeile gelöscht : user_pref("CT1700389.RadioLastUpdateServer", "128929877726170000");
Zeile gelöscht : user_pref("CT1700389.RadioMediaID", "9816740");
Zeile gelöscht : user_pref("CT1700389.RadioMediaType", "Media Player");
Zeile gelöscht : user_pref("CT1700389.RadioMenuSelectedID", "EBRadioMenu_CT17003899816740");
Zeile gelöscht : user_pref("CT1700389.RadioStationName", "KABC%20");
Zeile gelöscht : user_pref("CT1700389.RadioStationURL", "hxxp://citadelcc-kabc-am.wm.llnwd.net/citadelcc_KABC_AM");
Zeile gelöscht : user_pref("CT1700389.SHRINK_TOOLBAR", 1);
Zeile gelöscht : user_pref("CT1700389.SavedHomepage", "hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official");
Zeile gelöscht : user_pref("CT1700389.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT1700389&octid=EB_ORIGINAL_CTID&SearchSource=1");
Zeile gelöscht : user_pref("CT1700389.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("CT1700389.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1700389&q=");
Zeile gelöscht : user_pref("CT1700389.SearchInNewTabEnabled", true);
Zeile gelöscht : user_pref("CT1700389.SearchInNewTabIntervalMM", 1440);
Zeile gelöscht : user_pref("CT1700389.SearchInNewTabLastCheckTime", "Thu Jun 03 2010 09:57:59 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT1700389.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT1700389.SettingsCheckIntervalMin", 120);
Zeile gelöscht : user_pref("CT1700389.SettingsLastCheckTime", "Thu Jun 03 2010 09:57:56 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.SettingsLastUpdate", "1274805962");
Zeile gelöscht : user_pref("CT1700389.ThirdPartyComponentsInterval", 504);
Zeile gelöscht : user_pref("CT1700389.ThirdPartyComponentsLastCheck", "Thu Jun 03 2010 09:57:55 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.ThirdPartyComponentsLastUpdate", "1274805962");
Zeile gelöscht : user_pref("CT1700389.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Zeile gelöscht : user_pref("CT1700389.UserID", "UN41173380636108914");
Zeile gelöscht : user_pref("CT1700389.WeatherNetwork", "");
Zeile gelöscht : user_pref("CT1700389.WeatherPollDate", "Thu Jun 03 2010 09:58:00 GMT+0200");
Zeile gelöscht : user_pref("CT1700389.WeatherUnit", "C");
Zeile gelöscht : user_pref("CT1700389.clientLogIsEnabled", true);
Zeile gelöscht : user_pref("CT1700389.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Zeile gelöscht : user_pref("CT1700389.myStuffEnabled", true);
Zeile gelöscht : user_pref("CT1700389.myStuffPublihserMinWidth", 400);
Zeile gelöscht : user_pref("CT1700389.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Zeile gelöscht : user_pref("CT1700389.myStuffServiceIntervalMM", 1440);
Zeile gelöscht : user_pref("CT1700389.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Zeile gelöscht : user_pref("CT1700389.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"803651ba7facb1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"807dc126dd28cc1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Zeile gelöscht : user_pref("CommunityToolbar.IsEngineShown", true);
Zeile gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Zeile gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT1700389,ConduitEngine");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT1700389");
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon May 09 2011 08:43:32 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Jun 23 2011 23:22:50 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jun 25 2011 19:32:58 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Zeile gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Zeile gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Zeile gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Zeile gelöscht : user_pref("CommunityToolbar.alert.userId", "de0aab94-299f-4dc0-b996-737f3132cf39");
Zeile gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Jun 03 2010 09:57:59 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1700389");
Zeile gelöscht : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Wed Jun 22 2011 23:10:13 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.CTID", "ConduitEngine");
Zeile gelöscht : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Jun 25 2011 19:33:00 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.FirstServerDate", "05/09/2011 09");
Zeile gelöscht : user_pref("ConduitEngine.FirstTime", true);
Zeile gelöscht : user_pref("ConduitEngine.FirstTimeFF3", true);
Zeile gelöscht : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Zeile gelöscht : user_pref("ConduitEngine.Initialize", true);
Zeile gelöscht : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("ConduitEngine.InstalledDate", "Mon May 09 2011 08:43:31 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.IsMulticommunity", false);
Zeile gelöscht : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Zeile gelöscht : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Zeile gelöscht : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Jun 25 2011 19:33:00 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sat Jun 25 2011 19:33:00 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Jun 25 2011 19:33:00 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.UserID", "UN09282711445668368");
Zeile gelöscht : user_pref("ConduitEngine.componentAlertEnabled", false);
Zeile gelöscht : user_pref("ConduitEngine.engineLocale", "de");
Zeile gelöscht : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Jun 25 2011 19:33:00 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Jun 25 2011 19:33:00 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.initDone", true);
Zeile gelöscht : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Zeile gelöscht : user_pref("ConduitEngine.usagesFlag", 2);
Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "IsoBuster Web Search");
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1700389&SearchSource=3&q={searchTerms}");
Zeile gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Zeile gelöscht : user_pref("icqtoolbar.engineVerified", true);
Zeile gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
Zeile gelöscht : user_pref("icqtoolbar.history", "youtube||osram||ntv.de||htwk-leipzig||toyota||uci||Opel-Werk%20Saragossa||wikipedia||lotto||kfw-studienkredit||saab%209-3%20turbo%20X||saab||MDV||matrikel%2007%20bernb[...]
Zeile gelöscht : user_pref("icqtoolbar.installsource", "1");
Zeile gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Zeile gelöscht : user_pref("icqtoolbar.previousFFVersion", "3.0.6");
Zeile gelöscht : user_pref("icqtoolbar.suggestions", false);
Zeile gelöscht : user_pref("icqtoolbar.uniqueID", "122719304512271930451227213618116");
Zeile gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1236600423);
Zeile gelöscht : user_pref("icqtoolbar.version", "1.1.2");
Zeile gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Zeile gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1700389&q=");
*************************
AdwCleaner[R0].txt - [22376 octets] - [19/06/2014 19:26:00]
AdwCleaner[S0].txt - [22243 octets] - [19/06/2014 19:28:42]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [22304 octets] ##########
Code:
ATTFilter <?xml version="1.0" encoding="UTF-8" ?>
<logs>
<record severity="debug" LoggingEventType="2" datetime="2014-06-19T19:45:35.161254+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINO-PC" last_modified_tag="66e5ef94-5b26-46b8-838f-d1c1d5165b91" result="Starting" subtype="Malware Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-06-19T19:45:35.176254+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINO-PC" last_modified_tag="a18efb59-5f3d-4307-9df4-46f2e10573c4" result="Started" subtype="Malware Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-06-19T19:45:35.207254+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINO-PC" last_modified_tag="38a3c77c-c582-46e0-88f6-58a675e1cb66" result="Starting" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="1" datetime="2014-06-19T19:45:41.289254+02:00" source="Manual" type="Update" username="SYSTEM" systemname="NINO-PC" fromVersion="2014.2.20.1" last_modified_tag="7a41d8a3-df13-4d2d-9e55-0f2990d95bcb" name="Rootkit Database" toVersion="2014.6.2.1"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-06-19T19:46:09.449254+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINO-PC" last_modified_tag="76348795-915b-4c7b-9e6c-739146bff0f7" result="Started" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="1" datetime="2014-06-19T19:46:12.713254+02:00" source="Manual" type="Update" username="SYSTEM" systemname="NINO-PC" fromVersion="2014.3.4.9" last_modified_tag="cb12a0be-31eb-44bd-ae1b-a99785fb1e0f" name="Malware Database" toVersion="2014.6.19.8"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-06-19T19:46:17.736254+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINO-PC" last_modified_tag="c398c7fa-b9a4-4979-9523-be35561813fe" result="Starting" subtype="Refresh"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-06-19T19:46:17.741254+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINO-PC" last_modified_tag="5f9c1bba-f9d4-41aa-a9a9-f98153867316" result="Stopping" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-06-19T19:46:17.773254+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINO-PC" last_modified_tag="c1ab68af-756c-493a-8c91-e45ca8f6f1d8" result="Stopped" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-06-19T19:46:22.391254+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINO-PC" last_modified_tag="abceba87-433a-4fcb-8647-b7764565f6f2" result="Success" subtype="Refresh"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-06-19T19:46:22.410254+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINO-PC" last_modified_tag="84d845e1-e79e-4ef7-9e32-f7b04f10ae98" result="Starting" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-06-19T19:46:22.788254+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINO-PC" last_modified_tag="dac9f125-93ac-4d28-8250-e9112c2e91cd" result="Started" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-06-19T20:39:36.524250+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINO-PC" last_modified_tag="81cdb3cb-2b32-40d8-be3c-1a62ed95c5ea" result="Starting" subtype="Malware Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-06-19T20:39:36.754250+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINO-PC" last_modified_tag="6f8930a4-c1cb-4c54-9e54-71ba20cba5e8" result="Started" subtype="Malware Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-06-19T20:39:36.774250+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINO-PC" last_modified_tag="2f31461e-12b2-40f0-8108-108ba03c0ad1" result="Starting" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-06-19T20:42:36.574250+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINO-PC" last_modified_tag="0e225486-3396-45a5-b5cd-74fb4de7448a" result="Started" subtype="Malicious Website Protection"></record>
</logs>
Code:
ATTFilter Zoek.exe v5.0.0.0 Updated 16-June-2014
Tool run by Nino on 19.06.2014 at 20:03:22,64.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Nino\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
19.06.2014 20:08:54 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-4257226603-2756161322-550577746-1003\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.de/");
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Ask.com");
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default
user.js not found
---- Lines ask.com modified from prefs.js ----
user_pref("extensions.enabledItems", "{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.4.13,{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,{CAFEEFAC-0016-0000-0
---- FireFox user.js and prefs.js backups ----
prefs__2021_.backup
==== Deleting Files \ Folders ======================
C:\Program Files\Common Files\DVDVideoSoft\bin deleted
C:\Program Files\Wolfram Research deleted
C:\Users\Nino\AppData\Roaming\Yahoo! deleted
C:\PROGRA~2\ICQ deleted
C:\Users\Nino\AppData\Local\cache deleted
C:\Users\Nino\Downloads\FreeYouTubeToMP3Converter(1).exe deleted
C:\Users\Nino\Downloads\FreeYouTubeToMP3Converter.exe deleted
C:\Users\Nino\Downloads\FreeYouTubeToMP3Converter_3.11.22.exe deleted
C:\Users\Nino\AppData\LocalLow\boost_interprocess deleted
C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\jetpack deleted
C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\CT1700389 deleted
C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\extensions\youtubeunblocker@unblocker.yt deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [03.04.2010 17:40]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default
- Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
- Free Hide IP - %ProfilePath%\extensions\support@free-hideip.com.xpi
- 572ae458-3f7c-4678-aa10-b22b5979d2c1 - %ProfilePath%\extensions\{572ae458-3f7c-4678-aa10-b22b5979d2c1}.xpi
- DVDVideoSoft YouTube MP3 and Video Download - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Unity Web Player Wizard Light - %ProfilePath%\extensions\{e5a64d20-3633-48ca-823e-6de40a412f20}.xpi
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default
FB5621842FDABF9F8359775573498FBC - C:\Users\Nino\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update
738C29EAC995029E13333034C1402F56 - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll - Shockwave Flash
5CB01CF141E021DAAE96991A5BA57944 - C:\Users\Nino\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
DD31F0C436E4F5E6FA9783FF8A80ADC1 - C:\Users\Nino\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
785105A23650755A8F7A72405EB0D923 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll - Google Update
1E5E8C84DE796A01D1D46E3A660690F1 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
F055C91A961601B8D50EF2976145AEE6 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
A32402A7A2AC60B5422255DF020EC44A - C:\Program Files\DivX\DivX Web Player\npdivx32.dll - DivX Plus Web Player
025BBEF5A248B09BDC6684747F6EB5BC - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U55
290A0130C74ADCD4546BC6900D1665D9 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.550.14
5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
86244E1B6D062BBE2B91AA5DA7376806 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll - DivX VOD Helper Plug-in
358878E398AB0FB8B1EE176C2E3EDF48 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll - Google Updater
31DA97B4682187C6639BBE2215814FDA - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.de/"
"ICQ Search"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://de.intl.acer.yahoo.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"ICQ Search"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://www.google.de/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{12520993-F63A-465C-92EF-EA73A3ACE58F} Google Url="hxxp://www.google.de/search?q={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
Nothing found to reset
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Users\Nino\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Nino\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\Nino\AppData\Local\Mozilla\Firefox\Profiles\qjax06cs.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=14915 folders=1638 1564010472 bytes)
==== Empty Temp Folders ======================
C:\Users\Anika\AppData\Local\temp emptied successfully
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Nino\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Nino\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Nino\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
==== EOF on 19.06.2014 at 20:42:47,90 ======================
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-06-2014 Ran by Nino (administrator) on NINO-PC on 19-06-2014 20:49:48 Running from C:\Users\Nino\Desktop Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 7 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe () C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe (Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (National Instruments, Inc.) C:\Windows\System32\lkcitdl.exe (National Instruments Corporation) C:\Windows\System32\lkads.exe (National Instruments Corporation) C:\Windows\System32\lktsrv.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Acer\Mobility Center\MobilityService.exe (National Instruments Corporation) C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe (National Instruments Corp.) C:\Windows\System32\nisvcloc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe () C:\Program Files\Join Air\AssistantServices.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe (acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor Corp.) C:\Users\Nino\AppData\Local\Temp\RtkBtMnt.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (National Instruments) C:\Program Files\National Instruments\Shared\Update Service\BackgroundService.exe () C:\Program Files\Join Air\UIExec.exe (shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe () C:\Program Files\DivX\DivX Update\DivXUpdate.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation) HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-07] (Synaptics, Inc.) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4853760 2008-01-08] (Realtek Semiconductor) HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [521776 2008-01-03] (Egis Incorporated) HKLM\...\Run: [WarReg_PopUp] => C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [303104 2008-01-29] (Acer Incorporated) HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [858632 2008-01-08] (Dritek System Inc.) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2007-10-11] (Nuance Communications, Inc.) HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2007-10-11] (Nuance Communications, Inc.) HKLM\...\Run: [PPort11reminder] => C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.) HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1089536 2008-02-19] (Brother Industries, Ltd.) HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [86016 2007-12-21] (Brother Industries, Ltd.) HKLM\...\Run: [NI Background Service] => C:\Program Files\National Instruments\Shared\Update Service\BackgroundService.exe [77824 2008-04-03] (National Instruments) HKLM\...\Run: [UIExec] => C:\Program Files\Join Air\UIExec.exe [132608 2009-08-31] () HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-21] (Realtek Semiconductor Corp.) HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-03] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] () HKU\S-1-5-21-4257226603-2756161322-550577746-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-4257226603-2756161322-550577746-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-4257226603-2756161322-550577746-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{08B785C1-3893-4154-B53B-F5D341D0AAAA}\Icon3E5562ED7.ico () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKCU - {12520993-F63A-465C-92EF-EA73A3ACE58F} URL = hxxp://www.google.de/search?q={searchTerms} SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_05-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_05-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 217.68.161.141 217.68.161.171 FireFox: ======== FF ProfilePath: C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default FF NewTab: hxxp://www.google.com/ FF DefaultSearchEngine: Google FF SearchEngineOrder.1: Google FF SelectedSearchEngine: Google FF Homepage: hxxp://www.google.com FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q= FF NetworkProxy: "backup.ftp", "" FF NetworkProxy: "backup.ftp_port", 0 FF NetworkProxy: "backup.socks", "" FF NetworkProxy: "backup.socks_port", 0 FF NetworkProxy: "backup.ssl", "" FF NetworkProxy: "backup.ssl_port", 0 FF NetworkProxy: "ftp", "proxy.htwk-leipzig.de" FF NetworkProxy: "ftp_port", 3128 FF NetworkProxy: "gopher", "" FF NetworkProxy: "gopher_port", 0 FF NetworkProxy: "http", "proxy.htwk-leipzig.de" FF NetworkProxy: "http_port", 3128 FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "proxy.htwk-leipzig.de" FF NetworkProxy: "socks_port", 3128 FF NetworkProxy: "ssl", "proxy.htwk-leipzig.de" FF NetworkProxy: "ssl_port", 3128 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Nino\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Nino\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Nino\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Nino\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPLV82Win32.dll (National Instruments) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nplv85win32.dll (National Instruments) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Nino\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Nino\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF SearchPlugin: C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\searchplugins\searchplugins-backup FF SearchPlugin: C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\searchplugins\znout-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Free Hide IP - C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\Extensions\support@free-hideip.com.xpi [2012-09-03] FF Extension: {572ae458-3f7c-4678-aa10-b22b5979d2c1} - C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\Extensions\{572ae458-3f7c-4678-aa10-b22b5979d2c1}.xpi [2013-10-30] FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20] FF Extension: Adblock Plus - C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-24] FF Extension: Unity Web Player Wizard Light - C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\Extensions\{e5a64d20-3633-48ca-823e-6de40a412f20}.xpi [2013-11-05] FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-01-25] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] ========================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG) R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] () R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528624 2009-08-23] (Cisco Systems, Inc.) R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [506416 2008-01-03] (Egis Incorporated) R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-01] (Acer Inc.) [File not signed] R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2007-12-20] (Acer Inc.) [File not signed] R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.) [File not signed] R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] () [File not signed] S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2011-07-27] (Flexera Software, Inc.) R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-06-04] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-06-04] (Hewlett-Packard Co.) [File not signed] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed] R2 LkCitadelServer; C:\Windows\system32\lkcitdl.exe [695136 2007-11-27] (National Instruments, Inc.) R2 lkClassAds; C:\Windows\system32\lkads.exe [40488 2007-11-27] (National Instruments Corporation) R2 lkTimeSync; C:\Windows\system32\lktsrv.exe [50736 2007-11-27] (National Instruments Corporation) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-11-27] () [File not signed] S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed] R2 NIDomainService; C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe [213552 2007-11-27] (National Instruments Corporation) S4 NILM License Manager; C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1007616 2007-01-29] (Macrovision Corporation) [File not signed] R2 niSvcLoc; C:\Windows\system32\nisvcloc.exe [48704 2007-07-19] (National Instruments Corp.) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed] S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [575488 2008-08-07] (Nokia.) [File not signed] S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [361728 2008-09-19] (TuneUp Software GmbH) R2 UI Assistant Service; C:\Program Files\Join Air\AssistantServices.exe [241664 2009-08-31] () [File not signed] R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-20] (acer) [File not signed] ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-06-03] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-03] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG) R2 cvintdrv; C:\Windows\system32\Drivers\cvintdrv.sys [4096 2007-10-23] () [File not signed] S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2009-08-23] (Cisco Systems, Inc.) [File not signed] R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.) S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-19] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2008-03-27] (NewTech Infosystems, Inc.) [File not signed] R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8064 2008-06-06] (Windows (R) Codename Longhorn DDK provider) S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8064 2008-05-07] (Windows (R) Codename Longhorn DDK provider) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) S3 catchme; \??\C:\Users\Nino\AppData\Local\Temp\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 WisINT15; \??\C:\Elements\1stboot\WisINT15.SYS [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-19 20:49 - 2014-06-19 20:50 - 00022418 _____ () C:\Users\Nino\Desktop\FRST.txt 2014-06-19 20:49 - 2014-06-19 20:49 - 00000000 ____D () C:\Users\Nino\Desktop\FRST-OlderVersion 2014-06-19 20:45 - 2014-06-19 20:45 - 00010276 _____ () C:\Users\Nino\Desktop\zoek-results.txt 2014-06-19 20:36 - 2014-06-19 20:03 - 00024064 _____ () C:\Windows\zoek-delete.exe 2014-06-19 20:08 - 2014-06-19 20:42 - 00010276 _____ () C:\zoek-results.log 2014-06-19 20:03 - 2014-06-19 20:31 - 00000000 ____D () C:\zoek_backup 2014-06-19 20:03 - 2014-06-19 20:03 - 01285120 _____ () C:\Users\Nino\Desktop\zoek.exe 2014-06-19 19:59 - 2014-06-19 19:59 - 00001159 _____ () C:\Users\Nino\Desktop\mbam.txt 2014-06-19 19:45 - 2014-06-19 20:43 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-19 19:44 - 2014-06-19 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-19 19:44 - 2014-06-19 19:44 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-19 19:44 - 2014-06-19 19:44 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-06-19 19:44 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-19 19:44 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-06-19 19:44 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-06-19 19:38 - 2014-06-19 19:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nino\Desktop\mbam-setup-2.0.2.1012.exe 2014-06-19 19:33 - 2014-06-19 19:33 - 00022385 _____ () C:\Users\Nino\Desktop\AdwCleaner[S0].txt 2014-06-19 19:25 - 2014-06-19 19:28 - 00000000 ____D () C:\AdwCleaner 2014-06-19 19:25 - 2014-06-19 19:25 - 01333465 _____ () C:\Users\Nino\Desktop\adwcleaner_3.212.exe 2014-06-19 17:59 - 2014-06-19 17:59 - 00013991 _____ () C:\Users\Nino\Desktop\ComboFix.txt 2014-06-19 17:41 - 2014-06-19 17:41 - 00013991 _____ () C:\ComboFix.txt 2014-06-19 17:20 - 2014-06-19 17:41 - 00000000 ____D () C:\Qoobox 2014-06-19 17:20 - 2014-06-19 17:41 - 00000000 ____D () C:\ComboFix 2014-06-19 17:20 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-06-19 17:20 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-06-19 17:20 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-06-19 17:20 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-06-19 17:20 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-06-19 17:20 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-06-19 17:20 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-06-19 17:20 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-06-19 17:19 - 2014-06-19 17:39 - 00000000 ____D () C:\Windows\erdnt 2014-06-19 17:13 - 2014-06-19 17:14 - 05207168 ____R (Swearware) C:\Users\Nino\Desktop\ComboFix.exe 2014-06-18 21:26 - 2014-06-18 21:26 - 00380416 _____ () C:\Users\Nino\Desktop\Gmer-19357.exe 2014-06-18 21:02 - 2014-06-18 21:06 - 00119702 _____ () C:\Users\Nino\Desktop\Ereignisse Avira.txt 2014-06-18 19:46 - 2014-06-18 19:53 - 00043637 _____ () C:\Users\Nino\Desktop\Addition alt.txt 2014-06-18 19:41 - 2014-06-18 19:53 - 00033578 _____ () C:\Users\Nino\Desktop\FRST alt.txt 2014-06-18 19:34 - 2014-06-19 20:49 - 00000000 ____D () C:\FRST 2014-06-18 19:27 - 2014-06-19 20:49 - 01072128 _____ (Farbar) C:\Users\Nino\Desktop\FRST.exe 2014-06-12 20:49 - 2014-06-12 20:49 - 00000000 ____D () C:\Users\Nino\AppData\Local\Adobe 2014-06-12 18:12 - 2014-05-06 06:46 - 03630592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-12 18:12 - 2014-05-06 06:46 - 01177600 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-12 18:12 - 2014-05-06 06:46 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-12 18:12 - 2014-05-06 06:46 - 00671744 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll 2014-06-12 18:12 - 2014-05-06 06:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-12 18:12 - 2014-05-06 06:46 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-12 18:12 - 2014-05-06 06:46 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-06-12 18:12 - 2014-05-06 06:45 - 06119424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-12 18:12 - 2014-05-06 06:45 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-12 18:12 - 2014-05-06 06:45 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-12 18:12 - 2014-05-06 06:45 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-06-12 18:12 - 2014-05-06 06:45 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-12 18:12 - 2014-05-06 06:45 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-12 18:12 - 2014-05-06 06:45 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll 2014-06-12 18:12 - 2014-05-06 05:16 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-06-12 18:12 - 2014-05-06 05:07 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-12 18:12 - 2014-04-26 18:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-12 18:12 - 2014-04-05 04:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-12 18:12 - 2014-03-10 03:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-12 18:12 - 2014-03-10 03:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-11 18:44 - 2014-06-11 18:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-31 10:06 - 2014-05-31 10:06 - 00000000 ____D () C:\Program Files\Common Files\Skype ==================== One Month Modified Files and Folders ======= 2014-06-19 20:50 - 2014-06-19 20:49 - 00022418 _____ () C:\Users\Nino\Desktop\FRST.txt 2014-06-19 20:49 - 2014-06-19 20:49 - 00000000 ____D () C:\Users\Nino\Desktop\FRST-OlderVersion 2014-06-19 20:49 - 2014-06-18 19:34 - 00000000 ____D () C:\FRST 2014-06-19 20:49 - 2014-06-18 19:27 - 01072128 _____ (Farbar) C:\Users\Nino\Desktop\FRST.exe 2014-06-19 20:47 - 2008-07-26 04:54 - 01174778 _____ () C:\Windows\WindowsUpdate.log 2014-06-19 20:45 - 2014-06-19 20:45 - 00010276 _____ () C:\Users\Nino\Desktop\zoek-results.txt 2014-06-19 20:43 - 2014-06-19 19:45 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-19 20:43 - 2014-03-23 19:19 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4257226603-2756161322-550577746-1003UA.job 2014-06-19 20:42 - 2014-06-19 20:08 - 00010276 _____ () C:\zoek-results.log 2014-06-19 20:42 - 2008-11-19 10:47 - 00000416 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{CFFA0713-7CE4-4E47-A2F3-3D61073123BF}.job 2014-06-19 20:39 - 2010-01-06 22:56 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-19 20:39 - 2009-10-17 18:30 - 21943602 _____ () C:\Windows\PFRO.log 2014-06-19 20:39 - 2008-09-19 22:45 - 00000498 _____ () C:\Windows\Tasks\1-Klick-Wartung.job 2014-06-19 20:39 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-19 20:39 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-19 20:39 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-19 20:37 - 2008-07-26 04:56 - 00000012 _____ () C:\Windows\bthservsdp.dat 2014-06-19 20:37 - 2006-11-02 15:01 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-06-19 20:33 - 2011-12-18 20:26 - 00000000 ____D () C:\Users\Nino\AppData\Roaming\Skype 2014-06-19 20:31 - 2014-06-19 20:03 - 00000000 ____D () C:\zoek_backup 2014-06-19 20:31 - 2012-11-19 11:36 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft 2014-06-19 20:24 - 2010-01-06 22:56 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-19 20:13 - 2012-04-06 22:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-19 20:03 - 2014-06-19 20:36 - 00024064 _____ () C:\Windows\zoek-delete.exe 2014-06-19 20:03 - 2014-06-19 20:03 - 01285120 _____ () C:\Users\Nino\Desktop\zoek.exe 2014-06-19 19:59 - 2014-06-19 19:59 - 00001159 _____ () C:\Users\Nino\Desktop\mbam.txt 2014-06-19 19:44 - 2014-06-19 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-19 19:44 - 2014-06-19 19:44 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-19 19:44 - 2014-06-19 19:44 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-06-19 19:38 - 2014-06-19 19:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nino\Desktop\mbam-setup-2.0.2.1012.exe 2014-06-19 19:33 - 2014-06-19 19:33 - 00022385 _____ () C:\Users\Nino\Desktop\AdwCleaner[S0].txt 2014-06-19 19:28 - 2014-06-19 19:25 - 00000000 ____D () C:\AdwCleaner 2014-06-19 19:25 - 2014-06-19 19:25 - 01333465 _____ () C:\Users\Nino\Desktop\adwcleaner_3.212.exe 2014-06-19 18:42 - 2014-03-23 19:19 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4257226603-2756161322-550577746-1003Core.job 2014-06-19 18:24 - 2008-09-20 11:23 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2014-06-19 17:59 - 2014-06-19 17:59 - 00013991 _____ () C:\Users\Nino\Desktop\ComboFix.txt 2014-06-19 17:41 - 2014-06-19 17:41 - 00013991 _____ () C:\ComboFix.txt 2014-06-19 17:41 - 2014-06-19 17:20 - 00000000 ____D () C:\Qoobox 2014-06-19 17:41 - 2014-06-19 17:20 - 00000000 ____D () C:\ComboFix 2014-06-19 17:41 - 2010-01-24 17:27 - 00000000 ____D () C:\Users\Anika 2014-06-19 17:41 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default 2014-06-19 17:41 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public 2014-06-19 17:39 - 2014-06-19 17:19 - 00000000 ____D () C:\Windows\erdnt 2014-06-19 17:37 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini 2014-06-19 17:14 - 2014-06-19 17:13 - 05207168 ____R (Swearware) C:\Users\Nino\Desktop\ComboFix.exe 2014-06-19 17:11 - 2008-10-20 20:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-06-19 17:11 - 2008-10-20 20:32 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2014-06-19 00:06 - 2008-09-19 18:16 - 00000000 ____D () C:\Users\Nino 2014-06-18 23:37 - 2008-09-19 23:03 - 00000000 ____D () C:\ProgramData\TEMP 2014-06-18 21:26 - 2014-06-18 21:26 - 00380416 _____ () C:\Users\Nino\Desktop\Gmer-19357.exe 2014-06-18 21:06 - 2014-06-18 21:02 - 00119702 _____ () C:\Users\Nino\Desktop\Ereignisse Avira.txt 2014-06-18 19:53 - 2014-06-18 19:46 - 00043637 _____ () C:\Users\Nino\Desktop\Addition alt.txt 2014-06-18 19:53 - 2014-06-18 19:41 - 00033578 _____ () C:\Users\Nino\Desktop\FRST alt.txt 2014-06-14 14:38 - 2009-03-24 21:20 - 00001022 _____ () C:\Windows\Tasks\Google Software Updater.job 2014-06-13 17:17 - 2009-10-19 10:37 - 00000000 ____D () C:\Users\Nino\Documents\Privat 2014-06-12 20:49 - 2014-06-12 20:49 - 00000000 ____D () C:\Users\Nino\AppData\Local\Adobe 2014-06-12 19:00 - 2012-04-06 22:53 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-06-12 19:00 - 2011-05-20 21:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-06-12 18:51 - 2012-04-26 14:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-06-12 18:31 - 2008-03-27 22:27 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-06-12 18:29 - 2013-08-14 11:48 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-12 18:26 - 2006-11-02 12:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-06-12 17:56 - 2014-04-09 17:49 - 00000000 ____D () C:\Users\Nino\Documents\Arbeit 2014-06-12 17:53 - 2006-11-02 12:33 - 01715048 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-11 18:44 - 2014-06-11 18:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-06-09 13:38 - 2008-09-19 22:46 - 00000000 ____D () C:\Users\Nino\AppData\Roaming\Mozilla 2014-06-09 13:26 - 2011-07-26 21:46 - 00000000 ____D () C:\Users\Nino\AppData\Local\FreePDF_XP 2014-06-09 13:17 - 2014-04-18 20:24 - 00010406 _____ () C:\Users\Nino\Desktop\Meine Schulden.xlsx 2014-06-03 18:01 - 2012-12-18 11:19 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-06-03 18:01 - 2012-12-18 11:19 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-06-02 19:01 - 2013-11-26 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX 2014-06-02 19:01 - 2011-01-01 17:26 - 00000000 ____D () C:\ProgramData\DivX 2014-06-02 19:00 - 2011-01-01 17:27 - 00000000 ____D () C:\Program Files\DivX 2014-05-31 10:06 - 2014-05-31 10:06 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-05-31 10:06 - 2014-03-03 08:11 - 00000000 ___RD () C:\Program Files\Skype 2014-05-31 10:06 - 2011-12-18 20:26 - 00000000 ____D () C:\ProgramData\Skype 2014-05-31 10:05 - 2011-02-24 11:39 - 00000680 _____ () C:\Users\Nino\AppData\Local\d3d9caps.dat Files to move or delete: ==================== C:\Users\Nino\CTX.DAT Some content of TEMP: ==================== C:\Users\Nino\AppData\Local\Temp\avgnt.exe C:\Users\Nino\AppData\Local\Temp\RtkBtMnt.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-19 20:46 ==================== End Of Log ============================ --- --- --- Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:18-06-2014
Ran by Nino at 2014-06-19 20:51:04
Running from C:\Users\Nino\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 2.8.4354 - Egis Inc.)
Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.4302 - Acer Inc.)
Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4301 - Acer Inc.)
Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.4303 - Acer Inc.)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.4310 - Acer Inc.)
Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.4300 - Acer Inc.)
Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4302 - Acer Inc.)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.4301 - Acer Inc.)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 2.11.20071207 - Acer Inc.)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.12.36 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM\...\{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}) (Version: 9.0.16.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.7.609 - Adobe Systems, Inc.)
AIO_Scan (Version: 90.0.222.000 - Hewlett-Packard) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - )
Amazon MP3-Downloader 1.0.9 (HKLM\...\Amazon MP3-Downloader) (Version: - )
AutoCAD Mechanical 2012 (HKLM\...\AutoCAD Mechanical 2012) (Version: 16.0.49.0 - Autodesk)
AutoCAD Mechanical 2012 (Version: 16.0.49.0 - Autodesk) Hidden
AutoCAD Mechanical 2012 Language Pack - Deutsch (Version: 16.0.49.0 - Autodesk) Hidden
Autodesk Content Service (HKLM\...\{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}) (Version: 2.0.90 - Autodesk)
Autodesk Design Review 2008 (HKLM\...\{FCF3DFF4-CB33-4343-9878-DEEC6D131DF8}) (Version: 4.0.0 - Autodesk, Inc.)
Autodesk Design Review 2010 (HKLM\...\Autodesk Design Review 2010) (Version: 10.0.0.108 - Autodesk, Inc.)
Autodesk Design Review 2010 (Version: 10.0.0.108 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion 2012 (HKLM\...\Autodesk Inventor Fusion 2012) (Version: 1.0.0.79 - Autodesk, Inc.)
Autodesk Inventor Fusion 2012 (Version: 1.0.0.79 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion 2012 Language Pack (Version: 1.0.0.79 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion plug-in for AutoCAD 2012 (HKLM\...\Autodesk Inventor Fusion Plugin for AutoCAD 2012) (Version: 0.0.1.138 - Autodesk)
Autodesk Inventor Fusion Plugin for AutoCAD 2012 (Version: 0.0.1.138 - Autodesk) Hidden
Autodesk Inventor Fusion Plugin Language Pack for AutoCAD 2012 (Version: 0.0.1.138 - Autodesk) Hidden
Autodesk Material Library 2012 (HKLM\...\{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}) (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2012 (HKLM\...\{65420DC9-306E-4371-905F-F4DC3B418E52}) (Version: 2.5.0.8 - Autodesk)
Autodesk Navisworks 2012 2004-6 DWG File Reader Runtimes (HKLM\...\{8C3B5851-5A51-4FF6-A3C8-3422EE2D0109}) (Version: 1.0.0 - Autodesk)
Autodesk Navisworks 2012 32 bit Exporter Plug-ins (HKLM\...\Autodesk Navisworks 2012 32 bit Exporter Plug-ins) (Version: 9.0.69.686 - Autodesk)
Autodesk Navisworks 2012 32 bit Exporter Plug-ins (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks 2012 32 bit Exporter Plug-ins Language Pack (Deutsch) (HKLM\...\{5EDF1B95-251E-0407-8232-38B90D666EE2}) (Version: 9.0.69.324 - Autodesk)
Autodesk Navisworks Freedom 2012 (HKLM\...\Autodesk Navisworks Freedom 2012) (Version: 9.0.69.686 - Autodesk)
Autodesk Navisworks Freedom 2012 (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks Freedom 2012 Language Pack (Deutsch) (HKLM\...\{4C5EBB8E-FE25-0407-ABF9-653822766EF5}) (Version: 9.0.69.324 - Autodesk)
Autodesk Navisworks Manage 2012 - 2004 DWG File Reader (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks Manage 2012 - 2005 DWG File Reader (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks Manage 2012 - 2006 DWG File Reader (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks Manage 2012 - 2007 DWG File Reader (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks Manage 2012 - 2008 DWG File Reader (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks Manage 2012 - 2009 DWG File Reader (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks Manage 2012 - 2010 DWG File Reader (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks Manage 2012 - 2011 DWG File Reader (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks Manage 2012 - 2012 DWG File Reader (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks Manage 2012 (HKLM\...\Autodesk Navisworks Manage 2012) (Version: 9.0.69.686 - Autodesk)
Autodesk Navisworks Manage 2012 (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks Manage 2012 Language Pack (Deutsch) (HKLM\...\{55533772-CCA4-0407-9D08-4BF031E3EE32}) (Version: 9.0.69.324 - Autodesk)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.4.672 - Avira)
Broadcom Gigabit Integrated Controller (HKLM\...\{FC57FC53-104C-415C-98D7-B05E659461A9}) (Version: 10.50.08 - Broadcom Corporation)
Brother MFL-Pro Suite DCP-145C (HKLM\...\{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Business Contact Manager für Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Cisco Systems VPN Client 5.0.06.0110 (HKLM\...\{08B785C1-3893-4154-B53B-F5D341D0AAAA}) (Version: 5.0.6 - Cisco Systems, Inc.)
Classic Menu 3.x for Office 2007 (HKLM\...\{409ECFF1-9CC7-43A8-B28A-B7F0B7CB04D1}_is1) (Version: - Addintools)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (Version: 90.0.146.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destination Component (Version: 090.000.091.086 - Hewlett-Packard) Hidden
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM\...\Dev-C++) (Version: - )
DeviceDiscovery (Version: 90.0.205.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.3.22 - DivX, LLC)
DJ_AIO_ProductContext (Version: 90.0.236.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (Version: 90.0.222.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (Version: 90.0.222.000 - Hewlett-Packard) Hidden
Driver Detective (HKLM\...\{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}) (Version: 7.0.0 - PC Drivers HeadQuarters)
Dropbox (HKCU\...\Dropbox) (Version: 1.2.51 - Dropbox, Inc.)
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version: - )
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
F4100 (Version: 90.0.222.000 - Hewlett-Packard) Hidden
F4100_doccd (Version: 90.0.222.000 - Hewlett-Packard) Hidden
F4100_Help (Version: 90.0.222.000 - Hewlett-Packard) Hidden
FARO LS 1.1.406.58 (HKLM\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
Free YouTube to MP3 Converter version 3.11.35.1031 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.35.1031 - DVDVideoSoft Ltd.)
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version: - )
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version: - )
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version: - )
HI-TECH C51-lite V9.60PL0 (HKLM\...\HC51 9.60PL0) (Version: 9.60 - HI-TECH Software)
HI-TECH PICC lite V9.60PL0 (HKLM\...\PICC 9.60PL0) (Version: 9.60 - HI-TECH Software)
HP Customer Participation Program 9.0 (HKLM\...\HPExtendedCapabilities) (Version: 9.0 - HP)
HP Deskjet All-In-One Software 9.0 (HKLM\...\{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}) (Version: 9.0 - HP)
HP Imaging Device Functions 9.0 (HKLM\...\HP Imaging Device Functions) (Version: 9.0 - HP)
HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
HP Photosmart Essential2.01 (Version: 1.01.0000 - Hewlett-Packard) Hidden
HP Smart Web Printing (HKLM\...\{415CDA53-9100-476F-A7B2-476691E117C7}) (Version: 2.15.7.0 - Ihr Firmenname)
HP Solution Center 9.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 9.0 - HP)
HP Update (HKLM\...\{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}) (Version: 4.000.006.003 - Hewlett-Packard)
HPProductAssistant (Version: 90.0.146.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Ihr Firmenname)
ICQ7.4 (HKLM\...\{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}) (Version: 7.4 - ICQ)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
ITI SimulationX 3.4 (HKLM\...\ITI SimulationX 3.4) (Version: 3.4.404.55 - ITI GmbH)
ITI SimulationX 3.4 (Version: 3.4.404.55 - ITI GmbH) Hidden
Japanese Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-5760-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
Java 2 Runtime Environment, SE v1.4.2_05 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142050}) (Version: 1.4.2_05 - Sun Microsystems, Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Join Air (HKLM\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.1 - ZTE Corporation)
Launch Manager (HKLM\...\LManager) (Version: - )
LightScribe 1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (Version: 90.0.146.000 - Hewlett-Packard) Hidden
McAfee Security Scan (HKLM\...\McAfee Security Scan) (Version: - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Age of Empires II (HKLM\...\Age of Empires 2.0) (Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{FDE96E86-7780-431C-92F7-679C6A7CEC51}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0407-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Microsoft WSE 3.0 (HKLM\...\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}) (Version: 3.0.5305.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
National Instruments-Software (HKLM\...\NI Uninstaller) (Version: - National Instruments)
NI Circuit Design Suite 10.1 Core (Version: 10.1.197 - National Instruments) Hidden
NI Circuit Design Suite 10.1 Edu Licenses (Version: 10.1.197 - National Instruments) Hidden
NI Circuit Design Suite 10.1 Education (Version: 10.1.197 - National Instruments) Hidden
NI DN 2.0 installer (Version: 2.00.49154 - National Instruments) Hidden
NI EULA Depot (Version: 2.51.88 - National Instruments) Hidden
NI Help Assistant (Version: 1.0.10 - National Instruments) Hidden
NI LabVIEW Real-Time FIFO for Runtime (Version: 8.2.74.0 - National Instruments) Hidden
NI LabVIEW Real-Time FIFO for Runtime (Version: 8.5.264.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 8.2.1 (Version: 8.2.379.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 8.5.1 (Version: 8.5.306.0 - National Instruments) Hidden
NI LabWindows/CVI 8.1.1 Run-Time Engine (Version: 8.1.1361 - National Instruments) Hidden
NI License Manager (Version: 3.2.1026 - National Instruments) Hidden
NI Logos 4.9.1 (Version: 4.9.105.0 - National Instruments) Hidden
NI Logos XT Support (Version: 4.9.44.0 - National Instruments) Hidden
NI Math Kernel Libraries (Version: 1.0.861.0 - National Instruments) Hidden
NI MDF Support (Version: 2.51.88 - National Instruments) Hidden
NI MetaSuite Installer (Version: 2.51.93 - National Instruments) Hidden
NI Service Locator (Version: 8.5.160.0 - National Instruments) Hidden
NI TDMS (Version: 1.1.286.0 - National Instruments) Hidden
NI Uninstaller (Version: 2.51.88 - National Instruments) Hidden
NI Update Service 1.0 (Version: 1.0.254.0 - National Instruments) Hidden
NI Update Service Extras 1.0 (Version: 1.0.257.0 - National Instruments) Hidden
NI USI 1.5.0 (Version: 1.5.03128 - National Instruments) Hidden
NI VC2005MSMs x86 (Version: 8.01.2 - National Instruments) Hidden
Nokia Connectivity Cable Driver (HKLM\...\{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}) (Version: 7.0.2.0 - Nokia)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.0.8.2 - Nokia)
Nokia PC Suite (Version: 7.0.8.2 - Nokia) Hidden
NTI Backup NOW! 4.7 (HKLM\...\InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}) (Version: 1.00.0000 - NewTech Infosystems)
NTI Backup NOW! 4.7 (Version: 1.00.0000 - NewTech Infosystems) Hidden
NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden
NTI Shadow (HKLM\...\InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}) (Version: 3.7.6.37 - NewTech Infosystems)
NTI Shadow (Version: 3.7.6.37 - NewTech Infosystems) Hidden
OpenOffice.org 3.1 (HKLM\...\{D765F1CE-5AE5-4C47-B134-AE58AC474740}) (Version: 3.1.9399 - OpenOffice.org)
PaperPort Image Printer (HKLM\...\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PC Connectivity Solution (HKLM\...\{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}) (Version: 8.22.4.0 - Nokia)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.32.3730a.0 - CyberLink Corporation)
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5543 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Scan (Version: 9.0.0.0 - Hewlett-Packard) Hidden
ScanSoft PaperPort 11 (HKLM\...\{7A8FF745-BBC5-482B-88E4-18D3178249A9}) (Version: 11.1.0000 - Nuance Communications, Inc.)
SCwin_April201004-03 (Version: 2000.11.28 - SOLAR-COMPUTER GmbH) Hidden
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SOLAR-COMPUTER-Software (HKLM\...\SOLAR-COMPUTER-Software) (Version: - )
SolutionCenter (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Status (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.15.0 - Synaptics)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}) (Version: 2.00.0002 - Texas Instruments Inc.)
TIPCI (Version: 2.00.0002 - Texas Instruments Inc.) Hidden
Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
TrayApp (Version: 90.0.146.000 - Hewlett-Packard) Hidden
TuneUp Utilities 2008 (HKLM\...\{5888428E-699C-4E71-BF71-94EE06B497DA}) (Version: 7.0.7991 - TuneUp Software)
UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B7EF38F7-1D58-4085-A9A4-0F6C69A5AA1E}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VBA (2701.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
VLC media player 0.9.9 (HKLM\...\VLC media player) (Version: 0.9.9 - VideoLAN Team)
WebReg (Version: 90.0.146.000 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software 6.1.0.2000 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.1.0.2000 - Broadcom Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Nokia Modem (05/22/2008 3.8) (HKLM\...\C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD) (Version: 05/22/2008 3.8 - Nokia)
Windows-Treiberpaket - Nokia Modem (05/22/2008 7.00.0.1) (HKLM\...\9CD348AE9C64C4B939B624E8E24F3903EFDFC82B) (Version: 05/22/2008 7.00.0.1 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) (HKLM\...\3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F) (Version: 10/12/2007 6.85.4.0 - Nokia)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Wolfram Mathematica 7 (M-WIN-L 7.0.0 1148351) (HKLM\...\M-WIN-L 7.0.0 1148351_is1) (Version: 7.0.0 - Wolfram Research, Inc.)
Wolfram Notebook Indexer 2.0 (HKLM\...\{C260343B-6282-42A2-939F-1FF7E503F608}) (Version: 2.17.34091 - Wolfram Research)
==================== Restore Points =========================
01-06-2014 18:45:08 Geplanter Prüfpunkt
03-06-2014 16:10:02 Windows Update
05-06-2014 19:23:05 Geplanter Prüfpunkt
09-06-2014 11:41:56 Windows Update
11-06-2014 19:30:14 Geplanter Prüfpunkt
12-06-2014 16:22:02 Windows Update
13-06-2014 18:00:58 Geplanter Prüfpunkt
14-06-2014 11:49:43 Geplanter Prüfpunkt
16-06-2014 16:26:25 Geplanter Prüfpunkt
17-06-2014 16:43:29 Windows Update
19-06-2014 04:56:30 Geplanter Prüfpunkt
19-06-2014 18:08:18 zoek.exe restore point
==================== Hosts content: ==========================
2006-11-02 12:23 - 2014-06-19 17:37 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1F2C8526-DD5D-4840-96D9-2CA30A29F2F6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4257226603-2756161322-550577746-1003UA => C:\Users\Nino\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-18] (Google Inc.)
Task: {2F42B42E-8675-4E00-BF7B-65412847518D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-12] (Adobe Systems Incorporated)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3DD0E0B1-A409-4E7E-B238-7157DBEB32E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-06] (Google Inc.)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {4AB13B90-3AA7-406C-8474-F9E19733295D} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {561C5E75-6A15-4E5D-832D-AB8474C9DB6F} - System32\Tasks\{3E3E5669-F14D-4C70-A717-4878AFE47DB1} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.0.158/de/eula
Task: {796764E4-B0B6-42FD-8917-1C8B1A65C2F4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-06] (Google Inc.)
Task: {93D14E32-3894-4ECD-AA08-7934BAF63A64} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4257226603-2756161322-550577746-1003Core => C:\Users\Nino\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-18] (Google Inc.)
Task: {AB3F5269-22D2-474B-A197-4E0374595526} - System32\Tasks\1-Klick-Wartung => C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-08-21] (TuneUp Software GmbH)
Task: {C5C7D163-BF3C-4347-A4CB-19BF49F48DC6} - System32\Tasks\{FC7763AD-81ED-4BAC-BFF7-CFAC70F59F5C} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.0.158/de/privacy
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\1-Klick-Wartung.job => C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4257226603-2756161322-550577746-1003Core.job => C:\Users\Nino\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4257226603-2756161322-550577746-1003UA.job => C:\Users\Nino\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{CFFA0713-7CE4-4E47-A2F3-3D61073123BF}.job => C:\Windows\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) =============
2008-12-05 00:46 - 2008-09-16 21:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2011-07-26 21:42 - 2010-06-17 21:56 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2011-02-02 14:08 - 2011-02-02 14:08 - 00018656 _____ () C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
2009-08-23 21:41 - 2009-08-23 21:41 - 00197424 _____ () C:\Windows\system32\vpnapi.dll
2008-07-26 05:11 - 2007-11-27 18:54 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2008-07-26 05:11 - 2007-11-27 15:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2010-03-28 08:51 - 2009-08-31 10:43 - 00241664 _____ () C:\Program Files\Join Air\AssistantServices.exe
2008-07-26 05:09 - 2007-02-13 06:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
2008-07-26 05:09 - 2007-02-13 06:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\IERYETF.dll
2008-07-26 05:10 - 2007-12-19 18:09 - 00024576 _____ () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
2008-07-26 05:10 - 2007-12-19 18:09 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll
2008-07-26 05:10 - 2007-12-19 18:08 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll
2008-01-03 02:00 - 2008-01-03 02:00 - 00227888 _____ () C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
2008-07-26 13:49 - 2003-06-07 23:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2010-03-28 08:51 - 2009-08-31 10:43 - 00132608 _____ () C:\Program Files\Join Air\UIExec.exe
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:D282699C
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
Name: Microsoft-6zu4-Adapter #2
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Microsoft-ISATAP-Adapter #3
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Microsoft-ISATAP-Adapter
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Microsoft-ISATAP-Adapter #4
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Microsoft-ISATAP-Adapter #5
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Microsoft-ISATAP-Adapter #6
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/19/2014 08:39:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/19/2014 07:31:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/19/2014 06:34:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/19/2014 06:24:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/19/2014 05:03:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/19/2014 06:01:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/18/2014 11:11:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/18/2014 10:48:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/18/2014 10:37:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/18/2014 05:45:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (06/19/2014 08:39:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/19/2014 08:39:18 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT-AUTORITÄT)
Description: 2147942402
Error: (06/19/2014 08:20:59 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
Error: (06/19/2014 08:20:58 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
Error: (06/19/2014 08:20:57 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
Error: (06/19/2014 08:20:56 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
Error: (06/19/2014 08:20:56 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
Error: (06/19/2014 07:31:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/19/2014 07:31:01 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT-AUTORITÄT)
Description: 2147942402
Error: (06/19/2014 06:34:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Microsoft Office Sessions:
=========================
Error: (02/15/2011 00:30:47 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 74 seconds with 60 seconds of active time. This session ended with a crash.
Error: (01/11/2010 10:29:03 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 21 seconds with 0 seconds of active time. This session ended with a crash.
Error: (01/10/2010 02:04:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6324.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash.
Error: (01/10/2010 01:58:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6324.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.
Error: (01/10/2010 01:58:24 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6324.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.
Error: (01/10/2010 01:58:10 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6324.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.
Error: (11/12/2008 09:16:54 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 8 seconds with 0 seconds of active time. This session ended with a crash.
Error: (10/16/2008 00:29:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 480 seconds with 180 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-06-19 20:50:48.463
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-19 20:50:48.221
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-19 20:50:47.960
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-19 20:50:47.671
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-19 20:42:35.984
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-19 19:51:20.412
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-19 19:51:20.173
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-19 19:51:19.932
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-19 19:51:19.693
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-19 19:46:09.081
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 45%
Total physical RAM: 3061.68 MB
Available physical RAM: 1682.75 MB
Total Pagefile: 6332.39 MB
Available Pagefile: 4587.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907.42 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:223.12 GB) (Free:41.68 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:3.01 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 9AA4CFAF)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=223 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Geändert von NinoW (19.06.2014 um 20:27 Uhr) |
|
20.06.2014, 13:20
| #10 |
| /// TB-Ausbilder | PC hat eigenmächtig Internetseite h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad geöffnet Noch Probleme mit der Seite nach den folgenden Schritten? Wenn ja, in welchem Browser? Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern. Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
FF Extension: {572ae458-3f7c-4678-aa10-b22b5979d2c1} - C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\Extensions\{572ae458-3f7c-4678-aa10-b22b5979d2c1}.xpi [2013-10-30]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
C:\Users\Nino\CTX.DAT
Reboot:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
|
20.06.2014, 13:58
| #11 |
| | PC hat eigenmächtig Internetseite h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad geöffnet Hallo und einen schönen Freitag wünsche ich, werde mich sofort darum kümmern, wenn ich zuhause bin. Grüße |
|
20.06.2014, 13:59
| #12 |
| /// TB-Ausbilder | PC hat eigenmächtig Internetseite h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad geöffnet Alles klar. |
|
20.06.2014, 20:24
| #13 |
| | PC hat eigenmächtig Internetseite h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad geöffnet N'abend, hab nun die zweite Runde der Scan-Programme durchlaufen lassen. ESET hat wirklich ne halbe Ewigkeit gedauert. FRST: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:20-06-2014
Ran by Nino at 2014-06-20 16:17:03 Run:1
Running from C:\Users\Nino\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
FF Extension: {572ae458-3f7c-4678-aa10-b22b5979d2c1} - C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\Extensions\{572ae458-3f7c-4678-aa10-b22b5979d2c1}.xpi [2013-10-30]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
C:\Users\Nino\CTX.DAT
Reboot:
end
*****************
C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\Extensions\{572ae458-3f7c-4678-aa10-b22b5979d2c1}.xpi => Moved successfully.
C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\qjax06cs.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi => Moved successfully.
C:\Users\Nino\CTX.DAT => Moved successfully.
The system needed a reboot.
==== End of Fixlog ====
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
Code:
ATTFilter Results of screen317's Security Check version 0.99.83 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 7 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` TuneUp Utilities 2008 JavaFX 2.1.1 Java 7 Update 55 Java 2 Runtime Environment, SE v1.4.2_05 Adobe Flash Player 9 Flash Player out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 14.0.0.125 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (30.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Empowering Technology eSettings Service capuserv.exe Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` |
|
21.06.2014, 09:27
| #14 |
| /// TB-Ausbilder | PC hat eigenmächtig Internetseite h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad geöffnet Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Du verwendest veraltete Software auf deinem Rechner, was ein Sicherheitsrisiko darstellt. Daher solltest du veraltete Software deinstallieren und anschließend die aktuellste Version installieren. Folge dem Pfad Start > Systemsteuerung > Sofware / Programme deinstallieren. Deinstalliere die folgenden Programme von deinem Rechner:
Downloade und installiere dir bitte nun:
Schritt 2 Die Reihenfolge ist hier entscheidend.
Schritt 3 Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti-Viren-Programm und zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden. Mozilla Firefox
Performance
Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
21.06.2014, 13:20
| #15 |
| | PC hat eigenmächtig Internetseite h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad geöffnet Hallo Matthias, habe Schritt 2 durchgeführt. Um Schritt 3 kümmere ich mich noch. Leider habe ich alles nach und nach gelesen und ausgeführt. Also erst am Ende gesehen, dass ich nichts bei Chip oder Softonic runterladen soll. Die von dir genannte Version von Java gab es für 32 Bit aber bei Oracle selbst nicht, aber eben auf chip.de. Daher habe ich das dort heruntergeladen. Von softonic hatte ich auch ein nützliches Programm, welches jetzt scheinbar weg ist. Ebenso wie mein youtube-unblocker, auf den ich sicherlich nicht verzichten möchte. Vielleicht helfen mir die anderen empfohlenen Programme ja dennoch meinen PC sauber zu halten. Zu den anderen Punkten, den IE nutze ich nicht sondern immer Firefox. Auf dem ich auch schon seit geraumer Zeit Adblock habe. Das mit den Windows-Updates ist auch eingestellt. Das müsste es soweit gewesen sein. Wünsche erstmal einen schönen Samstag |
|
| Themen zu PC hat eigenmächtig Internetseite h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad geöffnet |
| 4d36e972-e325-11ce-bfc1-08002be10318, 98uj8.de, antivirus, association, avira, computer, converter, desktop, device driver, dvdvideosoft ltd., email, excel, firefox, flash player, google, home, homepage, langsam, launch, logfile, microsoft-6zu4-adapter, mozilla, mp3, national, popup, realtek, registry, required, rundll, safer networking, server, software, svchost.exe, system, watch4.de, windows |
Linear-Darstellung
