uuuuuvex | 25.05.2013 09:52 | hier der fund von malwarebytes: Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2013.05.24.07
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
xxx :: xxx-PC [Administrator]
24.05.2013 21:10:08
MBAM-log-2013-05-24 (21-37-35).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 207913
Laufzeit: 13 Minute(n), 58 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 2
C:\Users\xxx\AppData\Roaming\Cuelle\libnspr4.dll (Trojan.FakeMS) -> Keine Aktion durchgeführt.
C:\Users\xxx\AppData\Local\Temp\libnspr4.dll (Trojan.FakeMS) -> Keine Aktion durchgeführt.
(Ende)
und die otl files: Code:
OTL logfile created on: 24.05.2013 21:39:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,93 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 63,39% Memory free
6,08 Gb Paging File | 4,78 Gb Available in Paging File | 78,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,08 Gb Total Space | 171,26 Gb Free Space | 59,45% Space Free | Partition Type: NTFS
Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.05.24 21:38:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.04.01 13:23:17 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.04.01 13:23:01 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.04.01 13:22:58 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Astrid\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.12.20 19:44:32 | 000,844,296 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.12.20 19:44:28 | 000,310,280 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.12.20 19:44:26 | 001,476,104 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\Kies.exe
PRC - [2012.05.23 08:57:30 | 000,871,608 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Citrix\ICA Client\wfcrun32.exe
PRC - [2012.05.23 08:54:42 | 000,371,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Citrix\ICA Client\concentr.exe
PRC - [2012.04.05 11:11:18 | 001,144,704 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Citrix\ICA Client\Receiver\Receiver.exe
PRC - [2012.04.03 11:00:24 | 000,051,128 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Citrix\SelfServicePlugin\SelfServicePlugin.exe
PRC - [2009.11.02 03:30:00 | 002,508,104 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.07.25 06:18:26 | 000,768,520 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2008.06.27 12:33:18 | 006,244,896 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.06.11 12:18:30 | 000,024,576 | ---- | M] () -- C:\Programme\EMACHINES\eMachines Recovery Management\Service\ETService.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.08.24 05:45:42 | 000,101,784 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
========== Modules (No Company Name) ==========
MOD - [2012.12.20 19:41:18 | 012,976,640 | ---- | M] () -- C:\Programme\Samsung\Kies\Theme\Kies.Theme.dll
MOD - [2012.12.20 13:31:44 | 000,572,416 | ---- | M] () -- C:\Programme\Samsung\Kies\Common\Kies.UI.dll
MOD - [2012.12.18 11:35:44 | 000,034,816 | ---- | M] () -- C:\Programme\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
MOD - [2012.12.18 11:35:06 | 000,023,040 | ---- | M] () -- C:\Programme\Samsung\Kies\MVVM\Kies.MVVM.dll
MOD - [2012.12.18 11:07:10 | 000,057,856 | ---- | M] () -- C:\Programme\Samsung\Kies\External\MediaModules\ASF_cSharpAPI.dll
MOD - [2012.12.12 07:34:13 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012.10.05 12:59:03 | 003,194,880 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012.10.05 12:59:03 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012.08.31 13:01:10 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2012.02.13 13:02:15 | 001,249,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
MOD - [2012.02.13 13:02:09 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2012.02.13 13:02:04 | 004,214,784 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
MOD - [2009.06.13 14:34:17 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
MOD - [2009.03.30 06:42:20 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2009.03.30 06:42:19 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2009.03.30 06:42:19 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2009.03.30 06:42:17 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2009.03.30 06:42:12 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.03.30 06:42:10 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2009.02.25 03:16:56 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2003.06.07 07:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll
========== Services (SafeList) ==========
SRV - [2013.05.20 20:03:32 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.15 16:49:47 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.04.01 13:23:17 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.04.01 13:22:58 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2008.06.11 12:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.08.24 04:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013.05.09 10:59:10 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013.05.09 10:59:10 | 000,368,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013.05.09 10:59:10 | 000,174,664 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013.05.09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013.05.09 10:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013.05.09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013.05.09 10:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013.05.09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013.04.01 13:23:19 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.04.01 13:23:19 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.04.01 13:23:19 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.09.20 06:35:36 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012.09.20 06:35:36 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.05.17 08:14:58 | 000,067,960 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2008.06.11 12:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008.06.10 12:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.03.17 11:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.04.17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006.11.02 15:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=e720
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=e720
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=e720
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/tb/ie_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {CEE438B0-8D23-43BD-AAAF-0823A494B43B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0C9BE677-668C-44B7-9BF4-60D03EB5C683}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=N7nV7JXvDwOgfsrGFMLlL7Lp9s8?q={searchTerms}
IE - HKCU\..\SearchScopes\{84EE01E4-BB12-412E-8548-DBB48CE4C558}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=7216D071-F749-4970-9500-BC9DA7BE6D9A&apn_sauid=37FBC488-8C66-4DF7-9809-1DABE7B9D46E
IE - HKCU\..\SearchScopes\{89FAD86A-4F5A-4459-89BD-2384D21B171E}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{BFCB5309-6270-4E5C-9372-E669C681DD8C}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\..\SearchScopes\{CEE438B0-8D23-43BD-AAAF-0823A494B43B}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW_de
IE - HKCU\..\SearchScopes\{EA6DBBB1-372A-4F57-A46D-B6E2F642C4C7}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: add-to-searchbox%40maltekraus.de:2.0
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.8.307
FF - prefs.js..extensions.enabledAddons: %7BC9B68337-E93A-44EA-94DC-CB300EC06444%7D:5.30.4
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.05.18 14:19:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2012.10.19 20:10:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions
[2013.05.16 18:10:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\z9rne1fk.default\extensions
[2013.05.16 18:10:01 | 000,000,000 | ---D | M] (WOT) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\z9rne1fk.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.03.31 14:55:16 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\z9rne1fk.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2013.03.26 20:22:35 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\z9rne1fk.default\extensions\donottrackplus@abine.com
[2013.03.31 15:05:52 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\z9rne1fk.default\extensions\ffxtlbr@delta.com
[2012.11.10 23:31:11 | 000,025,781 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\z9rne1fk.default\extensions\add-to-searchbox@maltekraus.de.xpi
[2012.12.13 22:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\z9rne1fk.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2012.10.19 20:16:29 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\z9rne1fk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013.03.07 02:06:18 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\z9rne1fk.default\extensions\donottrackplus@abine.com\chrome\content\ff\view_expiry.js
[2011.10.13 17:19:44 | 000,000,855 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\z9rne1fk.default\searchplugins\1und1-suche.xml
[2011.10.10 15:27:30 | 000,001,281 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\z9rne1fk.default\searchplugins\amazondotcom-de.xml
[2013.03.31 15:05:54 | 000,001,294 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\z9rne1fk.default\searchplugins\delta.xml
[2011.10.10 14:59:22 | 000,002,364 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\z9rne1fk.default\searchplugins\eBay-de.xml
[2011.10.13 17:01:56 | 000,010,507 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\z9rne1fk.default\searchplugins\gmx-suche.xml
[2011.10.10 15:12:38 | 000,002,385 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\z9rne1fk.default\searchplugins\lastminute.xml
[2011.10.13 17:34:10 | 000,002,248 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\z9rne1fk.default\searchplugins\mailcom-search.xml
[2013.05.20 20:03:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.20 20:03:34 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.03.31 15:03:08 | 000,006,508 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.12.14 09:57:14 | 000,002,157 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchTheWeb.xml
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [Uxxyduubm] C:\Users\xxx\AppData\Roaming\Cuelle\cihoy.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Astrid\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} hxxp://www.photodose.de/ips-opdata/operator/69189345/objects/canvasx.cab (CanvasX Class)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.photodose.de/ips-opdata/operator/69189345/objects/jordan.cab (JordanUploader Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DE48291-937F-4F23-A3D0-13D377260A3F}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6094CB2C-98BC-4A93-A44B-D3DB86A05EE3}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\xxx\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\xxx\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{e5738528-6716-11de-ae82-00235a569b62}\Shell - "" = AutoRun
O33 - MountPoints2\{e5738528-6716-11de-ae82-00235a569b62}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{e573852a-6716-11de-ae82-00235a569b62}\Shell - "" = AutoRun
O33 - MountPoints2\{e573852a-6716-11de-ae82-00235a569b62}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f039e429-5849-11de-95ca-00235a569b62}\Shell - "" = AutoRun
O33 - MountPoints2\{f039e429-5849-11de-95ca-00235a569b62}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f039e42f-5849-11de-95ca-00235a569b62}\Shell - "" = AutoRun
O33 - MountPoints2\{f039e42f-5849-11de-95ca-00235a569b62}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.24 21:38:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2013.05.24 21:09:17 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes
[2013.05.24 21:08:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.24 21:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.24 21:08:54 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.05.24 21:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.20 20:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.05.18 14:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.05.18 14:20:42 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.05.18 14:20:41 | 000,368,944 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.05.18 14:20:37 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.05.18 14:20:37 | 000,049,760 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013.05.18 14:20:36 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.05.18 14:20:29 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.05.18 14:20:28 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.05.18 14:18:40 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.05.18 14:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.05.18 14:16:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.05.17 18:42:24 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Hochzeit xxx und xxx 11.05.13
[2013.05.17 18:35:42 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Hamburg 28.02.-01.03.13
[2013.05.01 15:05:43 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Bridge
[2013.05.01 15:00:17 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Spiegel
[2013.05.01 13:35:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Ogvuuq
[2013.05.01 13:35:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Galyy
[2013.05.01 13:35:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Cuelle
========== Files - Modified Within 30 Days ==========
[2013.05.24 21:38:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2013.05.24 21:36:00 | 000,000,000 | ---- | M] () -- C:\Users\xxx\defogger_reenable
[2013.05.24 21:35:00 | 000,050,477 | ---- | M] () -- C:\Users\xxx\Desktop\Defogger.exe
[2013.05.24 21:08:59 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.05.24 20:55:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.24 20:49:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.24 20:36:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2013.05.24 20:36:55 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.24 20:36:23 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.24 20:36:23 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.24 20:36:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.24 20:36:10 | 3147,841,536 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.23 18:27:37 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013.05.22 21:07:17 | 000,025,600 | ---- | M] () -- C:\Users\xxx\Documents\Geld 2012 Bär.xlr
[2013.05.22 21:07:17 | 000,002,180 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\wklnhst.dat
[2013.05.18 14:20:44 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.05.18 14:20:29 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013.05.18 12:25:27 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013.05.17 18:31:08 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.17 18:31:08 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.17 18:31:08 | 000,125,378 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.17 18:31:08 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.17 16:14:18 | 000,020,992 | ---- | M] () -- C:\Users\xxx\Documents\Prinzessinnengeld1.xlr
[2013.05.16 16:25:35 | 000,340,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.13 21:07:19 | 000,030,727 | ---- | M] () -- C:\Users\xxx\Documents\Waage.ods
[2013.05.09 10:59:10 | 000,765,736 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.05.09 10:59:10 | 000,368,944 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.05.09 10:59:10 | 000,174,664 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.05.09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.05.09 10:59:10 | 000,049,376 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.05.09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.05.09 10:59:09 | 000,049,760 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013.05.09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.05.09 10:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.05.09 10:58:28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
========== Files Created - No Company Name ==========
[2013.05.24 21:36:00 | 000,000,000 | ---- | C] () -- C:\Users\xxx\defogger_reenable
[2013.05.24 21:34:59 | 000,050,477 | ---- | C] () -- C:\Users\xxx\Desktop\Defogger.exe
[2013.05.24 21:08:59 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.05.18 14:20:44 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.05.18 14:20:35 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.05.18 14:20:34 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.02.16 22:35:03 | 000,016,311 | ---- | C] () -- C:\Users\xxx\.TransferManager.db
[2013.01.27 12:24:29 | 000,000,246 | ---- | C] () -- C:\Windows\wininit.ini
[2012.12.18 11:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.12.18 11:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.12.18 11:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.12.18 11:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.12.18 11:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.09.18 17:31:20 | 000,000,857 | ---- | C] () -- C:\Users\xxx\.recently-used.xbel
[2011.03.13 20:55:05 | 000,000,680 | ---- | C] () -- C:\Users\xxx\AppData\Local\d3d9caps.dat
[2010.02.09 19:13:58 | 000,005,184 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009.07.15 17:35:28 | 000,002,180 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\wklnhst.dat
[2009.06.15 19:09:41 | 000,026,624 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2011.12.19 17:35:32 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\1&1 Mail & Media GmbH
[2013.03.29 16:29:23 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\AnvSoft
[2013.03.31 15:07:11 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\BabSolution
[2013.03.31 15:03:02 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Babylon
[2013.05.18 15:40:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Cuelle
[2013.05.24 20:39:32 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Dropbox
[2011.12.17 10:21:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\fotobuch.de AG
[2013.05.01 13:35:35 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Galyy
[2012.09.18 17:31:20 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\gtk-2.0
[2012.09.07 17:50:10 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ICAClient
[2012.05.28 20:00:12 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ICQ
[2009.06.13 22:45:08 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\InterVideo
[2012.09.26 17:06:06 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Langenscheidt
[2013.05.18 14:58:03 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ogvuuq
[2009.08.27 19:05:39 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\OpenOffice.org
[2013.03.31 15:03:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Optimizer Pro
[2013.02.16 20:29:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Samsung
[2010.09.30 19:21:04 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Template
[2009.06.13 14:03:07 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Vodafone
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:CF5C4195
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:8AB6C1D7
< End of report > Code:
OTL Extras logfile created on: 24.05.2013 21:39:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,93 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 63,39% Memory free
6,08 Gb Paging File | 4,78 Gb Available in Paging File | 78,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,08 Gb Total Space | 171,26 Gb Free Space | 59,45% Space Free | Partition Type: NTFS
Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A3BD388-905E-4422-A3AB-058F0033DADC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4C61EE98-FB3D-4F45-9FF5-81ECE62DE238}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{900498E1-C173-4FAE-8A5D-8010D9583F03}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9D71D38C-5C9C-4549-80D8-EE0A1CC0E958}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C3790585-1710-432A-A849-50C85C1097B8}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DB432D38-975F-4BF8-B5FF-056D1E175ABE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EAFEFA52-399B-4130-9C9E-6354650C70F5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F6EB0082-5EF1-4270-A308-A45494A56F22}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15A86B15-ACA3-461F-9A29-75583740A0E6}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{247C3C74-70DC-4ADD-A55D-EC3102B0307B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{37B17D1C-10FD-4515-91A3-F27935568514}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3A526904-A7B2-47AD-BFBB-858EFAA21C5B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{3FBB7E09-CE47-4A81-AB75-079E9F83C455}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{49612362-6B51-4A59-BF2D-D7A92CB5DC91}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4F0D85D6-85AF-4EEC-BFAD-88AAC234B37A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6B256466-A6F0-4136-B7CC-4A828A0923B2}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{72886A47-67AD-424E-95EC-0EB068403ED2}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{75C39AEF-D685-4527-A325-D37649D889DE}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{794BE6CF-4F82-4575-B5B2-B8B635A5C188}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{84872F10-4805-4391-A694-59230A86BE9A}" = protocol=17 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"{87FB78AD-283D-4550-A0FD-0842B5A42E4E}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{8E49ACE9-78E0-4A9D-8948-A3796F92AE29}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{A2E5D1A0-0821-4EC1-896E-DD32653060A7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A51038BF-001D-4763-8481-C84D47E6164D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{A547F228-9382-46A1-9524-FED56E51321B}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{B8B2DE30-982D-4580-A249-D040D455E8B0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BF279619-05D7-497B-A8BE-2137CFB9004F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C85875EB-D6A4-41F6-9E86-6B68C2DAE271}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{CC92A875-0703-4E1B-8B46-3DB4E252DFE7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DE84BDD0-987A-473A-9EF6-C0667F271B29}" = protocol=6 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"{EA0771F1-07BC-4318-8D94-D028E0079289}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F2D77A8D-D782-4116-96A1-12217C395BC2}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{F61E56FE-7FC7-44C3-9392-D66382E6C8AE}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{FCE9531D-B7BB-497F-B37A-3447CD35D7EB}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{1A572BB1-4FAB-42B3-BE7C-DE968AAD6BD1}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{1F9437C7-4A6A-434B-A5F8-761E345697BA}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{2E5C3701-36FF-4F9E-9107-F3C3BF638B07}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{30D452E1-FBD2-4F8F-AD8E-E5D76CED1E8B}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{3F411AF7-C9B6-421F-A0F6-2B69FA10A4DC}C:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\astrid\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{4F7DB614-5D91-4494-8E95-A8A99AAE47EA}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{6AE8AC03-104E-4F26-A6E3-01FCC3F8F474}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{AB0F7B42-B527-41C2-94ED-DCF5F07FD8EB}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{D4CE7A5B-E799-47C9-98E4-AB3F27284503}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{E17FC99A-D425-4AE1-AFE1-9AD97BD67572}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{FFE87A3E-D0D3-4794-B544-45CEEDC63246}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{0DC868F5-0B7F-4C92-881F-871CD17C7868}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{401C38BD-DD94-4283-A1FE-4F116EDDF5A0}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{5748D7CB-DB48-440D-A6AE-7C611CE9747F}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{611A4B4A-A32B-46F6-8DB4-B4BDEF336C70}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{7092F445-D93F-40B5-9D46-4A5C1FEE0DC1}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{83985F17-B5EC-4FCE-B397-5C58D60D4DB0}C:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\astrid\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{8F3467DC-BC4D-4F3E-8C01-C4A901352624}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{965484C4-FBC3-452C-B290-CCB9ED06B3ED}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{D54BA3D7-94E9-4FFC-A24A-EE4C682E1C60}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"UDP Query User{DD79B672-F749-4AA4-8DCE-2E923190614D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{EAE5C0D8-9007-46CC-9CF2-FBBCC39472AA}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2DE9C112-2482-4D27-AA90-1504DFD9F117}" = Citrix Authentication Manager
"{2EA6C7A4-9178-4C04-887E-D3515F4AAC1B}" = Online Plug-in
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{452F5D68-F680-4F84-9146-509C0DFEB8D6}" = Citrix Receiver (USB)
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{589D1E78-A6BA-485D-85D9-83F9E3DC1379}" = Vokabeltrainer En Vivo A1
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73A32AC6-C6DE-410E-8869-83E5D725DDE0}" = Citrix Receiver(Aero)
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = eMachines ScreenSaver
"{7CE1F876-6012-431F-A514-C67107D6D8E1}" = Citrix Receiver (DV)
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{82149c0c-52f4-42eb-9683-55ae065bad30}" = Begado
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}" = eMachines
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8EC50898-E24A-4C0C-A1F2-A71A8DBF291F}" = Citrix Receiver Inside
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A4987FC4-33BE-4227-B290-FAA1819B65C2}" = Vokabeltrainer-Update 5.0.27
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.5 - Deutsch
"{B48A3CE4-2F1E-45EF-841A-C0A3C407EB0F}" = Self-Service Plug-in
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CC4BBCBA-89F6-47C3-9B0F-5CE5BB1C316C}" = WEB.DE Toolbar MSVC100 CRT x86
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2A27492-2F6B-49BE-A4E4-BFCE01828FB7}" = Citrix Receiver (HDX Flash-Umleitung)
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar FF" = WEB.DE Toolbar für Mozilla Firefox
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter 5_is1" = Any Video Converter 5 5.0.4
"avast" = avast! Free Antivirus
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon iP2700 series Benutzerregistrierung" = Canon iP2700 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CitrixOnlinePluginPackWeb" = Citrix Receiver
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ElsterFormular" = ElsterFormular
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinGimp-2.0_is1" = GIMP 2.6.11
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.05.2013 08:06:49 | Computer Name = xxx-PC | Source = WinMgmt | ID = 10
Description =
Error - 19.05.2013 11:41:54 | Computer Name = xxx-PC | Source = WinMgmt | ID = 10
Description =
Error - 20.05.2013 05:40:21 | Computer Name = xxx-PC | Source = WinMgmt | ID = 10
Description =
Error - 20.05.2013 13:28:42 | Computer Name = xxx-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.05.2013 11:14:13 | Computer Name = xxx-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.05.2013 13:27:37 | Computer Name = xxx-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.05.2013 13:32:45 | Computer Name = xxx-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 22.05.2013 10:30:31 | Computer Name = xxx-PC | Source = WinMgmt | ID = 10
Description =
Error - 22.05.2013 13:45:06 | Computer Name = xxx-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.05.2013 07:35:57 | Computer Name = xxx-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.05.2013 14:37:55 | Computer Name = xxx-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 16.05.2013 12:09:49 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 18.05.2013 06:25:15 | Computer Name = xxx-PC | Source = DCOM | ID = 10005
Description =
Error - 18.05.2013 06:25:15 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 18.05.2013 06:25:15 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 19.05.2013 11:43:19 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 19.05.2013 11:43:20 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 19.05.2013 11:44:36 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 19.05.2013 11:44:36 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 20.05.2013 05:40:22 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 20.05.2013 05:40:22 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7009
Description =
< End of report > |