Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Windows Update deaktiviert sich nach Neustart / Internet sporadisch nicht erreichbar / Java Exploits

Windows Update deaktiviert sich nach Neustart / Internet sporadisch nicht erreichbar / Java Exploits


Plagegeister aller Art und deren Bekämpfung: Windows Update deaktiviert sich nach Neustart / Internet sporadisch nicht erreichbar / Java Exploits

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 12.04.2013, 00:42   #1
Glam
 
Windows Update deaktiviert sich nach Neustart / Internet sporadisch nicht erreichbar / Java Exploits - Standard

Windows Update deaktiviert sich nach Neustart / Internet sporadisch nicht erreichbar / Java Exploits


Hallo, liebes Trojaner-Board,

wie schnell zwei Jahre vergehen … ich habe diesmal ein paar Probleme:

1. Windows Update deaktiviert sich von selbst. Das erste Mal bemerkte ich dies vor wenigen Tagen und stellte da auch fest, dass seit einem Monat nicht mehr aktualisiert wurde – dies holte ich dann manuell nach. Seit gestern kann ich über Windows Update nichts mehr aktualisieren; Virendefinitionen nur direkt über MSE.

2. Es kommt irgendwann am Tag vor, dass das Internet nicht mehr funktioniert. Für etwa 20 bis 30 Minuten. Die Windows-Diagnose berichtet lediglich davon, dass keine Verbindung zu www.microsoft.com hergestellt werden kann, aber alles ordnungsgemäß konfiguriert sei.

3. Ich erhielt gestern eine dubiose Droh-E-Mail (eindeutig Scam). Das hat mich dazu veranlasst einen Virencheck durchzuführen. MSE fand zwei Java Exploits, die ich dann entfernte. Ein 2012 und ein 2013er-Exploit, wovon das EVC-2012-1723 nebenan im Thread auch genannt wird.

Antonio

Hier anbei die gebrauchten Logfiles:

Defogger:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:44 on 12/04/2013 (Anwender)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
OTL

Code:
ATTFilter
OTL logfile created on: 12.04.2013 00:59:29 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Anwender\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,97 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 56,25% Memory free
3,93 Gb Paging File | 2,73 Gb Available in Paging File | 69,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 325,04 Gb Free Space | 69,80% Space Free | Partition Type: NTFS
 
Computer Name: FUTURES | User Name: Anwender | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.12 00:45:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anwender\Downloads\OTL.exe
PRC - [2013.03.26 03:31:57 | 003,497,552 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.26 03:32:02 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Origin\tufao.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.04.12 00:53:35 | 000,115,608 | ---- | M] (Mozilla Foundation) [Auto | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.12 22:16:17 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.07.17 16:25:28 | 000,580,648 | ---- | M] (WiseCleaner.com) [Auto | Stopped] -- C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.10.08 20:52:52 | 000,031,968 | -H-- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.02 12:23:05 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.13 12:05:50 | 010,629,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.08.21 01:45:22 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.27 15:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2012.11.13 22:53:00 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2011.06.02 12:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 70 0E 3B C1 C0 CD 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {8BF0409F-3F37-4D7F-9403-9B7FAAE69AE7}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{8BF0409F-3F37-4D7F-9403-9B7FAAE69AE7}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: %7Bc151d79e-e61b-4a90-a887-5a46d38fba99%7D:2.8
FF - prefs.js..extensions.enabledAddons: %7B46551EC9-40F0-4e47-8E18-8E5CF550CFB8%7D:1.3.1
FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.3.0
FF - prefs.js..extensions.enabledAddons: stefanvandamme%40stefanvd.net:2.1.0.23
FF - prefs.js..extensions.enabledAddons: %7B99e34760-2754-11e0-91fa-0800200c9a66%7D:5.5
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Anwender\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Anwender\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.08.09 11:46:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 00:53:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 00:53:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.02 16:14:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.02 16:14:16 | 000,000,000 | ---D | M]
 
[2012.08.14 19:50:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\Extensions
[2013.04.11 00:32:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\Firefox\Profiles\9rz8xp09.default\extensions
[2013.02.21 02:35:03 | 000,000,000 | ---D | M] (FT GraphiteGlow) -- C:\Users\Anwender\AppData\Roaming\mozilla\Firefox\Profiles\9rz8xp09.default\extensions\{99e34760-2754-11e0-91fa-0800200c9a66}
[2012.11.01 02:55:21 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Anwender\AppData\Roaming\mozilla\Firefox\Profiles\9rz8xp09.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2013.04.02 11:27:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\Firefox\Profiles\ynmmgqpj.23\extensions
[2013.02.25 21:16:51 | 000,000,000 | ---D | M] (FT GraphiteGlow) -- C:\Users\Anwender\AppData\Roaming\mozilla\Firefox\Profiles\ynmmgqpj.23\extensions\{99e34760-2754-11e0-91fa-0800200c9a66}
[2012.11.24 14:45:05 | 000,269,905 | ---- | M] () (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\firefox\profiles\9rz8xp09.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2012.11.21 18:27:01 | 000,112,944 | ---- | M] () (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\firefox\profiles\9rz8xp09.default\extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}.xpi
[2012.11.24 14:44:53 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\firefox\profiles\9rz8xp09.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.01 06:07:17 | 000,269,905 | ---- | M] () (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\firefox\profiles\ynmmgqpj.23\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2013.04.02 11:27:23 | 000,112,944 | ---- | M] () (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\firefox\profiles\ynmmgqpj.23\extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}.xpi
[2013.02.25 21:59:13 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\firefox\profiles\ynmmgqpj.23\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.12 00:53:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.09 11:46:48 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
File not found (No name found) -- C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9RZ8XP09.DEFAULT\EXTENSIONS\STEFANVANDAMME@STEFANVD.NET.XPI
File not found (No name found) -- C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9RZ8XP09.DEFAULT\EXTENSIONS\YOUTUBEUNBLOCKER@UNBLOCKER.YT.XPI
[2013.04.12 00:53:36 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.13 02:38:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.13 02:38:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.13 02:38:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.13 02:38:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.13 02:38:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.13 02:38:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Anwender\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Anwender\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Anwender\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Anwender\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.0_0\
CHR - Extension: Turn Off the Lights = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.35_0\
CHR - Extension: Audiotool = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk\1.1_0\
CHR - Extension: YouTube = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Stylish = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\1.1_0\
CHR - Extension: AdBlock = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: Futhead FIFA Ultimate Team Search = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpobadmlgbdpiiegjfaoimffjngaminj\1.1.2_0\
CHR - Extension: Northern Lights = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbnkklencjcmkepldaineciclcheaoef\1.1_0\
CHR - Extension: Google Mail = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [AviraSpeedup] C:\Program Files (x86)\Avira\AviraSpeedup\AviraSpeedup.exe (Avira)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: vizzed.com ([www] * in Vertrauenswürdige Sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B54AD02-1AD6-449E-B711-CB3A63C346C9}: DhcpNameServer = 192.168.0.1 192.168.0.2
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (expstart.exe) - C:\Windows\expstart.exe ()
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c745d19c-b2ab-11e0-9462-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c745d19c-b2ab-11e0-9462-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.12 00:53:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.11 23:41:08 | 000,000,000 | ---D | C] -- C:\Users\Anwender\AppData\Local\AviraSpeedup
[2013.04.11 23:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
[2013.04.11 23:40:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.04.11 23:35:09 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013.04.11 21:05:41 | 002,118,144 | ---- | C] (Geek Uninstaller Software) -- C:\Users\Anwender\Desktop\geek.exe
[2013.04.06 10:56:36 | 000,000,000 | ---D | C] -- C:\Users\Anwender\AppData\Roaming\FileZilla
[2013.04.02 17:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2013.03.27 17:37:28 | 000,000,000 | ---D | C] -- C:\Users\Anwender\cityguide
[2013.03.18 06:41:57 | 000,000,000 | ---D | C] -- C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FIFA 13 CAREER MODE EDITOR V. 1.0 BY DOCTOR+ PRODUCTIONS
[2013.03.18 06:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 13
[2013.03.14 01:37:16 | 000,000,000 | ---D | C] -- C:\Users\Anwender\AppData\Roaming\.mono
[2013.03.14 01:37:16 | 000,000,000 | ---D | C] -- C:\ProgramData\.mono
[2013.03.14 01:34:21 | 000,000,000 | ---D | C] -- C:\Users\Anwender\AppData\Roaming\Pokémon Trading Card Game Online
[2013.03.13 02:18:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BSW
[2013.03.13 02:18:14 | 000,000,000 | ---D | C] -- C:\Users\Anwender\AppData\Roaming\BSW
[2012.12.18 07:56:02 | 000,364,424 | ---- | C] (Bitsum Technologies) -- C:\Users\Anwender\AppData\Roaming\ProcessLassopl_rsrc_temp.dll
[2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Anwender\AppData\Local\CDRip.dll
[2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Anwender\AppData\Local\No23 Recorder.exe
[2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Anwender\AppData\Local\basscd.dll
[2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Anwender\AppData\Local\bass.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.12 00:43:49 | 000,000,000 | ---- | M] () -- C:\Users\Anwender\defogger_reenable
[2013.04.12 00:30:04 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1636361627-3063246627-1062591212-1001UA.job
[2013.04.12 00:16:08 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.11 23:41:08 | 000,001,167 | ---- | M] () -- C:\Users\Anwender\Desktop\Avira System Speedup.lnk
[2013.04.11 23:30:46 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1636361627-3063246627-1062591212-1001Core.job
[2013.04.11 23:23:28 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.11 20:49:14 | 000,925,184 | ---- | M] () -- C:\Windows\expstart.exe
[2013.04.11 20:47:15 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.11 20:47:15 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.11 20:44:33 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.11 20:44:33 | 000,696,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.11 20:44:33 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.11 20:44:33 | 000,148,144 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.11 20:44:33 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.11 20:39:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.11 20:39:53 | 1583,177,728 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.11 06:31:57 | 000,002,345 | ---- | M] () -- C:\Users\Anwender\Desktop\Google Chrome.lnk
[2013.04.11 01:02:31 | 000,359,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.09 12:45:43 | 002,118,144 | ---- | M] (Geek Uninstaller Software) -- C:\Users\Anwender\Desktop\geek.exe
[2013.04.08 16:39:03 | 000,001,063 | ---- | M] () -- C:\Users\Anwender\Desktop\Notepad++.lnk
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.02 12:45:58 | 000,001,105 | ---- | M] () -- C:\Users\Anwender\Desktop\ColorMania.lnk
[2013.03.18 06:41:57 | 000,002,230 | ---- | M] () -- C:\Users\Anwender\Desktop\FIFA 13 CAREER MODE EDITOR 1.0 by Doctor+.lnk
[2013.03.18 06:39:20 | 000,001,250 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 13.lnk
[2013.03.15 22:35:13 | 001,590,370 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.03.15 21:42:15 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
 
========== Files Created - No Company Name ==========
 
[2013.04.12 00:43:02 | 000,000,000 | ---- | C] () -- C:\Users\Anwender\defogger_reenable
[2013.04.11 23:41:08 | 000,001,167 | ---- | C] () -- C:\Users\Anwender\Desktop\Avira System Speedup.lnk
[2013.04.08 18:45:23 | 002,987,168 | ---- | C] () -- C:\Users\Anwender\Desktop\Squads 20121206102542#Squads 1
[2013.03.18 06:41:57 | 000,002,230 | ---- | C] () -- C:\Users\Anwender\Desktop\FIFA 13 CAREER MODE EDITOR 1.0 by Doctor+.lnk
[2013.03.18 06:39:20 | 000,001,250 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 13.lnk
[2012.12.05 20:23:38 | 000,065,536 | -H-- | C] () -- C:\Windows\SysWow64\WebCamLib.dll
[2012.09.09 23:53:08 | 000,002,677 | ---- | C] () -- C:\Users\Anwender\AppData\Local\recently-used.xbel
[2012.09.09 21:42:27 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2012.06.02 17:37:22 | 000,000,106 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012.03.18 13:46:38 | 000,007,598 | ---- | C] () -- C:\Users\Anwender\AppData\Local\Resmon.ResmonCfg
[2011.10.19 18:48:08 | 000,001,600 | ---- | C] () -- C:\Users\Anwender\AppData\Local\RecConfig.xml
[2011.07.20 10:51:54 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.07.20 10:51:51 | 000,022,587 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Anwender\AppData\Local\lame_enc.dll
[2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Anwender\AppData\Local\vorbisenc.dll
[2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Anwender\AppData\Local\vorbisfile.dll
[2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Anwender\AppData\Local\vorbis.dll
[2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Anwender\AppData\Local\ogg.dll
[2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Anwender\AppData\Local\no23xwrapper.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.14 01:37:16 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\.mono
[2012.12.05 20:23:38 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Apowersoft
[2013.03.18 09:16:48 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\BSW
[2012.11.17 13:37:52 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Dropbox
[2012.09.17 07:51:47 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Electronic Arts
[2013.04.07 05:35:58 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\FileZilla
[2012.09.14 08:51:37 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Foxit Software
[2012.06.10 08:14:44 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Geek Uninstaller
[2011.10.20 19:30:23 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\mp3DirectCut
[2013.04.11 22:49:02 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\MusicBee
[2012.10.19 03:28:58 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Need for Speed World
[2013.04.08 16:39:03 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Notepad++
[2011.10.07 07:49:17 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\OCS
[2012.09.08 07:55:18 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\OpenOffice.org
[2012.12.01 02:16:28 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Origin
[2013.03.14 01:34:21 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Pokémon Trading Card Game Online
[2012.12.10 03:24:05 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Steganos
[2012.09.07 19:42:35 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\SumatraPDF
[2011.09.29 00:48:39 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Thunderbird
[2013.04.11 01:07:04 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\uTorrent
[2013.04.11 20:38:54 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Wise Care 365
[2013.02.01 01:25:09 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Wise Game Booster
 
========== Purity Check ==========
 
 

< End of report >
OTL Extras

Code:
ATTFilter
OTL Extras logfile created on: 12.04.2013 00:59:29 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Anwender\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,97 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 56,25% Memory free
3,93 Gb Paging File | 2,73 Gb Available in Paging File | 69,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 325,04 Gb Free Space | 69,80% Space Free | Partition Type: NTFS
 
Computer Name: FUTURES | User Name: Anwender | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{151BFAE9-7338-4FF5-ACC7-F53E171E547B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{17F0B222-9AE7-447C-BE3A-3F82CC4BD33A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{18EA56CF-5DD3-4481-92E1-9545E1B3620B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{24E83A96-EE3F-4CAC-81A3-384BE50998E9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{30FCB2FB-C446-4C7A-ACB7-77A91C9036E6}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4EC63EAF-1445-4487-BA58-495B7A6C91F6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5EB44455-F92C-4A93-83FF-43AF08B7F69D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{61645462-82A0-476B-954C-7433599D6195}" = lport=445 | protocol=6 | dir=in | app=system | 
"{74652655-4128-4695-8DBD-2E82F309BA67}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7F12D987-3E40-4E85-B89A-989FBD1AC10E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{84A22CF3-C915-4452-934B-F1D731623908}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{863CD106-5979-4542-AB42-4E9AD76E9127}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8C0E1928-F2F6-4D9D-BC09-94EFE1848BDB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8D450547-DF46-49EA-8521-ECE90EC8A45D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{94C86489-0E7B-4454-8760-5C5F487AEC47}" = rport=137 | protocol=17 | dir=out | app=system | 
"{AC897D03-A5F4-483D-82D0-7E94477B677F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{ACEB5E87-14DD-4AEF-8C09-41F03AB8DD7C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{AD75323E-461D-4226-BC0C-415E58B6A4B4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{ADD1C1A4-4EB9-45D7-9730-F89BED03B242}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D53E1702-03CD-401D-BFA5-3F6A92D29525}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{DB6E29BF-397E-4DD8-B720-34BD3B8D02F4}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F6AC944B-B14A-4534-85B5-33F0AF7FE146}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04D4025A-F0B8-4355-B9A5-A9A626E06932}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe | 
"{19302FB8-77FC-471E-B21A-98740D7CCB0B}" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"{24F87131-2E4F-4B2F-A8E0-63BED3382262}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe | 
"{26BFA46A-55F4-44F2-B2C6-EA4B414DEE30}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{27E6445C-73DE-4B28-B7B6-B1EE32CECA6E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{313B270E-6C68-4573-B526-399B77483A87}" = protocol=58 | dir=in | app=system | 
"{40CD2539-9B33-4356-A304-E988DC15D6A9}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{45592A79-0A1D-4D4C-A172-3B8839B1E537}" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"{4B48FC9A-74F3-4253-B36D-A2AB21302825}" = protocol=17 | dir=in | app=c:\users\anwender\appdata\roaming\dropbox\bin\dropbox.exe | 
"{4DA5D1DF-B722-4126-B504-4B3FE784DA68}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"{52644687-2A2A-4E3D-8FE5-1B1423353D65}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{577787B7-38DA-48CA-B18E-ED50BCF080A9}" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"{5F8C0E19-F27B-4E60-B7ED-70DBE1F7B13F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{621AB6D7-3468-4A46-B7F9-7090F02113D9}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{6E11377E-BF73-45C4-8A4A-E13A042928C3}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"{7E9C6EF1-E1EC-4397-A429-EA819B5AA5BA}" = protocol=17 | dir=in | app=c:\users\anwender\appdata\roaming\dropbox\bin\dropbox.exe | 
"{8418B646-88B0-49A5-9254-21B17DEEAF00}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{8BFE3C3A-809A-4FB4-AAA6-B804C1E064B7}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\need for speed world\gamelauncher.exe | 
"{8CFFB4C0-F5C6-4A53-9667-324701B51C8E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{B16DAFE7-0AAA-4E1E-B305-B263E812C882}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{B2A1445A-B990-4606-B9ED-6FA3A974B84D}" = dir=in | app=c:\program files (x86)\apowersoft\screen recording suite\screen-recording-suite.exe | 
"{BA9CCFEF-A49C-4121-B8CB-867A17EFE1FA}" = dir=in | app=c:\users\anwender\appdata\local\microsoft\skydrive\skydrive.exe | 
"{BE5B0486-2379-4C26-8D61-1C9FB7694AEE}" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"{C520E0D0-0E07-43D7-9A0E-9D8C33E165B5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C7661CE0-DFF1-4C00-8AC6-C4B09446791B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D5F58EF8-ADF4-4387-9023-154F4D55E89E}" = protocol=6 | dir=in | app=c:\users\anwender\appdata\roaming\dropbox\bin\dropbox.exe | 
"{D8702464-CFAF-4F51-B430-9EA940D81E68}" = dir=in | app=c:\program files (x86)\apowersoft\screen recording suite\screenrecordingsuite.exe | 
"{DB3CC916-68B4-430B-AEB9-CA1619E66C96}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\need for speed world\gamelauncher.exe | 
"{F17E5882-2371-4ECF-A8E3-2ECC79E89D7B}" = protocol=6 | dir=in | app=c:\users\anwender\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F5B05575-D03C-46EE-9CC7-178E6FE0D843}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{227D9A52-8B07-4105-9022-4DED088400E8}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{2530AB4C-4C5D-46FC-AF6C-2CB5820A7E8A}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"TCP Query User{A48F3A59-1454-479F-BA1E-8E23D7E592A9}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"TCP Query User{E7155A27-F44F-427A-895A-4F4642E93CF1}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{0E770CD9-AD98-44AE-9677-C46BCC4C1435}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"UDP Query User{8582C45F-8D85-44B0-95C4-B4DAAC1153A5}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"UDP Query User{9B818C52-93E0-49D8-AAF6-B46EC9402D8E}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{A8B0DE73-6F5E-4E53-8CD3-01366231BEF9}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{BD198331-FF8A-4DEB-9F30-A0AC56625A3B}" = Microsoft LifeChat
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"camcodec" = CamStudio Lossless Codec
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Recuva" = Recuva
"Speccy" = Speccy
"VLC media player" = VLC media player 2.0.4
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3AF1B16A-7DC9-4C80-BAEC-70B088A7C5B8}" = Need For Speed™ World
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}" = System Requirements Lab for Intel
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{88F0F4FF-B514-4E32-9C17-CAF96D60EAFC}" = Razer Game Booster
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A8CC1D58-532C-4AAE-9A22-69FEA8CFCCA4}" = MusicBee
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1" = Wise Care 365 version 2.13
"{EB9F3F92-4857-4121-AA6F-1C424AC6C266}_is1" = Screen Recording Suite V2.5.0
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AviraSpeedup" = Avira System Speedup
"BrettspielWelt" = BrettspielWelt
"ColorMania_is1" = ColorMania 4.0
"DivX Setup" = DivX-Setup
"FormatFactory" = FormatFactory 3.0.1
"Fraps" = Fraps
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Origin" = Origin
"SopCast" = SopCast 3.5.0
"SumatraPDF" = SumatraPDF
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials
"Wise Game Booster_is1" = Wise Game Booster 1.09
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"FIFA 13 CAREER MODE EDITOR V. 1.0 BY DOCTOR+ PRODUCTIONS" = FIFA 13 CAREER MODE EDITOR V. 1.0 BY DOCTOR+ PRODUCTIONS
"FIFA13 SPECIAL FAST START BY DOCTOR+ PRODUCTIONS" = FIFA13 SPECIAL FAST START BY DOCTOR+ PRODUCTIONS
"Google Chrome" = Google Chrome
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.03.2013 16:47:21 | Computer Name = Futures | Source = RasClient | ID = 20227
Description = 
 
Error - 08.03.2013 16:47:26 | Computer Name = Futures | Source = RasClient | ID = 20227
Description = 
 
Error - 08.03.2013 16:47:28 | Computer Name = Futures | Source = RasClient | ID = 20227
Description = 
 
Error - 08.03.2013 16:47:30 | Computer Name = Futures | Source = RasClient | ID = 20227
Description = 
 
Error - 08.03.2013 16:47:44 | Computer Name = Futures | Source = RasClient | ID = 20227
Description = 
 
Error - 08.03.2013 16:47:45 | Computer Name = Futures | Source = RasClient | ID = 20227
Description = 
 
Error - 08.03.2013 16:47:46 | Computer Name = Futures | Source = RasClient | ID = 20227
Description = 
 
Error - 08.03.2013 16:47:51 | Computer Name = Futures | Source = RasClient | ID = 20227
Description = 
 
Error - 10.03.2013 05:12:39 | Computer Name = Futures | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 19.0.2.4814,
 Zeitstempel: 0x5138a1d3  Name des fehlerhaften Moduls: xul.dll, Version: 19.0.2.4814,
 Zeitstempel: 0x5138a0ed  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00172818  ID des fehlerhaften
 Prozesses: 0xa10c  Startzeit der fehlerhaften Anwendung: 0x01ce1cadca0ad1ff  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 a7a17e5f-8962-11e2-9161-e06995cbe3ee
 
Error - 11.03.2013 13:21:07 | Computer Name = Futures | Source = RasClient | ID = 20227
Description = 
 
[ System Events ]
Error - 12.09.2012 02:49:13 | Computer Name = Futures | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?12.?09.?2012 um 08:47:36 unerwartet heruntergefahren.
 
Error - 12.09.2012 07:09:45 | Computer Name = Futures | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 12.09.2012 15:55:59 | Computer Name = Futures | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 12.09.2012 19:49:57 | Computer Name = Futures | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht
 initialisieren.
 
Error - 13.09.2012 00:57:43 | Computer Name = Futures | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 13.09.2012 00:57:43 | Computer Name = Futures | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 14.09.2012 06:05:15 | Computer Name = Futures | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht
 initialisieren.
 
Error - 19.09.2012 13:45:35 | Computer Name = Futures | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 19.09.2012 13:45:35 | Computer Name = Futures | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 20.09.2012 11:37:34 | Computer Name = Futures | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
 
< End of report >

 

Themen zu Windows Update deaktiviert sich nach Neustart / Internet sporadisch nicht erreichbar / Java Exploits
.com, 7-zip, adblock, adobe, bho, error, explorer, fast start, firefox, flash player, format, helper, home, iexplore.exe, install.exe, internet, mozilla, msvcrt, neustart, object, origin, plug-in, programme, realtek, recuva, registry, rundll, scan, security, software, svchost.exe, tracker, trojaner-board, udp, windows


« Computerkriminalität des criminal intelligence service einheit 5.2 - Windows XP | snap.do »


Ähnliche Themen: Windows Update deaktiviert sich nach Neustart / Internet sporadisch nicht erreichbar / Java Exploits


  1. Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update
    Plagegeister aller Art und deren Bekämpfung - 23.12.2014 (19)
  2. PC 'friert' nach Start öfter ein und Windows Update lässt sich nicht installieren
    Plagegeister aller Art und deren Bekämpfung - 20.09.2014 (13)
  3. IE funktioniert nicht mehr (vermutlich nach Java Update..)- komme nicht mehr ins Internet
    Log-Analyse und Auswertung - 16.06.2014 (6)
  4. Windows 7 Tastertur setzt aus, Internet deaktiviert sich, Spiel minimiert sich
    Log-Analyse und Auswertung - 13.02.2014 (18)
  5. Windows 7 Pro: BKA Pop up (oder ähnlicher) lässt sich nicht mehr schließen, nach Neustart PC frei nutzbar
    Log-Analyse und Auswertung - 27.01.2014 (8)
  6. Win 7 (64bit); Versch. Schädlinge nach Java Update (? (Trojaner, Virus, Adware & Exploits)); Internetgeschwindigkeit massiv reduziert
    Log-Analyse und Auswertung - 18.09.2013 (11)
  7. Einige Internetseiten nicht erreichbar (wenige Sekunden nach Neustart), auch auf anderen PCs im Hause.
    Log-Analyse und Auswertung - 05.06.2013 (1)
  8. Trojaner, Java Viren und Exploits - in Form von z.B. Rogue.KD, Kalika.E, Agent.MT verschiedene Exploits :(
    Plagegeister aller Art und deren Bekämpfung - 03.01.2013 (9)
  9. Taskmanager nach jedem Neustart deaktiviert
    Log-Analyse und Auswertung - 27.12.2012 (15)
  10. XP: Windows Update und Firewall sind deaktiviert nach Trojanerbeseitigung
    Log-Analyse und Auswertung - 23.10.2012 (5)
  11. Java-Virus JAVA/Agent.LB und Exploits EXP/CVE-2008-5353.AG Windows 7
    Plagegeister aller Art und deren Bekämpfung - 03.01.2012 (18)
  12. Windows Update deaktiviert sich - hosts nicht mehr zu öffnen - Browser frieren ein
    Log-Analyse und Auswertung - 09.11.2010 (23)
  13. Windows update nicht erreichbar und google leitet auf falsche seiten weiter
    Plagegeister aller Art und deren Bekämpfung - 02.07.2010 (12)
  14. Windows Update deaktiviert sich - Antivir Seiten gesperrt
    Log-Analyse und Auswertung - 03.10.2009 (29)
  15. Internet geht nach ca. 10min nicht mehr / vorher nur lahm / nach neustart das gleiche
    Log-Analyse und Auswertung - 01.12.2008 (0)
  16. Nach Windows Update Internet Explorer schließt sich nach dem öffen kann es sein ?
    Log-Analyse und Auswertung - 15.12.2007 (3)
  17. Internet deaktiviert sich nach einiger Zeit / Ab und zu Virus Meldung :: Bitte Hilfee
    Log-Analyse und Auswertung - 01.11.2004 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows Update deaktiviert sich nach Neustart / Internet sporadisch nicht erreichbar / Java Exploits - Hallo, liebes Trojaner-Board, wie schnell zwei Jahre vergehen … ich habe diesmal ein paar Probleme: 1. Windows Update deaktiviert sich von selbst. Das erste Mal bemerkte ich dies vor wenigen - Windows Update deaktiviert sich nach Neustart / Internet sporadisch nicht erreichbar / Java Exploits...
Archiv
Du betrachtest: Windows Update deaktiviert sich nach Neustart / Internet sporadisch nicht erreichbar / Java Exploits auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132