| maddinsen | 24.04.2014 07:26 |
Hallo,
danke für die schnelle Antwort. Erst einmal Folgendes: Meinem Vater geht es offenbar sehr schlecht, wie ich vorhin hören musste. Es kann sein, dass ich nicht immer gleich antworten kann. Bitte sieh mir das nach.
Wie oben schon angesprochen, hatte Spybot (das ich vor Avira gestartet hatte) nichts Wesentliches gefunden: Code:
Search results from Spybot - Search & Destroy
23.04.2014 16:01:38
Scan took 00:42:49.
39 items found.
DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: maddin (default)) (Browser: Cookie, nothing done)
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: maddin (default)) (Browser: Cookie, nothing done)
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: maddin (default)) (Browser: Cookie, nothing done)
Statcounter: [SBI $4E2AF2AC] Tracking cookie (Firefox: maddin (default)) (Browser: Cookie, nothing done)
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: maddin (default)) (Browser: Cookie, nothing done)
WebTrends live: [SBI $4E2AF2AC] Tracking cookie (Firefox: maddin (default)) (Browser: Cookie, nothing done)
Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2899904355-2156711619-2554512039-1000\Software\Microsoft\Internet Explorer\TypedURLs
MS Media Player: [SBI $E48560B4] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2899904355-2156711619-2554512039-1000\Software\Microsoft\MediaPlayer\Player\RecentFileList
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2899904355-2156711619-2554512039-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2899904355-2156711619-2554512039-1000\Software\Microsoft\DirectInput\MostRecentApplication\Name
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2899904355-2156711619-2554512039-1000\Software\Microsoft\DirectInput\MostRecentApplication\Id
MS Office 10.0 (Office Startup Assistant): [SBI $8EC50E4A] Last used directory (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2899904355-2156711619-2554512039-1000\Software\Microsoft\Office\10.0\Osa\FindFile\Place
MS Office 11.0: [SBI $53EEAC4B] Last opened-from-web file (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-2899904355-2156711619-2554512039-1000\Software\Microsoft\Office\11.0\Common\Internet\UseRWHlinkNavigation
MS Office 11.0 (Excel): [SBI $8DAB8D88] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2899904355-2156711619-2554512039-1000\Software\Microsoft\Office\11.0\Excel\Recent Files
MS Office 11.0 (Outlook): [SBI $51367364] Typed search term history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2899904355-2156711619-2554512039-1000\Software\Microsoft\Office\11.0\Outlook\Office Finder
MS Office 11.0 (Word): [SBI $15AC27CE] Recent file list (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-2899904355-2156711619-2554512039-1000\Software\Microsoft\Office\11.0\Word\Data\Settings
MS Photo Editor: [SBI $4E767FED] Last used directory (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2899904355-2156711619-2554512039-1000\Software\Microsoft\Photo Editor\3.0\File Options\Path
MS Photo Editor: [SBI $ADB59025] Recently used file #1 (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-2899904355-2156711619-2554512039-1000\Software\Microsoft\Photo Editor\3.0\Microsoft Photo Editor\LastFile1
MS Photo Editor: [SBI $3DF342BE] Recently used file type #1 (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-2899904355-2156711619-2554512039-1000\Software\Microsoft\Photo Editor\3.0\Microsoft Photo Editor\LastType1
MS Photo Editor: [SBI $2C3EC112] Recently used file #2 (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-2899904355-2156711619-2554512039-1000\Software\Microsoft\Photo Editor\3.0\Microsoft Photo Editor\LastFile2
MS Photo Editor: [SBI $BC781389] Recently used file type #2 (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-2899904355-2156711619-2554512039-1000\Software\Microsoft\Photo Editor\3.0\Microsoft Photo Editor\LastType2
MS Photo Editor: [SBI $5347F1FF] Recently used file #3 (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-2899904355-2156711619-2554512039-1000\Software\Microsoft\Photo Editor\3.0\Microsoft Photo Editor\LastFile3
MS Photo Editor: [SBI $C3012364] Recently used file type #3 (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-2899904355-2156711619-2554512039-1000\Software\Microsoft\Photo Editor\3.0\Microsoft Photo Editor\LastType3
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2899904355-2156711619-2554512039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2899904355-2156711619-2554512039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2899904355-2156711619-2554512039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2899904355-2156711619-2554512039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2899904355-2156711619-2554512039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2899904355-2156711619-2554512039-1000\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2899904355-2156711619-2554512039-1000\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-2899904355-2156711619-2554512039-1000\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
WinRAR: [SBI $0B56E92B] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2899904355-2156711619-2554512039-1000\Software\WinRAR\ArcHistory
WinRAR: [SBI $B84F9965] Last used directory (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2899904355-2156711619-2554512039-1000\Software\WinRAR\General\LastFolder
Cookie: [SBI $49804B54] Browser: Cookie (25) (Browser: Cookie, nothing done)
Cache: [SBI $49804B54] Browser: Cache (16013) (Browser: Cache, nothing done)
Verlauf: [SBI $49804B54] Browser: History (1365) (Browser: History, nothing done)
Cookie: [SBI $49804B54] Browser: Cookie (2957) (Browser: Cookie, nothing done)
--- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) ---
2013-05-16 blindman.exe (2.1.18.151)
2013-05-16 explorer.exe (2.1.18.177)
2013-05-16 SDBootCD.exe (2.1.18.109)
2013-05-16 SDCleaner.exe (2.1.18.110)
2013-05-16 SDDelFile.exe (2.1.18.94)
2013-06-18 SDDisableProxy.exe
2013-05-16 SDFiles.exe (2.1.18.135)
2013-03-20 SDFileScanHelper.exe (2.1.16.1)
2013-05-16 SDFSSvc.exe (2.1.18.208)
2013-05-16 SDHookHelper.exe (2.1.18.2)
2013-05-16 SDHookInst32.exe (2.1.18.2)
2013-05-16 SDImmunize.exe (2.1.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-05-16 SDOnAccess.exe (2.1.18.4)
2013-05-16 SDPESetup.exe (2.1.18.3)
2013-05-16 SDPEStart.exe (2.1.18.86)
2013-05-16 SDPhoneScan.exe (2.1.18.28)
2013-05-16 SDPRE.exe (2.1.18.22)
2013-05-16 SDPrepPos.exe (2.1.18.10)
2013-05-16 SDQuarantine.exe (2.1.18.103)
2013-05-16 SDRootAlyzer.exe (2.1.18.116)
2013-05-16 SDSBIEdit.exe (2.1.18.39)
2013-05-16 SDScan.exe (2.1.18.177)
2013-05-16 SDScript.exe (2.1.18.53)
2013-05-16 SDSettings.exe (2.1.18.136)
2013-05-16 SDShell.exe (2.1.18.2)
2013-05-16 SDShred.exe (2.1.18.107)
2013-05-16 SDSysRepair.exe (2.1.18.101)
2013-05-16 SDTools.exe (2.1.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-05-16 SDUpdate.exe (2.1.18.91)
2013-05-16 SDUpdSvc.exe (2.1.18.76)
2013-07-10 SDWelcome.exe (2.1.21.129)
2013-05-15 SDWSCSvc.exe (2.1.18.2)
2013-06-19 spybotsd2-translation-frx.exe
2013-10-05 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-05-16 SDFileScanLibrary.dll (2.1.18.12)
2013-05-16 SDHook32.dll (2.1.18.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-04-22 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-03-19 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-01-09 Includes\Malware-001.sbi (*)
2014-01-09 Includes\Malware-002.sbi (*)
2014-02-05 Includes\Malware-003.sbi (*)
2014-01-28 Includes\Malware-004.sbi (*)
2014-04-15 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2014-04-22 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-04-22 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2014-01-08 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-01-15 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-01-15 Includes\Trojans-008.sbi (*)
2014-01-15 Includes\Trojans-009.sbi (*)
2014-04-22 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
Dieser Teil des Avira-Reports ist wohl von Interesse sein, was hältst Du davon?
Und wieso heißt es: "Infizierte Dateien in Archiven können nicht repariert werden"? Code:
Beginne mit der Suche in 'C:\' <Vista>
[0] Archivtyp: Runtime Packed
--> C:\$RECYCLE.BIN\S-1-5-21-2899904355-2156711619-2554512039-1000\$RJQ5EZV.exe
[1] Archivtyp: Runtime Packed
--> C:\$RECYCLE.BIN\S-1-5-21-2899904355-2156711619-2554512039-1000\$RNS04EO.exe
[2] Archivtyp: Runtime Packed
--> C:\$RECYCLE.BIN\S-1-5-21-2899904355-2156711619-2554512039-1000\$RZN7DGW.exe
[3] Archivtyp: Runtime Packed
--> C:\Program Files\TubeMaster++\jre-6u21-windows-i586-iftw-rv.exe
[4] Archivtyp: Runtime Packed
--> C:\Users\maddin\Downloads\chromeinstall-7u55 (1).exe
[5] Archivtyp: Runtime Packed
--> C:\Users\maddin\Downloads\chromeinstall-7u55.exe
[6] Archivtyp: Runtime Packed
--> C:\Users\maddin\Downloads\GyazoSetup.exe
[7] Archivtyp: Inno Setup
--> {tmp}\Adobe_FlashPlayer.exe
[FUND] Ist das Trojanische Pferd TR/Stoberox.A.25
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\maddin\Downloads\GyazoSetup.exe
[FUND] Ist das Trojanische Pferd TR/Stoberox.A.25
Beginne mit der Suche in 'E:\' <Data>
Beginne mit der Suche in 'I:\' <Elements>
Beginne mit der Desinfektion:
C:\Users\maddin\Downloads\GyazoSetup.exe
[FUND] Ist das Trojanische Pferd TR/Stoberox.A.25
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '567b5f4e.qua' verschoben!
Ich hatte zwischenzeitlich noch Malwarebytes einen Suchlauf machen lassen, allerdings nach Avira, da war die eine Datei schon in der Quarantäne (die andere Datei im Archiv konnte ja nicht repariert werden): Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2014.04.23.07
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
maddin :: MADDIN-PC [Administrator]
23.04.2014 20:16:48
MBAM-log-2014-04-24 (07-57-20).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|I:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 551582
Laufzeit: 4 Stunde(n), 36 Minute(n), 32 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 2
C:\Users\maddin\AppData\Local\Temp\ct3288691 (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\maddin\AppData\Local\Temp\ct3297861 (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
Infizierte Dateien: 4
C:\Users\maddin\AppData\Local\Temp\ct3288691\chromeid.txt (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\maddin\AppData\Local\Temp\ct3288691\setup.ini.txt (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\maddin\AppData\Local\Temp\ct3297861\chromeid.txt (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\maddin\AppData\Local\Temp\ct3297861\setup.ini.txt (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
(Ende)
Und hier Farbar:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-04-2014
Ran by maddin (administrator) on MADDIN-PC on 24-04-2014 08:14:52
Running from C:\Users\maddin\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
( ) C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
() C:\Program Files\Verbindungsassistent\WTGService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(www.bid-o-matic.org) C:\Program Files\Biet-O-Matic\Biet-O-Matic.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [cfFncEnabler.exe] => cfFncEnabler.exe
HKLM\...\Run: [Google EULA Launcher] => c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe [20480 2008-05-28] ( )
HKLM\...\Run: [Toshiba TEMPO] => C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe [103824 2008-04-24] (Toshiba Europe GmbH)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6037504 2008-04-08] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-10-31] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509816 2008-06-24] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [716800 2008-05-09] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [574864 2008-01-11] (Toshiba)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1406024 2008-06-10] (Microsoft Corporation)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] => C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1089536 2008-02-19] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [86016 2007-12-21] (Brother Industries, Ltd.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2899904355-2156711619-2554512039-1000\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\S-1-5-21-2899904355-2156711619-2554512039-1000\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2899904355-2156711619-2554512039-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2899904355-2156711619-2554512039-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
HKU\S-1-5-21-2899904355-2156711619-2554512039-1000\...\MountPoints2: D - D:\AutoRun.exe
HKU\S-1-5-21-2899904355-2156711619-2554512039-1000\...\MountPoints2: {0419e93b-ede0-11e2-bbd3-001e336f564f} - D:\AutoRun.exe
HKU\S-1-5-21-2899904355-2156711619-2554512039-1000\...\MountPoints2: {13d1b5c7-f4e3-11e2-8233-001e336f564f} - H:\AutoRun.exe
HKU\S-1-5-21-2899904355-2156711619-2554512039-1000\...\MountPoints2: {13d1b5c9-f4e3-11e2-8233-001e336f564f} - H:\AutoRun.exe
HKU\S-1-5-21-2899904355-2156711619-2554512039-1000\...\MountPoints2: {1fd57838-048c-11e2-bd0f-001e336f564f} - H:\AutoRun.exe
HKU\S-1-5-21-2899904355-2156711619-2554512039-1000\...\MountPoints2: {1fd5783a-048c-11e2-bd0f-001e336f564f} - H:\AutoRun.exe
HKU\S-1-5-21-2899904355-2156711619-2554512039-1000\...\MountPoints2: {3b34c6a4-2e13-11e1-bb53-00216382d78f} - D:\AutoRun.exe
HKU\S-1-5-21-2899904355-2156711619-2554512039-1000\...\MountPoints2: {3b34c6b7-2e13-11e1-bb53-00216382d78f} - D:\AutoRun.exe
HKU\S-1-5-21-2899904355-2156711619-2554512039-1000\...\MountPoints2: {3fbc606e-ebb2-11e2-be55-806e6f6e6963} - D:\AutoRun.exe
HKU\S-1-5-21-2899904355-2156711619-2554512039-1000\...\MountPoints2: {545dd981-d5ff-11e0-b2d0-00216382d78f} - D:\AutoRun.exe
HKU\S-1-5-21-2899904355-2156711619-2554512039-1000\...\MountPoints2: {545dd995-d5ff-11e0-b2d0-00216382d78f} - D:\AutoRun.exe
HKU\S-1-5-21-2899904355-2156711619-2554512039-1000\...\MountPoints2: {5f71d38d-7025-11df-b4b4-00216382d78f} - D:\AutoRun.exe
HKU\S-1-5-21-2899904355-2156711619-2554512039-1000\...\MountPoints2: {5f71d3a0-7025-11df-b4b4-00216382d78f} - D:\AutoRun.exe
HKU\S-1-5-21-2899904355-2156711619-2554512039-1000\...\MountPoints2: {61d441bf-acab-11e0-b298-001e336f564f} - D:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-2899904355-2156711619-2554512039-1000\...\MountPoints2: {6cd1a6ab-ced7-11e0-9532-001e336f564f} - I:\AutoRun.exe
HKU\S-1-5-21-2899904355-2156711619-2554512039-1000\...\MountPoints2: {8e24720f-9eef-11e0-a4e6-001e336f564f} - G:\AutoRun.exe
HKU\S-1-5-21-2899904355-2156711619-2554512039-1000\...\MountPoints2: {8e247212-9eef-11e0-a4e6-001e336f564f} - I:\AutoRun.exe
HKU\S-1-5-21-2899904355-2156711619-2554512039-1000\...\MountPoints2: {92c90fca-6d52-11df-b713-001e336f564f} - H:\AutoRun.exe
HKU\S-1-5-21-2899904355-2156711619-2554512039-1000\...\MountPoints2: {92c90fde-6d52-11df-b713-001e336f564f} - I:\AutoRun.exe
HKU\S-1-5-21-2899904355-2156711619-2554512039-1000\...\MountPoints2: {9564e70d-0194-11e3-827b-001e336f564f} - D:\AutoRun.exe
HKU\S-1-5-21-2899904355-2156711619-2554512039-1000\...\MountPoints2: {9564e711-0194-11e3-827b-001e336f564f} - D:\AutoRun.exe
HKU\S-1-5-21-2899904355-2156711619-2554512039-1000\...\MountPoints2: {988d3166-7605-11df-b5bc-00216382d78f} - D:\AutoRun.exe
HKU\S-1-5-21-2899904355-2156711619-2554512039-1000\...\MountPoints2: {988d3179-7605-11df-b5bc-00216382d78f} - D:\AutoRun.exe
HKU\S-1-5-21-2899904355-2156711619-2554512039-1000\...\MountPoints2: {a27744f2-ec50-11e2-81ce-001e336f564f} - D:\AutoRun.exe
HKU\S-1-5-21-2899904355-2156711619-2554512039-1000\...\MountPoints2: {a27744f6-ec50-11e2-81ce-001e336f564f} - D:\AutoRun.exe
HKU\S-1-5-21-2899904355-2156711619-2554512039-1000\...\MountPoints2: {a2a32e80-eca8-11e2-8146-806e6f6e6963} - D:\AutoRun.exe
HKU\S-1-5-21-2899904355-2156711619-2554512039-1000\...\MountPoints2: {abdb6fec-ec9f-11df-bc59-001e336f564f} - G:\AutoRun.exe
HKU\S-1-5-21-2899904355-2156711619-2554512039-1000\...\MountPoints2: {abdb6fef-ec9f-11df-bc59-001e336f564f} - G:\AutoRun.exe
HKU\S-1-5-21-2899904355-2156711619-2554512039-1000\...\MountPoints2: {d8f46404-eb2b-11e2-bc85-00216382d78f} - D:\AutoRun.exe
HKU\S-1-5-21-2899904355-2156711619-2554512039-1000\...\MountPoints2: {e221bb2d-dd4f-11e2-be6f-001e336f564f} - I:\AutoRun.exe
HKU\S-1-5-21-2899904355-2156711619-2554512039-1000\...\MountPoints2: {e221bb41-dd4f-11e2-be6f-001e336f564f} - D:\AutoRun.exe
HKU\S-1-5-21-2899904355-2156711619-2554512039-1000\...\MountPoints2: {f5cec626-eea4-11e2-962a-001e336f564f} - D:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
SearchScopes: HKLM - DefaultScope {4DDF2B0C-FB8C-48B6-A64A-D67F41EAE3ED} URL = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
SearchScopes: HKLM - {4DDF2B0C-FB8C-48B6-A64A-D67F41EAE3ED} URL = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No File
Toolbar: HKCU - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} hxxp://www.auctiva.com/Aurigma/ImageUploader57.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\maddin\AppData\Roaming\Mozilla\Firefox\Profiles\3ckuqcne.default
FF Homepage: hxxp://my.ebay.de/ws/eBayISAPI.dll?MyEbay&gbh=1&CurrentPage=MyeBayWatching&ssPageName=STRK:ME:LNLK:MEWAX
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @phonostar.de/phonostar - C:\Program Files\dradio-Recorder\npphonostarDetectNP.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Clippings - C:\Users\maddin\AppData\Roaming\Mozilla\Firefox\Profiles\3ckuqcne.default\Extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271} [2014-03-18]
FF Extension: Duplicate This Tab - C:\Users\maddin\AppData\Roaming\Mozilla\Firefox\Profiles\3ckuqcne.default\Extensions\duplicate-this-tab@mozilla.org.xpi [2013-01-11]
FF Extension: Open With - C:\Users\maddin\AppData\Roaming\Mozilla\Firefox\Profiles\3ckuqcne.default\Extensions\openwith@darktrojan.net.xpi [2013-01-11]
FF Extension: Clone Window - C:\Users\maddin\AppData\Roaming\Mozilla\Firefox\Profiles\3ckuqcne.default\Extensions\{ab8568cd-1789-4fc8-a530-218e9eab17e2}.xpi [2013-01-11]
FF Extension: Adblock Plus - C:\Users\maddin\AppData\Roaming\Mozilla\Firefox\Profiles\3ckuqcne.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-11]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-02-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-02-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\system32\npdeployJava1.dll No File
CHR Extension: (AutocompletePro plugin for chrome) - C:\Users\maddin\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk [2012-12-15]
CHR Extension: (Google Wallet) - C:\Users\maddin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKLM\...\Chrome\Extension: [apmlkonjgeeikpcnejmhnknofkmjkkoi] - C:\ProgramData\SaveByclick\apmlkonjgeeikpcnejmhnknofkmjkkoi.crx [2013-08-21]
CHR HKLM\...\Chrome\Extension: [defdhglnppeioeflggkmglipcecffkhk] - C:\Program Files\AutocompletePro\chrome\autocompleteprochrome.crx [2010-10-06]
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [994360 2011-07-29] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-07-29] (Secunia)
R2 TempoMonitoringService; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [99720 2008-04-24] (Toshiba Europe GmbH)
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2008-02-06] (TOSHIBA Corporation)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
R2 WTGService; C:\Program Files\Verbindungsassistent\WTGService.exe [296400 2009-03-03] ()
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-26] (Avira Operations GmbH & Co. KG)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [290304 2007-12-26] (Realtek Semiconductor Corporation )
R1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows (R) Codename Longhorn DDK provider)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-06] (Avira GmbH)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [113664 2009-12-08] (Huawei Technologies Co., Ltd.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-24 08:14 - 2014-04-24 08:15 - 00027613 _____ () C:\Users\maddin\Downloads\FRST.txt
2014-04-24 08:14 - 2014-04-24 08:14 - 01048576 _____ (Farbar) C:\Users\maddin\Downloads\FRST.exe
2014-04-24 08:14 - 2014-04-24 08:14 - 00000000 ____D () C:\FRST
2014-04-21 20:44 - 2014-04-21 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-21 20:44 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-21 20:44 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-21 20:44 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-21 20:44 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-21 20:43 - 2014-04-21 20:44 - 00004212 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-04-21 20:40 - 2014-04-21 20:40 - 00921512 _____ (Oracle Corporation) C:\Users\maddin\Downloads\chromeinstall-7u55.exe
2014-04-21 20:40 - 2014-04-21 20:40 - 00921512 _____ (Oracle Corporation) C:\Users\maddin\Downloads\chromeinstall-7u55 (1).exe
2014-04-11 07:58 - 2014-04-11 07:58 - 00001832 _____ () C:\Users\Public\Desktop\WISO Steuer 2014.lnk
2014-04-11 07:56 - 2014-04-11 07:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer 2014
2014-04-10 00:40 - 2014-03-08 01:51 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-10 00:40 - 2014-03-08 01:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-10 00:40 - 2014-03-08 01:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-10 00:40 - 2014-03-08 01:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-10 00:40 - 2014-03-08 01:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-10 00:40 - 2014-03-08 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-10 00:40 - 2014-03-08 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-10 00:40 - 2014-03-08 00:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-10 00:40 - 2014-03-08 00:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-10 00:40 - 2014-03-08 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-10 00:40 - 2014-03-08 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-10 00:40 - 2014-03-08 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-10 00:40 - 2014-03-08 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-10 00:40 - 2014-03-08 00:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-10 00:40 - 2014-03-08 00:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-10 00:40 - 2014-03-08 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-09 22:22 - 2014-02-06 03:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-08 20:18 - 2014-04-08 20:18 - 03649328 _____ (Microsoft Corporation) C:\Users\maddin\Downloads\office2003-KB2863822-FullFile-ENU.exe.part
2014-03-31 11:21 - 2014-03-31 11:21 - 00043628 _____ () C:\Users\maddin\Downloads\Cute Argentinian Lupe - xHamster.com.htm
2014-03-31 11:21 - 2014-03-31 11:21 - 00000000 ____D () C:\Users\maddin\Downloads\Cute Argentinian Lupe - xHamster.com_files
==================== One Month Modified Files and Folders =======
2014-04-24 08:15 - 2014-04-24 08:14 - 00027613 _____ () C:\Users\maddin\Downloads\FRST.txt
2014-04-24 08:14 - 2014-04-24 08:14 - 01048576 _____ (Farbar) C:\Users\maddin\Downloads\FRST.exe
2014-04-24 08:14 - 2014-04-24 08:14 - 00000000 ____D () C:\FRST
2014-04-24 08:09 - 2009-07-29 17:52 - 00000000 ____D () C:\Users\maddin\AppData\Roaming\BOM
2014-04-24 07:57 - 2012-03-21 00:40 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-24 07:01 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-24 07:01 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-24 03:00 - 2008-11-20 20:18 - 01445279 _____ () C:\Windows\WindowsUpdate.log
2014-04-23 23:46 - 2009-02-27 19:47 - 05728768 _____ () C:\Users\maddin\Desktop\porschebrillenSICHERUNG.xls
2014-04-23 20:28 - 2008-12-17 23:12 - 00000000 ____D () C:\Users\maddin\Desktop\Porsche
2014-04-23 13:57 - 2012-03-21 00:40 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-23 07:09 - 2008-01-21 09:16 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-23 07:04 - 2013-10-05 21:09 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-04-23 07:04 - 2009-08-19 12:12 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-04-23 07:01 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-23 00:04 - 2006-11-02 15:01 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-21 20:45 - 2013-10-17 00:19 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-21 20:44 - 2014-04-21 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-21 20:44 - 2014-04-21 20:43 - 00004212 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-04-21 20:44 - 2008-08-11 15:37 - 00000000 ____D () C:\Program Files\Java
2014-04-21 20:40 - 2014-04-21 20:40 - 00921512 _____ (Oracle Corporation) C:\Users\maddin\Downloads\chromeinstall-7u55.exe
2014-04-21 20:40 - 2014-04-21 20:40 - 00921512 _____ (Oracle Corporation) C:\Users\maddin\Downloads\chromeinstall-7u55 (1).exe
2014-04-16 00:34 - 2013-10-05 21:09 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-04-14 20:13 - 2014-04-21 20:44 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-14 20:05 - 2014-04-21 20:44 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-14 20:05 - 2014-04-21 20:44 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-14 20:04 - 2014-04-21 20:44 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-11 08:04 - 2012-04-04 22:39 - 00000000 ____D () C:\Users\maddin\Documents\Steuer
2014-04-11 08:03 - 2012-03-19 09:26 - 00000786 _____ () C:\Windows\wiso.ini
2014-04-11 07:58 - 2014-04-11 07:58 - 00001832 _____ () C:\Users\Public\Desktop\WISO Steuer 2014.lnk
2014-04-11 07:58 - 2012-03-19 09:26 - 00000000 ____D () C:\Users\maddin\AppData\Local\Buhl
2014-04-11 07:56 - 2014-04-11 07:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer 2014
2014-04-11 07:53 - 2012-03-19 09:22 - 00000000 ____D () C:\Program Files\WISO
2014-04-11 07:53 - 2008-08-11 15:48 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-04-11 00:07 - 2012-12-15 12:35 - 00001928 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-10 21:25 - 2013-08-10 22:22 - 00000000 ____D () C:\Users\maddin\AppData\Local\Paint.NET
2014-04-10 16:01 - 2010-08-27 23:12 - 00000000 ____D () C:\Users\maddin\Desktop\Hausbau
2014-04-10 07:57 - 2013-01-10 08:25 - 00074372 _____ () C:\Windows\PFRO.log
2014-04-10 00:42 - 2006-11-02 12:23 - 00000240 _____ () C:\Windows\win.ini
2014-04-10 00:40 - 2013-07-21 01:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 00:37 - 2006-11-02 12:24 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-04-08 20:18 - 2014-04-08 20:18 - 03649328 _____ (Microsoft Corporation) C:\Users\maddin\Downloads\office2003-KB2863822-FullFile-ENU.exe.part
2014-04-08 12:13 - 2014-02-27 11:33 - 00000000 ____D () C:\Users\maddin\Desktop\UrlaubStornierung
2014-03-31 20:34 - 2008-11-20 23:02 - 00099328 _____ () C:\Users\maddin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-31 11:21 - 2014-03-31 11:21 - 00043628 _____ () C:\Users\maddin\Downloads\Cute Argentinian Lupe - xHamster.com.htm
2014-03-31 11:21 - 2014-03-31 11:21 - 00000000 ____D () C:\Users\maddin\Downloads\Cute Argentinian Lupe - xHamster.com_files
2014-03-31 09:35 - 2009-10-03 05:56 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-27 16:14 - 2009-02-02 16:05 - 00000000 ____D () C:\Users\maddin\Schriftwechsel
Some content of TEMP:
====================
C:\Users\maddin\AppData\Local\Temp\avgnt.exe
C:\Users\maddin\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\maddin\AppData\Local\Temp\DivXSetup.exe
C:\Users\maddin\AppData\Local\Temp\ResetDevice.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-24 07:30
==================== End Of Log ============================
--- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-04-2014
Ran by maddin at 2014-04-24 08:15:52
Running from C:\Users\maddin\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutocompletePro (HKLM\...\AutocompletePro3_is1) (Version: - ) <==== ATTENTION
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Biet-O-Matic v2.12.0 (HKLM\...\Biet-O-Matic v2.12.0) (Version: Biet-O-Matic v2.12.0 - BOM Development Team)
Brother MFL-Pro Suite MFC-250C (HKLM\...\{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}) (Version: 1.1.8.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.03 - TOSHIBA)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dir-It! (HKLM\...\{602A58C3-BDF2-4B8A-B9D3-B6D9BACA386A}) (Version: 4.00.0000 - Wirth New Media Sarl)
Discountsurfer (HKCU\...\ONLINE FUCHS) (Version: 5.0.4 - TelTarif)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.84 - DivX, LLC)
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)
FastStone Capture 5.3 (HKLM\...\FastStone Capture) (Version: 5.3 - FastStone Soft)
FLV Player 2.0 (build 25) (HKLM\...\FLV Player) (Version: 2.0 (build 25) - Martijn de Visser)
Free M4a to MP3 Converter 6.0 (HKLM\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Garmin City Navigator Europe NT 2010 Update (HKLM\...\{C07B86C3-1816-4C59-927E-0287925DFB96}) (Version: 13.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM\...\{B3C9A441-C34D-40F3-9D3B-00EDDDAC74F1}) (Version: 2.8.1 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{B1102A25-3AA3-446B-AA0F-A699B07A02FD}) (Version: 1.0.0.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
Gyazo 1.0 (HKLM\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Toshiyuki Masui)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 6.3 (HKLM\...\{66A9D30D-1464-4C7F-B2F3-507DADAF2595}) (Version: 6.30.191.0 - Microsoft)
Microsoft Office Basic Edition 2003 (HKLM\...\{91130407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office XP Small Business (HKLM\...\{91130407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
myphotobook 3.6 (HKLM\...\myphotobook) (Version: 3.6 - myphotobook)
Nvu 1.0 (HKLM\...\Nvu_is1) (Version: 1.0 - Thorsten Fritz)
Orbit Downloader (HKLM\...\Orbit_is1) (Version: - www.orbitdownloader.com)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)
PaperPort Image Printer (HKLM\...\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PC Inspector File Recovery (HKLM\...\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}) (Version: 4.0 - )
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.1 - pdfforge)
PhotoFiltre 7 (HKCU\...\PhotoFiltre 7) (Version: - )
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5599 - Realtek Semiconductor Corp.)
REALTEK RTL8187B Wireless LAN Driver (HKLM\...\{895722FE-25FE-4854-95AC-B0C42F9DBEDA}) (Version: Package:1.00.0026 Driver:6.1116.1226.2007 - )
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.)
Realtek WiFi Protected Setup Library (HKLM\...\{02CA24DD-C8B0-4280-BE53-7862869C2EB1}) (Version: Package:1.00.0026 - REALTEK Semiconductor Corp.)
ScanSoft PaperPort 11 (HKLM\...\{7A8FF745-BBC5-482B-88E4-18D3178249A9}) (Version: 11.1.0000 - Nuance Communications, Inc.)
Secunia PSI (2.0.0.4002) (HKLM\...\Secunia PSI) (Version: - )
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
Surf & E-Mail-Stick (HKLM\...\Surf & E-Mail-Stick) (Version: 16.001.06.02.35 - Huawei Technologies Co.,Ltd)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.2.4.0 - Synaptics)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.08 - TOSHIBA)
TOSHIBA Benutzerhandbücher (HKLM\...\{1C971EE3-B4C4-4367-9676-57549919C6CE}) (Version: 7.40 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}) (Version: 7.2.20 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.31.14 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - Toshiba)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - Toshiba) Hidden
TOSHIBA Hardware Setup (HKLM\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.08 - )
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.1b - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems)
TOSHIBA Supervisor Password (HKLM\...\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.04 - )
Toshiba TEMPRO (HKLM\...\{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}) (Version: 1.1 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.24 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.1.24 - TOSHIBA Corporation) Hidden
TRDCReminder (HKLM\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0015 - TOSHIBA)
TRDCReminder (Version: 1.00.0015 - TOSHIBA) Hidden
TRORDCLauncher (HKLM\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.1 - TOSHIBA)
TRORDCLauncher (Version: 1.0.0.1 - TOSHIBA) Hidden
TubeMaster++ Version 1.9 (HKLM\...\{AA4D4EE3-0195-49F6-B0BF-C2789FD9C582}_is1) (Version: 1.9 - GgSofts)
Uniblue RegistryBooster 2010 (HKLM\...\{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1) (Version: - Uniblue Systems Ltd)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Verbindungsassistent (HKLM\...\Verbindungsassistent) (Version: 2.1 - Verbindungsassistent)
Visual C++ 9.0 CRT (x86) WinSXS MSM (Version: 9.0 - Microsoft Corporation) Hidden
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0) (HKLM\...\45A7283175C62FAC673F913C1F532C5361F97841) (Version: 03/08/2007 2.2.1.0 - Garmin)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
Windows Media Encoder 9 Series (Version: 9.00.3374 - Microsoft Corporation) Hidden
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
WISO Steuer 2012 (HKLM\...\{0CC1DAFB-40C8-4903-953D-471E541477C7}) (Version: 19.00.7303 - Buhl Data Service GmbH)
WISO Steuer 2013 (HKLM\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer 2014 (HKLM\...\{9BBA05EC-7EC9-41C2-85F5-644F599AE454}) (Version: 21.00.8480 - Buhl Data Service GmbH)
==================== Restore Points =========================
21-04-2014 18:42:11 Installed Java 7 Update 55
22-04-2014 05:44:51 Windows Update
23-04-2014 07:13:28 Geplanter Prüfpunkt
23-04-2014 23:50:00 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2006-11-02 12:23 - 2006-09-18 23:41 - 00000736 ____A C:\Windows\system32\Drivers\etc\hosts
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0CF1AAB5-7770-46DF-B2E5-6AD15F3656E4} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2008-06-10] (Microsoft Corporation)
Task: {161E56B0-B70B-4A18-AE60-CE5D37752E30} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2C439BCA-C171-4F7B-B37E-24367FF7E93D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-03-21] (Google Inc.)
Task: {2CD0A3AC-B38F-4885-B5FE-CE50FFC25BB8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-03-21] (Google Inc.)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3E6E99B9-C6EB-4AF9-9F54-4B3FB9FE1DDD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {4F1C1B42-86FC-41DA-94E7-0E627C6EAC41} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)
Task: {934B7930-4EFD-440B-BFD7-2DF0DC6BF705} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {AA1383BF-F663-4224-8409-EEE6847AD3E1} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {B79F5C99-7D2D-435D-A4DF-15453DC81C4C} - System32\Tasks\{20A5F546-D6E5-47FD-951F-EB60E7EB0787} => C:\Program Files\Skype\Phone\Skype.exe
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {FCED9E68-149E-4CBF-8EF4-53E54767BD51} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
==================== Loaded Modules (whitelisted) =============
2010-06-02 01:00 - 2001-10-28 18:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2013-08-06 10:42 - 2013-08-06 09:50 - 00394824 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2010-03-31 21:13 - 2010-03-15 11:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2013-10-05 21:08 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-10-05 21:08 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2013-10-05 21:08 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-10-05 21:08 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2013-10-05 21:08 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2008-03-06 11:14 - 2008-03-06 11:14 - 05121912 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2007-12-14 22:40 - 2007-12-14 22:40 - 00090112 _____ () C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
2008-08-11 16:03 - 2006-10-10 11:44 - 00009728 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2007-12-25 13:03 - 2007-12-25 13:03 - 00015184 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2006-10-07 12:57 - 2006-10-07 12:57 - 00053248 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2006-12-01 18:55 - 2006-12-01 18:55 - 00009216 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll
2013-08-29 02:23 - 2013-08-29 02:23 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2013-08-29 02:25 - 2013-08-29 02:25 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2013-06-25 21:18 - 2009-03-03 12:45 - 00296400 ____N () C:\Program Files\Verbindungsassistent\WTGService.exe
2014-02-15 11:11 - 2014-03-15 10:40 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2003-07-11 02:09 - 2003-07-11 02:09 - 00048192 _____ () C:\Program Files\Common Files\Microsoft Shared\Web Folders\1031\nsextint.dll
2009-08-05 10:45 - 2009-08-05 10:45 - 00106312 _____ () C:\Program Files\Microsoft Office\OFFICE11\OUTLCTL.DLL
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/24/2014 00:03:06 AM) (Source: Windows Search Service) (User: )
Description: Eintrag <MAPI://{S-1-5-21-2899904355-2156711619-2554512039-1000}/PERSÖNLICHE ORDNER($2CB1EF00)/X/POSTAUSGANG/가가가가갃곌걊겆갽겒걿걀겖갨겯갇걙곴갾갨겤갅공가> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (04/24/2014 00:03:06 AM) (Source: Windows Search Service) (User: )
Description: Eintrag <MAPI://{S-1-5-21-2899904355-2156711619-2554512039-1000}/PERSÖNLICHE ORDNER($2CB1EF00)/X/POSTAUSGANG/가가가가갃곌걊겆갽겒걿걀겖갨겯갇걙곴갾갨겤갅공가> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (04/23/2014 09:14:01 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <MAPI://{S-1-5-21-2899904355-2156711619-2554512039-1000}/PERSÖNLICHE ORDNER($2CB1EF00)/X/POSTAUSGANG/가가가가갃곌걊겆갽겒걿걀겖갨겯갇걙곴갾갨계갂공가> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (04/23/2014 09:14:01 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <MAPI://{S-1-5-21-2899904355-2156711619-2554512039-1000}/PERSÖNLICHE ORDNER($2CB1EF00)/X/POSTAUSGANG/가가가가갃곌걊겆갽겒걿걀겖갨겯갇걙곴갾갨계갂공가> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (04/23/2014 09:03:55 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <MAPI://{S-1-5-21-2899904355-2156711619-2554512039-1000}/PERSÖNLICHE ORDNER($2CB1EF00)/X/POSTAUSGANG/가가가가갃곌걊겆갽겒걿걀겖갨겯갇걙곴갾갨겄갂공가> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (04/23/2014 09:03:55 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <MAPI://{S-1-5-21-2899904355-2156711619-2554512039-1000}/PERSÖNLICHE ORDNER($2CB1EF00)/X/POSTAUSGANG/가가가가갃곌걊겆갽겒걿걀겖갨겯갇걙곴갾갨겄갂공가> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (04/23/2014 09:03:52 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <MAPI://{S-1-5-21-2899904355-2156711619-2554512039-1000}/PERSÖNLICHE ORDNER($2CB1EF00)/X/POSTAUSGANG/가가가가갃곌걊겆갽겒걿걀겖갨겯갇걙곴갾갨걤갂공가> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (04/23/2014 09:03:52 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <MAPI://{S-1-5-21-2899904355-2156711619-2554512039-1000}/PERSÖNLICHE ORDNER($2CB1EF00)/X/POSTAUSGANG/가가가가갃곌걊겆갽겒걿걀겖갨겯갇걙곴갾갨걤갂공가> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (04/23/2014 09:41:52 AM) (Source: Windows Search Service) (User: )
Description: Eintrag <MAPI://{S-1-5-21-2899904355-2156711619-2554512039-1000}/PERSÖNLICHE ORDNER($2CB1EF00)/X/POSTAUSGANG/가가가가갃곌걊겆갽겒걿걀겖갨겯갇걙곴갾갨갤곹곴가> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (04/23/2014 09:41:52 AM) (Source: Windows Search Service) (User: )
Description: Eintrag <MAPI://{S-1-5-21-2899904355-2156711619-2554512039-1000}/PERSÖNLICHE ORDNER($2CB1EF00)/X/POSTAUSGANG/가가가가갃곌걊겆갽겒걿걀겖갨겯갇걙곴갾갨갤곹곴가> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
System errors:
=============
Error: (04/23/2014 11:42:46 PM) (Source: disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR4.
Error: (04/23/2014 07:04:48 AM) (Source: ipnathlp) (User: )
Description: Die DHCP-Zuweisung wurde für IP-Adresse 192.168.2.100 deaktiviert, da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
Error: (04/23/2014 07:04:48 AM) (Source: ipnathlp) (User: )
Description: ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
Error: (04/22/2014 04:32:26 PM) (Source: disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.
Error: (04/22/2014 08:17:13 AM) (Source: Service Control Manager) (User: )
Description: Google Update-Dienst (gupdate)%%1053
Error: (04/22/2014 08:17:13 AM) (Source: Service Control Manager) (User: )
Description: 30000Google Update-Dienst (gupdate)
Error: (04/22/2014 08:14:37 AM) (Source: ipnathlp) (User: )
Description: Die DHCP-Zuweisung wurde für IP-Adresse 192.168.2.100 deaktiviert, da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
Error: (04/22/2014 08:14:37 AM) (Source: ipnathlp) (User: )
Description: ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
Error: (04/22/2014 08:11:23 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 22.04.2014 um 08:08:03 unerwartet heruntergefahren.
Error: (04/22/2014 07:37:44 AM) (Source: ipnathlp) (User: )
Description: Die DHCP-Zuweisung wurde für IP-Adresse 192.168.2.100 deaktiviert, da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
Microsoft Office Sessions:
=========================
Error: (04/24/2014 00:03:06 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
MAPI://{S-1-5-21-2899904355-2156711619-2554512039-1000}/PERSÖNLICHE ORDNER($2CB1EF00)/X/POSTAUSGANG/가가가가갃곌걊겆갽겒걿걀겖갨겯갇걙곴갾갨겤갅공가
Error: (04/24/2014 00:03:06 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
MAPI://{S-1-5-21-2899904355-2156711619-2554512039-1000}/PERSÖNLICHE ORDNER($2CB1EF00)/X/POSTAUSGANG/가가가가갃곌걊겆갽겒걿걀겖갨겯갇걙곴갾갨겤갅공가
Error: (04/23/2014 09:14:01 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
MAPI://{S-1-5-21-2899904355-2156711619-2554512039-1000}/PERSÖNLICHE ORDNER($2CB1EF00)/X/POSTAUSGANG/가가가가갃곌걊겆갽겒걿걀겖갨겯갇걙곴갾갨계갂공가
Error: (04/23/2014 09:14:01 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
MAPI://{S-1-5-21-2899904355-2156711619-2554512039-1000}/PERSÖNLICHE ORDNER($2CB1EF00)/X/POSTAUSGANG/가가가가갃곌걊겆갽겒걿걀겖갨겯갇걙곴갾갨계갂공가
Error: (04/23/2014 09:03:55 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
MAPI://{S-1-5-21-2899904355-2156711619-2554512039-1000}/PERSÖNLICHE ORDNER($2CB1EF00)/X/POSTAUSGANG/가가가가갃곌걊겆갽겒걿걀겖갨겯갇걙곴갾갨겄갂공가
Error: (04/23/2014 09:03:55 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
MAPI://{S-1-5-21-2899904355-2156711619-2554512039-1000}/PERSÖNLICHE ORDNER($2CB1EF00)/X/POSTAUSGANG/가가가가갃곌걊겆갽겒걿걀겖갨겯갇걙곴갾갨겄갂공가
Error: (04/23/2014 09:03:52 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
MAPI://{S-1-5-21-2899904355-2156711619-2554512039-1000}/PERSÖNLICHE ORDNER($2CB1EF00)/X/POSTAUSGANG/가가가가갃곌걊겆갽겒걿걀겖갨겯갇걙곴갾갨걤갂공가
Error: (04/23/2014 09:03:52 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
MAPI://{S-1-5-21-2899904355-2156711619-2554512039-1000}/PERSÖNLICHE ORDNER($2CB1EF00)/X/POSTAUSGANG/가가가가갃곌걊겆갽겒걿걀겖갨겯갇걙곴갾갨걤갂공가
Error: (04/23/2014 09:41:52 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
MAPI://{S-1-5-21-2899904355-2156711619-2554512039-1000}/PERSÖNLICHE ORDNER($2CB1EF00)/X/POSTAUSGANG/가가가가갃곌걊겆갽겒걿걀겖갨겯갇걙곴갾갨갤곹곴가
Error: (04/23/2014 09:41:52 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
MAPI://{S-1-5-21-2899904355-2156711619-2554512039-1000}/PERSÖNLICHE ORDNER($2CB1EF00)/X/POSTAUSGANG/가가가가갃곌걊겆갽겒걿걀겖갨겯갇걙곴갾갨갤곹곴가
CodeIntegrity Errors:
===================================
Date: 2014-04-24 00:12:45.040
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-24 00:12:42.918
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-24 00:12:40.812
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-24 00:12:38.690
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-24 00:12:36.444
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-24 00:12:34.120
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-24 00:08:48.200
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-24 00:08:46.079
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-24 00:08:43.879
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-24 00:08:41.742
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 57%
Total physical RAM: 2939.26 MB
Available physical RAM: 1239.18 MB
Total Pagefile: 6108.8 MB
Available Pagefile: 3903.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1887.34 MB
==================== Drives ================================
Drive c: (Vista) (Fixed) (Total:116.29 GB) (Free:28.85 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Data) (Fixed) (Total:115.13 GB) (Free:84.85 GB) NTFS
Drive i: (Elements) (Fixed) (Total:298.09 GB) (Free:235.76 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 5855FAD5)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=115 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: 000C0692)
Partition 1: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
FRST 32-Bit | FRST 64-Bit
Lesestoff:
AdwCleaner auf deinen Desktop.
Malwarebytes Anti-Malware 
TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
