Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Instant Savings im Browser (bei FB, ebay ...)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.07.2013, 23:17   #1
herpedia
 
Instant Savings im Browser (bei FB, ebay ...) - Standard

Instant Savings im Browser (bei FB, ebay ...)



Hallo zusammen,

seit ein paar Tagen nervt mich dieses "Instant Savings" auf Facebook, Ebay usw... Überall tauchen die Werbeflächen auf, sogar im Text. Wie kann ich diesen Mist wieder los werden? Finde weder bei den AddOns etwas, noch bei "Programme deinstallieren".

Schon mal vielen Dank für Eure Hilfe!

LG

Hier noch die Inhalte
der FRST.txt


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2013
Ran by Dominik (administrator) on 20-07-2013 00:10:38
Running from C:\Users\USERXXX\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Akamai Technologies, Inc.) C:\Users\USERXXX\AppData\Local\Akamai\netsession_win.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Spotify Ltd) C:\Users\USERXXX\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Akamai Technologies, Inc.) C:\Users\USERXXX\AppData\Local\Akamai\netsession_win.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2000-01-01] (Microsoft Corporation)
HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2000-01-01] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12879976 2000-01-01] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-03] (NVIDIA Corporation)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\USERXXX\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\USERXXX\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-10] (Spotify Ltd)
MountPoints2: {17452ba4-0498-11e0-b381-bc054301286b} - E:\Autorun.exe
MountPoints2: {3bbc047a-fb02-11df-9f79-806e6f6e6963} - D:\autorun.exe
MountPoints2: {6e59b409-531f-11e2-bd6a-00241d74b654} - E:\AutoRun.exe
MountPoints2: {6e59b41b-531f-11e2-bd6a-00241d74b654} - E:\AutoRun.exe
MountPoints2: {d4e4449f-fb02-11df-a917-00241d74b654} - E:\pushinst.exe
HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\wlangui.exe [1904640 2009-03-20] (AVM Berlin)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.zona-de-galgos.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: (No Name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Plus-HD-2.3 - {11111111-1111-1111-1111-110311341126} - C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-bho.dll (Plus HD)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///D:/components/hidinputmonitorx.ocx
DPF: HKLM-x32 {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///D:/components/A9.ocx
DPF: HKLM-x32 {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///D:/components/wmvhdrating.ocx
DPF: HKLM-x32 {B07F54E6-0806-47DB-B5D8-398F240776F2} file:///D:/viewer/ORDcmViewCD.ocx
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\USERXXX\AppData\Roaming\Mozilla\Firefox\Profiles\v4fwmwdp.default
FF user.js: detected! => C:\Users\USERXXX\AppData\Roaming\Mozilla\Firefox\Profiles\v4fwmwdp.default\user.js
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=3 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=9 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\USERXXX\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\USERXXX\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
FF Extension: No Name - C:\Users\USERXXX\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
FF Extension: No Name - C:\Users\USERXXX\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF Extension: No Name - C:\Users\USERXXX\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Users\USERXXX\AppData\Roaming\Mozilla\Firefox\Profiles\v4fwmwdp.default\Extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\

Chrome: 
=======
CHR HomePage: hxxp://www.mediterrane-landschildkroeten.de/
CHR RestoreOnStartup: "hxxp://www.mediterrane-landschildkroeten.de/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\USERXXX\AppData\Local\Google\Chrome\Application\28.0.1500.72\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\USERXXX\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\USERXXX\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (PlayStation(R)Network Downloader Check Plug-in) - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Users\USERXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\USERXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Plus-HD-2.3) - C:\Users\USERXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.17_0
CHR Extension: (Gmail) - C:\Users\USERXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [hphibigbodkkohoglgfkddblldpfohjl] - C:\Program Files (x86)\TorrentHandler\TorrentHandler.crx
CHR HKLM-x32\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files (x86)\TornTV.com\torn10.crx
CHR HKLM-x32\...\Chrome\Extension: [pmlghpafmmnmmkjdhacccolfgnkiboco] - C:\Program Files (x86)\1ClickDownload\oneclickdownloader12.crx

==================== Services (Whitelisted) =================

R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-02] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-24] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [368640 2009-03-20] (AVM Berlin)
S2 dealplylive; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-07-17] (DealPly Technologies Ltd)
S3 dealplylivem; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-07-17] (DealPly Technologies Ltd)
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72280 2000-01-01] ()
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-11-27] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-29] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2009-03-20] (AVM Berlin)
R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [552704 2009-03-20] (AVM GmbH)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-11-27] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [508472 2011-10-05] (Duplex Secure Ltd.)
S2 SSPORT; C:\Windows\SysWow64\Drivers\SSPORT.sys [11576 2009-09-10] (Samsung Electronics)
S3 V0540Dev; C:\Windows\System32\DRIVERS\V0540Vid.sys [321376 2009-06-15] (Creative Technology Ltd.)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x]
S2 SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-20 00:10 - 2013-07-20 00:10 - 00000000 ____D C:\FRST
2013-07-20 00:09 - 2013-07-20 00:10 - 01779345 _____ (Farbar) C:\Users\USERXXX\Desktop\FRST64.exe
2013-07-20 00:00 - 2013-07-20 00:00 - 00602112 _____ (OldTimer Tools) C:\Users\USERXXX\Desktop\OTL.exe
2013-07-20 00:00 - 2013-07-20 00:00 - 00000586 _____ C:\Users\USERXXX\Desktop\defogger_disable.log
2013-07-20 00:00 - 2013-07-20 00:00 - 00000020 _____ C:\Users\USERXXX\defogger_reenable
2013-07-19 23:59 - 2013-07-19 23:59 - 00050477 _____ C:\Users\USERXXX\Desktop\Defogger.exe
2013-07-19 23:22 - 2013-07-20 00:01 - 00000112 _____ C:\Windows\setupact.log
2013-07-19 23:22 - 2013-07-19 23:22 - 00002306 _____ C:\Windows\PFRO.log
2013-07-19 23:22 - 2013-07-19 23:22 - 00000000 _____ C:\Windows\setuperr.log
2013-07-19 23:21 - 2013-07-19 23:21 - 00000085 _____ C:\Windows\wininit.ini
2013-07-19 21:06 - 2013-07-19 21:06 - 00009216 _____ C:\Users\USERXXX\Desktop\cc_20130719_210610.reg
2013-07-19 21:05 - 2013-07-19 21:05 - 00000333 _____ C:\AdwCleaner[S1].txt
2013-07-19 21:03 - 2013-07-19 21:05 - 00014005 _____ C:\AdwCleaner[R1].txt
2013-07-19 21:02 - 2013-07-19 21:03 - 00666633 _____ C:\Users\USERXXX\Desktop\adwcleaner.exe
2013-07-19 20:16 - 2013-07-19 20:38 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-19 20:16 - 2013-07-19 20:16 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-19 20:10 - 2013-07-19 20:15 - 36271144 _____ (Safer-Networking Ltd.                                       ) C:\Users\USERXXX\Desktop\spybot-2.1.exe
2013-07-19 14:52 - 2013-07-19 15:25 - 00000000 ____D C:\Users\USERXXX\AppData\Local\S2
2013-07-19 14:52 - 2013-07-19 14:52 - 00000000 __RHD C:\Users\USERXXX\AppData\Roaming\SecuROM
2013-07-19 14:52 - 2013-07-19 14:52 - 00000000 ____D C:\Users\USERXXX\Documents\S2
2013-07-19 12:48 - 2013-07-19 12:48 - 00002548 _____ C:\Users\UpdatusUser\Desktop\Die Siedler II - Die nächste Generation - Karteneditor.lnk
2013-07-19 12:48 - 2013-07-19 12:48 - 00002548 _____ C:\Users\USERXXX\Desktop\Die Siedler II - Die nächste Generation - Karteneditor.lnk
2013-07-19 12:48 - 2013-07-19 12:48 - 00002502 _____ C:\Users\UpdatusUser\Desktop\Die Siedler II - Die nächste Generation.lnk
2013-07-19 12:48 - 2013-07-19 12:48 - 00002502 _____ C:\Users\USERXXX\Desktop\Die Siedler II - Die nächste Generation.lnk
2013-07-19 12:48 - 2013-07-19 12:48 - 00000000 ____D C:\Users\USERXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2013-07-19 12:47 - 2013-07-19 12:47 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-07-19 10:17 - 2013-07-19 10:17 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-19 10:17 - 2013-07-19 10:17 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-19 10:17 - 2013-07-19 10:17 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-19 10:17 - 2013-07-19 10:17 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-07-19 10:17 - 2013-07-19 10:17 - 00000000 ____D C:\Program Files\Java
2013-07-19 10:16 - 2013-07-19 10:16 - 00000000 ____D C:\ProgramData\Apple Computer
2013-07-19 10:15 - 2013-07-19 10:15 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-07-18 09:56 - 2013-07-18 09:56 - 00001724 _____ C:\Users\Public\Desktop\Defraggler.lnk
2013-07-18 09:55 - 2013-07-18 09:55 - 03839648 _____ (Piriform Ltd) C:\Users\USERXXX\Downloads\dfsetup214.exe
2013-07-17 15:46 - 2013-07-17 15:46 - 00011492 _____ C:\Users\USERXXX\Desktop\cc_20130717_154623.reg
2013-07-17 15:32 - 2013-07-17 15:32 - 04396440 _____ (Piriform Ltd) C:\Users\USERXXX\Downloads\ccsetup403.exe
2013-07-17 15:23 - 2013-07-20 00:02 - 00001198 _____ C:\Windows\Tasks\Plus-HD-2.3-updater.job
2013-07-17 15:23 - 2013-07-20 00:01 - 00001910 _____ C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job
2013-07-17 15:23 - 2013-07-20 00:01 - 00001834 _____ C:\Windows\Tasks\Plus-HD-2.3-firefoxinstaller.job
2013-07-17 15:23 - 2013-07-20 00:01 - 00001202 _____ C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job
2013-07-17 15:23 - 2013-07-20 00:01 - 00001102 _____ C:\Windows\Tasks\Plus-HD-2.3-enabler.job
2013-07-17 15:23 - 2013-07-17 15:23 - 17273952 _____ C:\Users\USERXXX\Downloads\SETUP_A1-Faktura.exe
2013-07-17 15:23 - 2013-07-17 15:23 - 00004232 _____ C:\Windows\System32\Tasks\Plus-HD-2.3-codedownloader
2013-07-17 15:23 - 2013-07-17 15:23 - 00004228 _____ C:\Windows\System32\Tasks\Plus-HD-2.3-updater
2013-07-17 15:23 - 2013-07-17 15:23 - 00004132 _____ C:\Windows\System32\Tasks\Plus-HD-2.3-enabler
2013-07-17 15:23 - 2013-07-17 15:23 - 00000000 ____D C:\Program Files (x86)\Plus-HD-2.3
2013-07-17 15:22 - 2013-07-20 00:01 - 00000904 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
2013-07-17 15:22 - 2013-07-19 23:27 - 00000908 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2013-07-17 15:22 - 2013-07-17 15:22 - 00003904 _____ C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA
2013-07-17 15:22 - 2013-07-17 15:22 - 00003652 _____ C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore
2013-07-17 15:22 - 2013-07-17 15:22 - 00000000 ____D C:\Users\USERXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
2013-07-17 15:22 - 2013-07-17 15:22 - 00000000 ____D C:\Users\USERXXX\AppData\Roaming\Dealply
2013-07-17 15:22 - 2013-07-17 15:22 - 00000000 ____D C:\Users\USERXXX\AppData\Local\DealPlyLive
2013-07-17 15:22 - 2013-07-17 15:22 - 00000000 ____D C:\ProgramData\DealPlyLive
2013-07-17 15:22 - 2013-07-17 15:22 - 00000000 ____D C:\Program Files (x86)\DealPlyLive
2013-07-17 15:22 - 2013-07-17 15:22 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-07-17 15:21 - 2013-07-17 15:21 - 00620096 _____ C:\Users\USERXXX\Downloads\SETUP_A1-Faktura-Downloader.exe
2013-07-17 15:01 - 2013-07-17 15:01 - 00000000 ____D C:\Users\USERXXX\Desktop\herpedia
2013-07-17 15:00 - 2013-07-17 15:00 - 00000000 ____D C:\Users\USERXXX\AppData\Roaming\IT-Service Christian Hau (www.a-bit-more.de)
2013-07-17 14:58 - 2013-07-17 14:58 - 00001055 _____ C:\Users\UpdatusUser\Desktop\Zeiterfassung.lnk
2013-07-17 14:57 - 2013-07-17 14:58 - 06734957 _____ C:\Users\USERXXX\Downloads\Setup.Faktura.curr.zip
2013-07-13 10:27 - 2013-07-13 11:10 - 00000000 ____D C:\Users\USERXXX\Desktop\Schulunterricht
2013-07-10 17:54 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 17:54 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 17:54 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 17:54 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 17:54 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 17:54 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 17:54 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 17:54 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 17:54 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 17:54 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 17:54 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 17:54 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 17:54 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 17:54 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 17:54 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 17:54 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-10 17:54 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 17:54 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 17:54 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 17:54 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 17:54 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 17:54 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 17:54 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 17:54 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-10 17:54 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-10 17:54 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 17:54 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-10 17:54 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 17:54 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-10 17:54 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 17:54 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 10:53 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 10:53 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 10:53 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 10:53 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 10:53 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 10:53 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 10:53 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-03 13:00 - 2013-07-03 13:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-02 17:31 - 2013-07-02 17:31 - 04815135 _____ (FileZilla Project) C:\Users\USERXXX\Downloads\FileZilla_3.7.1_win32-setup.exe
2013-07-02 15:50 - 2013-07-02 15:50 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-07-02 15:48 - 2013-06-21 14:06 - 27781920 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-07-02 15:48 - 2013-06-21 14:06 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-07-02 15:48 - 2013-06-21 14:06 - 21102368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-07-02 15:48 - 2013-06-21 14:06 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-07-02 15:48 - 2013-06-21 14:06 - 15144928 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-07-02 15:48 - 2013-06-21 14:06 - 13411896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-07-02 15:48 - 2013-06-21 14:06 - 11235104 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-07-02 15:48 - 2013-06-21 14:06 - 09239344 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-07-02 15:48 - 2013-06-21 14:06 - 07687592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-07-02 15:48 - 2013-06-21 14:06 - 07641832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-07-02 15:48 - 2013-06-21 14:06 - 06324360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-07-02 15:48 - 2013-06-21 14:06 - 02953504 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-07-02 15:48 - 2013-06-21 14:06 - 02777888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-07-02 15:48 - 2013-06-21 14:06 - 02363680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-07-02 15:48 - 2013-06-21 14:06 - 02002720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-07-02 15:48 - 2013-06-21 14:06 - 01832224 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432049.dll
2013-07-02 15:48 - 2013-06-21 14:06 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432049.dll
2013-07-02 15:48 - 2013-06-21 14:06 - 00572704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-07-02 15:48 - 2013-06-21 14:06 - 00570656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-07-02 15:48 - 2013-06-21 14:06 - 00467232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-07-02 15:48 - 2013-06-21 14:06 - 00465184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-07-02 14:56 - 2013-07-02 14:56 - 00000000 ____D C:\Users\USERXXX\AppData\Local\NVIDIA
2013-06-27 13:44 - 2013-06-27 15:43 - 00000000 ____D C:\Users\USERXXX\Desktop\Werbung
2013-06-26 14:26 - 2013-06-26 15:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-06-21 05:16 - 2013-06-21 05:16 - 00566048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

==================== One Month Modified Files and Folders =======

2013-07-20 00:10 - 2013-07-20 00:10 - 00000000 ____D C:\FRST
2013-07-20 00:10 - 2013-07-20 00:09 - 01779345 _____ (Farbar) C:\Users\USERXXX\Desktop\FRST64.exe
2013-07-20 00:09 - 2009-07-14 06:45 - 00014832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-20 00:09 - 2009-07-14 06:45 - 00014832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-20 00:08 - 2011-04-23 10:05 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3958744611-970375325-1774594619-1000UA.job
2013-07-20 00:02 - 2013-07-17 15:23 - 00001198 _____ C:\Windows\Tasks\Plus-HD-2.3-updater.job
2013-07-20 00:01 - 2013-07-19 23:22 - 00000112 _____ C:\Windows\setupact.log
2013-07-20 00:01 - 2013-07-17 15:23 - 00001910 _____ C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job
2013-07-20 00:01 - 2013-07-17 15:23 - 00001834 _____ C:\Windows\Tasks\Plus-HD-2.3-firefoxinstaller.job
2013-07-20 00:01 - 2013-07-17 15:23 - 00001202 _____ C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job
2013-07-20 00:01 - 2013-07-17 15:23 - 00001102 _____ C:\Windows\Tasks\Plus-HD-2.3-enabler.job
2013-07-20 00:01 - 2013-07-17 15:22 - 00000904 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
2013-07-20 00:01 - 2010-11-28 21:31 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-20 00:01 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-20 00:00 - 2013-07-20 00:00 - 00602112 _____ (OldTimer Tools) C:\Users\USERXXX\Desktop\OTL.exe
2013-07-20 00:00 - 2013-07-20 00:00 - 00000586 _____ C:\Users\USERXXX\Desktop\defogger_disable.log
2013-07-20 00:00 - 2013-07-20 00:00 - 00000020 _____ C:\Users\USERXXX\defogger_reenable
2013-07-20 00:00 - 2012-09-06 21:08 - 01412770 _____ C:\Windows\WindowsUpdate.log
2013-07-20 00:00 - 2010-11-28 17:24 - 00000000 ____D C:\Users\USERXXX
2013-07-19 23:59 - 2013-07-19 23:59 - 00050477 _____ C:\Users\USERXXX\Desktop\Defogger.exe
2013-07-19 23:27 - 2013-07-17 15:22 - 00000908 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2013-07-19 23:27 - 2012-10-14 15:28 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-19 23:22 - 2013-07-19 23:22 - 00002306 _____ C:\Windows\PFRO.log
2013-07-19 23:22 - 2013-07-19 23:22 - 00000000 _____ C:\Windows\setuperr.log
2013-07-19 23:21 - 2013-07-19 23:21 - 00000085 _____ C:\Windows\wininit.ini
2013-07-19 21:16 - 2013-03-18 14:43 - 00000000 ____D C:\Users\USERXXX\AppData\Roaming\Spotify
2013-07-19 21:06 - 2013-07-19 21:06 - 00009216 _____ C:\Users\USERXXX\Desktop\cc_20130719_210610.reg
2013-07-19 21:05 - 2013-07-19 21:05 - 00000333 _____ C:\AdwCleaner[S1].txt
2013-07-19 21:05 - 2013-07-19 21:03 - 00014005 _____ C:\AdwCleaner[R1].txt
2013-07-19 21:03 - 2013-07-19 21:02 - 00666633 _____ C:\Users\USERXXX\Desktop\adwcleaner.exe
2013-07-19 20:38 - 2013-07-19 20:16 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-19 20:16 - 2013-07-19 20:16 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-19 20:15 - 2013-07-19 20:10 - 36271144 _____ (Safer-Networking Ltd.                                       ) C:\Users\USERXXX\Desktop\spybot-2.1.exe
2013-07-19 15:25 - 2013-07-19 14:52 - 00000000 ____D C:\Users\USERXXX\AppData\Local\S2
2013-07-19 14:52 - 2013-07-19 14:52 - 00000000 __RHD C:\Users\USERXXX\AppData\Roaming\SecuROM
2013-07-19 14:52 - 2013-07-19 14:52 - 00000000 ____D C:\Users\USERXXX\Documents\S2
2013-07-19 12:48 - 2013-07-19 12:48 - 00002548 _____ C:\Users\UpdatusUser\Desktop\Die Siedler II - Die nächste Generation - Karteneditor.lnk
2013-07-19 12:48 - 2013-07-19 12:48 - 00002548 _____ C:\Users\USERXXX\Desktop\Die Siedler II - Die nächste Generation - Karteneditor.lnk
2013-07-19 12:48 - 2013-07-19 12:48 - 00002502 _____ C:\Users\UpdatusUser\Desktop\Die Siedler II - Die nächste Generation.lnk
2013-07-19 12:48 - 2013-07-19 12:48 - 00002502 _____ C:\Users\USERXXX\Desktop\Die Siedler II - Die nächste Generation.lnk
2013-07-19 12:48 - 2013-07-19 12:48 - 00000000 ____D C:\Users\USERXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2013-07-19 12:47 - 2013-07-19 12:47 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-07-19 10:50 - 2012-02-11 16:49 - 00000000 ____D C:\Users\USERXXX\AppData\Roaming\SoftGrid Client
2013-07-19 10:29 - 2010-11-28 21:22 - 00000000 ____D C:\Users\USERXXX\AppData\Local\Adobe
2013-07-19 10:28 - 2012-10-14 15:28 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-19 10:28 - 2012-04-06 16:26 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-19 10:28 - 2011-05-16 10:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-19 10:17 - 2013-07-19 10:17 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-19 10:17 - 2013-07-19 10:17 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-19 10:17 - 2013-07-19 10:17 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-19 10:17 - 2013-07-19 10:17 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-07-19 10:17 - 2013-07-19 10:17 - 00000000 ____D C:\Program Files\Java
2013-07-19 10:17 - 2012-11-16 21:12 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-07-19 10:17 - 2012-11-16 21:12 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-07-19 10:16 - 2013-07-19 10:16 - 00000000 ____D C:\ProgramData\Apple Computer
2013-07-19 10:16 - 2011-07-02 14:35 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-07-19 10:15 - 2013-07-19 10:15 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-07-18 10:37 - 2011-08-24 06:56 - 00000000 ____D C:\Users\USERXXX\Desktop\Buchhaltung
2013-07-18 09:56 - 2013-07-18 09:56 - 00001724 _____ C:\Users\Public\Desktop\Defraggler.lnk
2013-07-18 09:56 - 2012-11-08 01:50 - 00000000 ____D C:\Program Files\Defraggler
2013-07-18 09:55 - 2013-07-18 09:55 - 03839648 _____ (Piriform Ltd) C:\Users\USERXXX\Downloads\dfsetup214.exe
2013-07-17 15:46 - 2013-07-17 15:46 - 00011492 _____ C:\Users\USERXXX\Desktop\cc_20130717_154623.reg
2013-07-17 15:45 - 2010-11-28 17:14 - 00000000 ____D C:\Windows\Panther
2013-07-17 15:33 - 2011-12-31 12:17 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-07-17 15:33 - 2011-12-31 12:17 - 00000000 ____D C:\Program Files\CCleaner
2013-07-17 15:32 - 2013-07-17 15:32 - 04396440 _____ (Piriform Ltd) C:\Users\USERXXX\Downloads\ccsetup403.exe
2013-07-17 15:23 - 2013-07-17 15:23 - 17273952 _____ C:\Users\USERXXX\Downloads\SETUP_A1-Faktura.exe
2013-07-17 15:23 - 2013-07-17 15:23 - 00004232 _____ C:\Windows\System32\Tasks\Plus-HD-2.3-codedownloader
2013-07-17 15:23 - 2013-07-17 15:23 - 00004228 _____ C:\Windows\System32\Tasks\Plus-HD-2.3-updater
2013-07-17 15:23 - 2013-07-17 15:23 - 00004132 _____ C:\Windows\System32\Tasks\Plus-HD-2.3-enabler
2013-07-17 15:23 - 2013-07-17 15:23 - 00000000 ____D C:\Program Files (x86)\Plus-HD-2.3
2013-07-17 15:22 - 2013-07-17 15:22 - 00003904 _____ C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA
2013-07-17 15:22 - 2013-07-17 15:22 - 00003652 _____ C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore
2013-07-17 15:22 - 2013-07-17 15:22 - 00000000 ____D C:\Users\USERXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
2013-07-17 15:22 - 2013-07-17 15:22 - 00000000 ____D C:\Users\USERXXX\AppData\Roaming\Dealply
2013-07-17 15:22 - 2013-07-17 15:22 - 00000000 ____D C:\Users\USERXXX\AppData\Local\DealPlyLive
2013-07-17 15:22 - 2013-07-17 15:22 - 00000000 ____D C:\ProgramData\DealPlyLive
2013-07-17 15:22 - 2013-07-17 15:22 - 00000000 ____D C:\Program Files (x86)\DealPlyLive
2013-07-17 15:22 - 2013-07-17 15:22 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-07-17 15:21 - 2013-07-17 15:21 - 00620096 _____ C:\Users\USERXXX\Downloads\SETUP_A1-Faktura-Downloader.exe
2013-07-17 15:01 - 2013-07-17 15:01 - 00000000 ____D C:\Users\USERXXX\Desktop\herpedia
2013-07-17 15:00 - 2013-07-17 15:00 - 00000000 ____D C:\Users\USERXXX\AppData\Roaming\IT-Service Christian Hau (www.a-bit-more.de)
2013-07-17 14:58 - 2013-07-17 14:58 - 00001055 _____ C:\Users\UpdatusUser\Desktop\Zeiterfassung.lnk
2013-07-17 14:58 - 2013-07-17 14:57 - 06734957 _____ C:\Users\USERXXX\Downloads\Setup.Faktura.curr.zip
2013-07-13 15:32 - 2010-11-28 18:15 - 00124008 _____ C:\Users\USERXXX\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-13 15:11 - 2012-01-02 23:15 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-13 15:11 - 2012-01-02 23:15 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-13 11:10 - 2013-07-13 10:27 - 00000000 ____D C:\Users\USERXXX\Desktop\Schulunterricht
2013-07-13 08:23 - 2011-04-28 10:31 - 00000000 ____D C:\Users\USERXXX\Desktop\VORLAGEN
2013-07-13 07:08 - 2011-04-23 10:05 - 00001076 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3958744611-970375325-1774594619-1000Core.job
2013-07-13 07:03 - 2011-04-23 10:05 - 00004102 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3958744611-970375325-1774594619-1000UA
2013-07-13 07:03 - 2011-04-23 10:05 - 00003706 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3958744611-970375325-1774594619-1000Core
2013-07-13 07:00 - 2012-01-02 23:15 - 00004110 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 07:00 - 2012-01-02 23:15 - 00003858 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-10 19:52 - 2009-07-14 06:45 - 05086896 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-10 19:50 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 19:50 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 19:50 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 18:01 - 2009-07-14 19:58 - 00756778 _____ C:\Windows\system32\perfh007.dat
2013-07-10 18:01 - 2009-07-14 19:58 - 00173252 _____ C:\Windows\system32\perfc007.dat
2013-07-10 18:01 - 2009-07-14 07:13 - 01789904 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-10 17:55 - 2010-11-29 09:16 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-10 10:16 - 2010-12-23 09:11 - 00000000 ____D C:\Users\USERXXX\AppData\Roaming\FileZilla
2013-07-10 10:11 - 2013-02-11 15:19 - 00000000 ____D C:\Users\USERXXX\Desktop\Fasching 2013
2013-07-10 09:09 - 2013-03-18 14:45 - 00000000 ____D C:\Users\USERXXX\AppData\Local\Spotify
2013-07-06 10:56 - 2013-01-31 20:50 - 00000000 ____D C:\Users\USERXXX\Desktop\Müller gg. FFF
2013-07-06 10:46 - 2010-12-05 19:08 - 00000000 ____D C:\Users\USERXXX\Desktop\Webseite2010
2013-07-03 19:56 - 2012-04-28 18:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-03 13:00 - 2013-07-03 13:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-02 17:48 - 2013-06-12 16:15 - 00010919 _____ C:\Users\USERXXX\Desktop\Gotthold.xlsx
2013-07-02 17:32 - 2013-05-13 10:14 - 00001960 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2013-07-02 17:32 - 2010-11-28 19:06 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-07-02 17:31 - 2013-07-02 17:31 - 04815135 _____ (FileZilla Project) C:\Users\USERXXX\Downloads\FileZilla_3.7.1_win32-setup.exe
2013-07-02 17:31 - 2012-11-04 15:51 - 00000000 ____D C:\Users\USERXXX\Desktop\schildkroetenforum.net_phpbb3
2013-07-02 15:50 - 2013-07-02 15:50 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-07-02 15:50 - 2010-11-28 21:31 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-07-02 14:56 - 2013-07-02 14:56 - 00000000 ____D C:\Users\USERXXX\AppData\Local\NVIDIA
2013-07-02 14:56 - 2010-11-28 21:30 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-06-30 10:57 - 2013-05-30 11:36 - 00000000 ____D C:\Users\USERXXX\Desktop\Webdesign
2013-06-30 10:56 - 2010-12-05 21:08 - 00000000 ____D C:\Users\USERXXX\Desktop\Bilder
2013-06-29 12:45 - 2011-11-10 11:27 - 00000000 ____D C:\Users\USERXXX\AppData\Local\Akamai
2013-06-27 15:43 - 2013-06-27 13:44 - 00000000 ____D C:\Users\USERXXX\Desktop\Werbung
2013-06-27 14:08 - 2012-02-16 16:39 - 00000099 _____ C:\Users\Public\LMDebug.log
2013-06-26 15:55 - 2011-03-10 18:32 - 00000000 ____D C:\Users\USERXXX\AppData\Roaming\Vocup
2013-06-26 15:29 - 2011-03-10 18:32 - 00000000 ____D C:\Users\USERXXX\Documents\Vokabelhefte
2013-06-26 15:22 - 2013-06-26 14:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-06-24 11:06 - 2013-05-07 12:18 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-06-21 14:06 - 2013-07-02 15:48 - 27781920 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-06-21 14:06 - 2013-07-02 15:48 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-06-21 14:06 - 2013-07-02 15:48 - 21102368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-06-21 14:06 - 2013-07-02 15:48 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-06-21 14:06 - 2013-07-02 15:48 - 15144928 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-06-21 14:06 - 2013-07-02 15:48 - 13411896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-06-21 14:06 - 2013-07-02 15:48 - 11235104 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-06-21 14:06 - 2013-07-02 15:48 - 09239344 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-06-21 14:06 - 2013-07-02 15:48 - 07687592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-06-21 14:06 - 2013-07-02 15:48 - 07641832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-06-21 14:06 - 2013-07-02 15:48 - 06324360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-06-21 14:06 - 2013-07-02 15:48 - 02953504 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-06-21 14:06 - 2013-07-02 15:48 - 02777888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-06-21 14:06 - 2013-07-02 15:48 - 02363680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-06-21 14:06 - 2013-07-02 15:48 - 02002720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-06-21 14:06 - 2013-07-02 15:48 - 01832224 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432049.dll
2013-06-21 14:06 - 2013-07-02 15:48 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432049.dll
2013-06-21 14:06 - 2013-07-02 15:48 - 00572704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-06-21 14:06 - 2013-07-02 15:48 - 00570656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-06-21 14:06 - 2013-07-02 15:48 - 00467232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-06-21 14:06 - 2013-07-02 15:48 - 00465184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-06-21 14:06 - 2013-05-25 01:27 - 12427240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-06-21 14:06 - 2013-05-25 01:27 - 02597856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-06-21 14:06 - 2013-02-26 00:32 - 15920536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-06-21 14:06 - 2013-02-26 00:32 - 02936208 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-06-21 14:06 - 2010-11-28 21:30 - 00021578 _____ C:\Windows\system32\nvinfo.pb
2013-06-21 12:23 - 2010-10-16 14:13 - 06496544 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-06-21 12:23 - 2010-10-16 14:13 - 03514656 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-06-21 12:23 - 2010-10-16 14:13 - 02555680 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-06-21 12:23 - 2010-10-16 14:13 - 00884512 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-06-21 12:23 - 2010-10-16 14:13 - 00237856 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-06-21 12:23 - 2010-10-16 14:13 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-06-21 05:16 - 2013-06-21 05:16 - 00566048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-06-20 21:40 - 2012-11-27 21:41 - 00000000 ____D C:\Users\USERXXX\Desktop\medication

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-13 16:11

==================== End Of Log ============================
         
--- --- ---

--- --- ---


und der addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2013
Ran by Dominik at 2013-07-20 00:11:17
Running from C:\Users\USERXXX\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
64 Bit HP CIO Components Installer (Version: 7.2.8)
Adobe AIR (x32 Version: 3.4.0.2540)
Adobe Digital Editions (x32)
Adobe Download Assistant (x32 Version: 1.2.5)
Adobe Dreamweaver CS5 (x32 Version: 11.0)
Adobe Fireworks CS5 (x32 Version: 11.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Media Player (x32 Version: 1.8)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122)
AIO_Scan (x32 Version: 130.0.365.000)
Akamai NetSession Interface (HKCU)
Akamai NetSession Interface Service (x32)
Amazon MP3-Downloader 1.0.17 (x32 Version: 1.0.17)
Apple Application Support (x32 Version: 2.3.4)
Apple Software Update (x32 Version: 2.1.3.127)
Arclab Web Form Builder (x32)
Avira Free Antivirus (x32 Version: 13.0.0.3737)
AVM FRITZ!WLAN (x32)
Biologie heute CD (x32 Version: 1.0)
BufferChm (x32 Version: 130.0.331.000)
C7200 (x32 Version: 130.0.365.000)
C7200_Help (x32 Version: 100.0.206.000)
CCleaner (Version: 4.03)
Chemie heute SII interaktiv (x32 Version: 27754)
Chinese Simplified Fonts Support For Adobe Reader X (x32 Version: 10.0.0)
Copy (x32 Version: 130.0.428.000)
Creative Live! Cam Video IM/Video Chat (VF0540) (1.01.03.00)
D3DX10 (x32 Version: 15.4.2368.0902)
Defraggler (Version: 2.14)
Destinations (x32 Version: 130.0.0.0)
Deutsche Post E-Porto (x32 Version: 2.3.0)
DeviceDiscovery (x32 Version: 130.0.465.000)
Diablo III (x32 Version: 1.0.3.10485)
Die Siedler II - Die nächste Generation (x32)
Divinity II - Ego Draconis (x32)
DocProc (x32 Version: 13.0.0.0)
Dropbox (HKCU Version: 2.0.22)
EAR 17 (x32 Version: 17.1)
ElsterFormular (x32 Version: 14.1.11318)
Fax (x32 Version: 130.0.418.000)
FileZilla Client 3.7.1 (x32 Version: 3.7.1)
Free YouTube to MP3 Converter version 3.12.2.419 (x32 Version: 3.12.2.419)
Gigabyte Raid Configurer (x32 Version: 1.17.59.0)
Google Chrome (HKCU Version: 28.0.1500.72)
Google Update Helper (x32 Version: 1.3.21.153)
GPBaseService2 (x32 Version: 130.0.371.000)
GSiteCrawler (x32 Version: v1.23)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photosmart All-In-One Driver Software 13.0 Rel. 2 (Version: 13.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HPDiagnosticAlert (x32 Version: 1.00.0000)
HPPhotoGadget (x32 Version: 130.0.282.000)
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000)
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000)
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000)
hpphotosmartdisclabelplugin (x32 Version: 2.04.0000)
HPPhotosmartEssential (x32 Version: 2.04.0000)
HPProductAssistant (x32 Version: 130.0.371.000)
HPSSupply (x32 Version: 130.0.371.000)
Image Resizer Powertoy Clone for Windows (64 bit) (Version: 2.1.1)
Inkscape 0.48.3.1 (x32 Version: 0.48.3.1)
Java 7 Update 21 (x32 Version: 7.0.210)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 6 Update 22 (x32 Version: 6.0.220)
Java(TM) 6 Update 29 (x32 Version: 6.0.290)
Litora in fenestris (x32 Version: 1.1.0)
MarketResearch (x32 Version: 130.0.374.000)
Mathcad PDSi viewable support (x32 Version: 9.0.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 - Deutsch (x32 Version: 14.0.6114.5002)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft SQL Server 2005 (x32)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (x32 Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual J# 2.0 Redistributable Package (x32 Version: 2.0.50727)
Microsoft Visual J# 2.0 Redistributable Package (x32)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
Mozilla Thunderbird 17.0.7 (x86 de) (x32 Version: 17.0.7)
MSVCRT (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Multiple Image Resizer .NET 4 (x32 Version: 4.0.0.1)
Network64 (Version: 130.0.572.000)
Network64 (Version: 140.0.221.000)
NVIDIA 3D Vision Controller-Treiber 320.49 (Version: 320.49)
NVIDIA 3D Vision Treiber 320.49 (Version: 320.49)
NVIDIA GeForce Experience 1.5.1 (Version: 1.5.1)
NVIDIA Grafiktreiber 320.49 (Version: 320.49)
NVIDIA Install Application (Version: 2.1002.125.816)
NVIDIA PhysX (x32 Version: 9.13.0604)
NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2049)
NVIDIA Systemsteuerung 320.49 (Version: 320.49)
NVIDIA Update 6.4.23 (Version: 6.4.23)
NVIDIA Update Components (Version: 6.4.23)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
on LBP3010/LBP3018/LBP3050
PDF/X-3 Inspector (Freeware) (x32)
Picasa 3 (x32 Version: 3.9)
Plus-HD-2.3 (x32 Version: 1.27.153.8)
PS_AIO_02_ProductContext (x32 Version: 130.0.365.000)
PS_AIO_02_Software (x32 Version: 130.0.365.000)
PS_AIO_02_Software_Min (x32 Version: 130.0.365.000)
QuickTime (x32 Version: 7.74.80.86)
Realtek Ethernet Controller Driver (x32 Version: 7.46.531.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6477)
Risen (x32 Version: 1.00.0000)
Risen 2 - Dark Waters (x32)
Samsung Kies (x32 Version: 2.5.1.12123_2)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.16.0)
Scan (x32 Version: 13.0.0.0)
Shop for HP Supplies (Version: 13.0)
Skype™ 6.2 (x32 Version: 6.2.106)
SlimDrivers (x32 Version: 2.2.17058)
SmartWebPrinting (x32 Version: 130.0.457.000)
Softwarenetz Rechnung4 (x32)
SolutionCenter (x32 Version: 130.0.373.000)
Source SDK Base 2007 (x32)
Spotify (HKCU Version: 0.9.1.57.ge7405149)
StarCraft II (x32 Version: 1.1.3.16939)
Status (x32 Version: 130.0.469.000)
Steam (x32 Version: 1.0.0.0)
swMSM (x32 Version: 12.0.0.1)
TeamViewer 8 (x32 Version: 8.0.16642)
The Elder Scrolls V: Skyrim (x32)
TomTom HOME 2.8.1.2218 (x32 Version: 2.8.1.2218)
TomTom HOME Visual Studio Merge Modules (x32 Version: 1.0.2)
Toolbox (x32 Version: 130.0.648.000)
Tools für Microsoft SQL Server 2005 Express Edition (x32 Version: 9.4.5000.00)
TrayApp (x32 Version: 130.0.422.000)
tulox (x32)
UnloadSupport (x32 Version: 11.0.0)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (x32 Version: 9.00.5000.00)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Vocup 1.4.3 (x32 Version: 1.4.3)
Wartung Samsung CLP-320 Series (x32)
WebReg (x32 Version: 130.0.132.017)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
WinRAR

==================== Restore Points  =========================

18-07-2013 14:25:15 Geplanter Prüfpunkt
19-07-2013 07:40:41 Windows Update
19-07-2013 08:15:46 Installed QuickTime
19-07-2013 08:17:12 Installed Java 7 Update 25 (64-bit)
19-07-2013 10:47:52 DirectX wurde installiert

==================== Hosts content: ==========================

2009-07-14 04:34 - 2010-12-09 07:50 - 00001254 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com
127.0.0.1 adobe-dns-5.adobe.com
127.0.0.1 hh-software.com
127.0.0.1 H+H Software GmbH
127.0.0.1 activate.adobe.de
127.0.0.1 practivate.adobe.de
127.0.0.1 ereg.adobe.de
127.0.0.1 activate.wip3.adobe.de

There are 11 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {0A1FAA1C-D234-4A3B-B3CF-3358D2E1373A} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2000-01-01] (Microsoft Corporation)
Task: {0C42DD15-9464-47F8-8473-B4E961C09844} - System32\Tasks\Plus-HD-2.3-firefoxinstaller => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-firefoxinstaller.exe [2013-07-17] (Plus HD)
Task: {0FA8912E-2D66-4B19-BF6E-CC19DA4ED42A} - System32\Tasks\{5594E46A-6669-4724-B7B8-0B3964C7CF93} => D:\eFilmLt.exe No File
Task: {13BE7C1B-1E53-45EE-B1EB-E3D842E159DC} - System32\Tasks\Plus-HD-2.3-codedownloader => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe [2013-07-17] (Plus HD)
Task: {1A433075-D9AF-43D7-8B93-CFA2AA3EC4F8} - System32\Tasks\{B16F6FDA-D79F-4992-89A6-602117CFDBB0} => D:\eFilmLt.exe No File
Task: {1FD9F13B-B328-492E-B8EF-B5F74BC09525} - System32\Tasks\{F304EA15-BFB2-4929-973C-6734B2D51A01} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2013-06-26] (Mozilla Corporation)
Task: {209A37E2-AAB0-43AA-A6EB-C869E7649030} - System32\Tasks\DealPlyLiveUpdateTaskMachineCore => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-07-17] (DealPly Technologies Ltd)
Task: {285211F7-E679-4817-B9AA-7782F1B22ACE} - System32\Tasks\Plus-HD-2.3-enabler => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-enabler.exe [2013-07-17] (Plus HD)
Task: {2888FF4E-6889-4971-B97D-B1406289CFF4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-19] (Adobe Systems Incorporated)
Task: {3BA8F337-33EA-4CD4-B71E-1D7D465B280F} - System32\Tasks\{499A8193-2055-43A8-9A8F-3202D46E533E} => C:\Users\USERXXX\Downloads\falzass.exe No File
Task: {430919BF-A382-4E77-A84C-BC2D874FFF0C} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {60A342AF-9AD8-47ED-A1DC-39111D92845C} - System32\Tasks\{95471265-75C3-468E-B578-AEC471E02A53} => C:\Programme\Schroedel\Chemie heute SII\bin\Release\LearnWeb.exe No File
Task: {6E4D937B-F87B-4EE4-A39F-5B07A703CEBA} - System32\Tasks\{04AE94F7-62EB-427C-BDE9-D5EDD0FE68A5} => D:\eFilmLt.exe No File
Task: {70058DEA-A7AD-4670-9220-C2518014EE03} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3958744611-970375325-1774594619-1000Core => C:\Users\USERXXX\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-23] (Google Inc.)
Task: {723EAC2D-298E-473F-8714-00BA755DD031} - System32\Tasks\Plus-HD-2.3-chromeinstaller => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-chromeinstaller.exe [2013-07-17] (Plus HD)
Task: {73DFCA14-ADD4-4779-844A-84009FABFCBD} - System32\Tasks\{B6DCA215-F5B9-493E-BFD1-3111B1C65E43} => D:\eFilmLt.exe No File
Task: {7EA95E01-2867-4F1A-9099-6ECA9F8A88E4} - System32\Tasks\{A8E76163-FFAE-4EF8-BDBD-FAF9BCC747E7} => D:\eFilmLt.exe No File
Task: {80EEDB1B-664E-4529-B4C7-436A4FB66F7C} - System32\Tasks\{71634EA8-FC7F-4457-B79E-A0A7E5C581C4} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-02-07] (Skype Technologies S.A.)
Task: {8414D22F-995A-4A8E-B4E4-12ED33F6C817} - System32\Tasks\DealPlyLiveUpdateTaskMachineUA => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-07-17] (DealPly Technologies Ltd)
Task: {84FB056C-BB9F-41BC-BCE4-C37272961973} - System32\Tasks\Plus-HD-2.3-updater => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-updater.exe [2013-07-17] (Plus HD)
Task: {8993978B-C7AB-4461-B334-AEBDCD6AF1C2} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {8C2CE0E3-C229-4123-975C-4595C5A2C0C7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3958744611-970375325-1774594619-1000UA => C:\Users\USERXXX\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-23] (Google Inc.)
Task: {90C5EB26-693F-4CFF-B9DD-588A2D64C7A5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-02] (Google Inc.)
Task: {9122BB62-AAA3-4A51-B966-BCA2833FDE25} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2000-01-01] (Microsoft Corporation)
Task: {A8A35AFE-E6A7-44A9-A548-6BD0942F2DEB} - System32\Tasks\{B4107D40-FD9F-4858-902E-A6CDBC9A35C8} => D:\eFilmLt.exe No File
Task: {B5C3EBD2-C926-4FE7-B493-F1C69A7483FA} - System32\Tasks\{83B7F3DE-AC76-46CD-8B75-1310E3CE9E6D} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2013-06-26] (Mozilla Corporation)
Task: {C3009187-638D-44D4-BF34-EEA2B0D1A2AD} - System32\Tasks\{9D6125B0-6D08-4580-855A-219B09623C33} => D:\eFilmLt.exe No File
Task: {C476B9BD-F684-4C4B-B854-9451B1B611A2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-02] (Google Inc.)
Task: {C7C36EB4-E38C-48CB-98A9-25EBF5AFE49C} - System32\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A} => C:\Users\USERXXX\AppData\Local\Temp\Ery.exe No File
Task: {D3B2E2A5-429D-4EA2-ABE7-A66DA564784E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {E89E98D8-27AC-42E9-87C8-B9CF28604C86} - System32\Tasks\{9939550A-9450-4F50-82B9-238B9BC637F0} => C:\Users\USERXXX\Virtual Machines\DKII_German\German\Setup\SETUP.EXE [1999-02-16] (InstallShield Software Corporation)
Task: {F8E497D4-8EF3-44EC-8406-B90B937B308B} - System32\Tasks\YourFile Update => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe No File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3958744611-970375325-1774594619-1000Core.job => C:\Users\USERXXX\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3958744611-970375325-1774594619-1000UA.job => C:\Users\USERXXX\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-chromeinstaller.exe
Task: C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe
Task: C:\Windows\Tasks\Plus-HD-2.3-enabler.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-enabler.exe
Task: C:\Windows\Tasks\Plus-HD-2.3-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-firefoxinstaller.exe
Task: C:\Windows\Tasks\Plus-HD-2.3-updater.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-updater.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/20/2013 00:09:04 AM) (Source: Application Hang) (User: )
Description: Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 16f4

Startzeit: 01ce84cbe23c233b

Endzeit: 0

Anwendungspfad: C:\Users\USERXXX\Desktop\OTL.exe

Berichts-ID: bb1bbc90-f0bf-11e2-bd2d-bc054301286b

Error: (07/17/2013 03:22:51 PM) (Source: MsiInstaller) (User: Pandorum)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\GoogleUpdateHelper.msi

Error: (07/17/2013 02:34:05 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 22.0.0.4917, Zeitstempel: 0x51c06b1b
Name des fehlerhaften Moduls: xul.dll, Version: 22.0.0.4917, Zeitstempel: 0x51c06a5b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00173668
ID des fehlerhaften Prozesses: 0x13e0
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (07/13/2013 03:48:56 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Fireworks.exe, Version: 11.0.0.484, Zeitstempel: 0x4bb074c9
Name des fehlerhaften Moduls: QuickTime.qts_unloaded, Version: 0.0.0.0, Zeitstempel: 0x50890e53
Ausnahmecode: 0xc0000005
Fehleroffset: 0x5450cce9
ID des fehlerhaften Prozesses: 0x102c
Startzeit der fehlerhaften Anwendung: 0xFireworks.exe0
Pfad der fehlerhaften Anwendung: Fireworks.exe1
Pfad des fehlerhaften Moduls: Fireworks.exe2
Berichtskennung: Fireworks.exe3

Error: (07/10/2013 05:37:08 PM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/10/2013 05:37:08 PM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/10/2013 05:37:08 PM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/10/2013 05:37:08 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (07/10/2013 05:37:07 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/10/2013 05:37:07 PM) (Source: Windows Search Service) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)


System errors:
=============
Error: (07/20/2013 00:02:15 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/20/2013 00:01:48 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/19/2013 11:22:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/19/2013 11:22:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/19/2013 11:21:10 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (07/19/2013 08:27:30 PM) (Source: DCOM) (User: )
Description: {F48FC5B2-094A-44C7-B48C-289738C9582D}

Error: (07/19/2013 07:53:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/19/2013 07:53:06 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/19/2013 02:51:18 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/19/2013 02:51:15 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (07/20/2013 00:09:04 AM) (Source: Application Hang)(User: )
Description: OTL.exe3.2.69.016f401ce84cbe23c233b0C:\Users\USERXXX\Desktop\OTL.exebb1bbc90-f0bf-11e2-bd2d-bc054301286b

Error: (07/17/2013 03:22:51 PM) (Source: MsiInstaller)(User: Pandorum)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\GoogleUpdateHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/17/2013 02:34:05 PM) (Source: Application Error)(User: )
Description: firefox.exe22.0.0.491751c06b1bxul.dll22.0.0.491751c06a5bc00000050017366813e001ce82e80528b916C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll2a9cffe7-eedd-11e2-8685-bc054301286b

Error: (07/13/2013 03:48:56 PM) (Source: Application Error)(User: )
Description: Fireworks.exe11.0.0.4844bb074c9QuickTime.qts_unloaded0.0.0.050890e53c00000055450cce9102c01ce7fcd58fe187dC:\Program Files (x86)\Adobe\Adobe Fireworks CS5\Fireworks.exeQuickTime.qtsf5faced0-ebc2-11e2-95c8-bc054301286b

Error: (07/10/2013 05:37:08 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/10/2013 05:37:08 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/10/2013 05:37:08 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/10/2013 05:37:08 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (07/10/2013 05:37:07 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (07/10/2013 05:37:07 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)


==================== Memory info =========================== 

Percentage of memory in use: 41%
Total physical RAM: 4093.49 MB
Available physical RAM: 2413.43 MB
Total Pagefile: 8185.17 MB
Available Pagefile: 6286.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.63 GB) (Free:495.97 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)]
Drive d: (SII_10TH_A) (CDROM) (Total:0.6 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 18ED4C26)
Partition 1: (Active) - (Size=699 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 20.07.2013, 05:08   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Instant Savings im Browser (bei FB, ebay ...) - Standard

Instant Savings im Browser (bei FB, ebay ...)



Hallo und

Zitat:
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Warum hast du eine Ultimate-Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?


Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 21.07.2013, 19:42   #3
herpedia
 
Instant Savings im Browser (bei FB, ebay ...) - Standard

Instant Savings im Browser (bei FB, ebay ...)



Der Rechner wird sowohl beruflich als auch privat genutzt...

Andere Logs hab ich leider nicht. Als Anti-Viren-Programm nutz ich "Avira Antivirus". Funde gab es bisher nie.

Was soll ich am besten als nächstes tun?
__________________

Alt 22.07.2013, 00:15   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Instant Savings im Browser (bei FB, ebay ...) - Ausrufezeichen

Instant Savings im Browser (bei FB, ebay ...)



Zitat:
Der Rechner wird sowohl beruflich als auch privat genutzt...
Bitte lesen => http://www.trojaner-board.de/108422-...-anfragen.html

Zitat:
Bedenkt jedoch, dass Logfiles viele heikle Informationen enthalten können ( Kundendaten, Bankdaten, etc ) sowie das Malware die Möglichkeit besitzt, diese auszuspähen und zu missbrauchen. Hier legen wir euch ein Formatieren und Neuaufsetzen nahe.


3. Grundsätzlich bereinigen wir keine gewerblich genutzten Rechner. Dafür ist die IT Abteilung eurer Firma zuständig.

Bei Kleinunternehmen, welche keinen IT Support haben, machen wir da eine Ausnahme und helfen gerne ( kleine Spende hilft auch uns ).
Voraussetzung: Ihr teilt uns dies in eurer ersten Antwort mit.
Gelesen und verstanden?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.07.2013, 08:26   #5
herpedia
 
Instant Savings im Browser (bei FB, ebay ...) - Standard

Instant Savings im Browser (bei FB, ebay ...)



Da ich Kleinunternehmer bin und auch nur ich allein an dem PC arbeite, hab ich leider auch keine IT Abteilung


Alt 22.07.2013, 23:01   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Instant Savings im Browser (bei FB, ebay ...) - Standard

Instant Savings im Browser (bei FB, ebay ...)



Du hast den extra farblich hervorgehobenen Teil gelesen und verstanden?
__________________
--> Instant Savings im Browser (bei FB, ebay ...)

Alt 23.07.2013, 09:08   #7
herpedia
 
Instant Savings im Browser (bei FB, ebay ...) - Standard

Instant Savings im Browser (bei FB, ebay ...)



Ja, habe ich. Sensible Daten/Kundendaten befinden sich nicht auf meinem Rechner, ich wäre daher froh, wenn ich um das Formatieren rum kommen würde.

Alt 24.07.2013, 00:19   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Instant Savings im Browser (bei FB, ebay ...) - Standard

Instant Savings im Browser (bei FB, ebay ...)



Ok

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.07.2013, 09:46   #9
herpedia
 
Instant Savings im Browser (bei FB, ebay ...) - Standard

Instant Savings im Browser (bei FB, ebay ...)



Hallo und vielen Dank schon mal für die Hilfestellung.

Hier die gewünschten Logs:

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-24 09:19:14
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Scsi\JRAID1Port0Path0Target0Lun0 SAMSUNG_ rev.9035 698,64GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Dominik\AppData\Local\Temp\uflcapob.sys


---- User code sections - GMER 2.1 ----

.text   C:\Windows\SysWOW64\svchost.exe[1692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                          0000000076281465 2 bytes [28, 76]
.text   C:\Windows\SysWOW64\svchost.exe[1692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                         00000000762814bb 2 bytes [28, 76]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                 0000000076281465 2 bytes [28, 76]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                00000000762814bb 2 bytes [28, 76]
.text   ...                                                                                                                                                    * 2
.text   c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2352] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                     0000000076281465 2 bytes [28, 76]
.text   c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2352] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                    00000000762814bb 2 bytes [28, 76]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000076281465 2 bytes [28, 76]
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000762814bb 2 bytes [28, 76]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  0000000076281465 2 bytes [28, 76]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                 00000000762814bb 2 bytes [28, 76]
.text   ...                                                                                                                                                    * 2
.text   C:\Users\Dominik\AppData\Local\Akamai\netsession_win.exe[3168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                 0000000076281465 2 bytes [28, 76]
.text   C:\Users\Dominik\AppData\Local\Akamai\netsession_win.exe[3168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                00000000762814bb 2 bytes [28, 76]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1276] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint                             0000000076f5000c 1 byte [C3]
.text   C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1276] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin                        0000000076fdf85a 5 bytes JMP 0000000176f8d571
.text   C:\Users\Dominik\AppData\Local\Akamai\netsession_win.exe[764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                  0000000076281465 2 bytes [28, 76]
.text   C:\Users\Dominik\AppData\Local\Akamai\netsession_win.exe[764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                 00000000762814bb 2 bytes [28, 76]
.text   ...                                                                                                                                                    * 2

---- Threads - GMER 2.1 ----

Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:1908]                                                                0000000076f93e45
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:1940]                                                                0000000076f92e25
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:1976]                                                                00000000719129e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:1980]                                                                00000000719129e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:1984]                                                                00000000719129e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:1996]                                                                00000000719129e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:2000]                                                                00000000719129e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:2024]                                                                00000000719129e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:2028]                                                                00000000719129e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:2032]                                                                00000000719129e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:2036]                                                                00000000719129e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:1100]                                                                00000000719129e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:1844]                                                                00000000719129e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:1800]                                                                00000000719129e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:1948]                                                                00000000719129e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:2296]                                                                00000000719129e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:2300]                                                                00000000719129e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:2304]                                                                00000000719129e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:2316]                                                                00000000719129e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:2320]                                                                00000000719129e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:2324]                                                                00000000719129e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:2328]                                                                00000000719129e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:2396]                                                                00000000719129e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:2432]                                                                00000000719129e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:2440]                                                                00000000719129e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:2516]                                                                0000000076f93e45
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:2596]                                                                00000000719129e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:2600]                                                                00000000719129e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:2604]                                                                00000000719129e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:2608]                                                                00000000719129e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:2612]                                                                00000000719129e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:2704]                                                                00000000719129e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:2740]                                                                00000000719129e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:3324]                                                                00000000719129e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:3328]                                                                00000000719129e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:3332]                                                                00000000719129e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:3308]                                                                00000000719129e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:3304]                                                                00000000719129e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1856:3312]                                                                00000000719129e1

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                       
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                    0x4E 0x5F 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                    0
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                 0x1D 0xEC 0xEA 0x36 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                   
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                        0x4E 0x5F 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                        0
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                     0x1D 0xEC 0xEA 0x36 ...

---- EOF - GMER 2.1 ----
         
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.24.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Dominik :: PANDORUM [administrator]

24.07.2013 09:34:29
mbar-log-2013-07-24 (09-34-29).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 328175
Time elapsed: 1 hour(s), 6 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Alt 24.07.2013, 14:44   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Instant Savings im Browser (bei FB, ebay ...) - Standard

Instant Savings im Browser (bei FB, ebay ...)



Unauffällig...

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.07.2013, 16:18   #11
herpedia
 
Instant Savings im Browser (bei FB, ebay ...) - Standard

Instant Savings im Browser (bei FB, ebay ...)



Hier schon mal die JRT.txt

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.2 (07.22.2013:2)
OS: Windows 7 Ultimate x64
Ran by Dominik on 24.07.2013 at 16:40:03,24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] dealplylive 
Successfully deleted: [Service] dealplylive 
Successfully stopped: [Service] dealplylivem 
Successfully deleted: [Service] dealplylivem 



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\dealplylive.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\secman.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{4d076ab4-7562-427a-b5d2-bd96e19dee56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{80fabb17-63af-4655-9f07-b6509ee37af2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{bdb69379-802f-4eaf-b541-f8de92dd98db}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{ea28b360-05e0-4f93-8150-02891f1d8d3c}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{f48fc5b2-094a-44c7-b48c-289738c9582d}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{0d89de71-3d99-4288-84dc-f18f1047a7d8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{1e0c9b2a-6447-452c-b012-2314a0c29412}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{34a8ceb6-89bb-49f1-b5e4-0d0d6c21f3b1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{3a4dbd3a-98cc-41ce-ad21-352d42b6f754}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{4f8a50f6-69de-4be3-a33a-a1079b9ac0db}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{501cb57a-d4e2-4855-96ad-edb0a9083395}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{66eef543-a9ac-4a9d-aa3c-1ed148ac8eee}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{6ff2c4dd-77a4-4bb5-ba4c-b42defbf9137}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{7f1796b2-bec6-427b-b734-f9c75ed94a80}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{80fabb17-63af-4655-9f07-b6509ee37af2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{826d7151-8d99-434b-8540-082b8c2ae556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{83aba270-8390-4ca6-ae48-fc089f55629e}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{8b218a5f-1a3d-4347-94ef-a79575eb8094}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{8c338ddb-19fc-4c1f-b74d-6931ee55f7a1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{9bdb5e09-4bba-4422-8c2b-529b281c32b8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{ae48ed75-5a56-4c5f-bbce-6f1ac3875f66}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{c536f080-57b7-46d6-8894-c647553f2889}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{ca5d945f-e738-4d0b-a0b5-25ac51c64659}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{f48fc5b2-094a-44c7-b48c-289738c9582d}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{f7698761-4aba-45c2-a5bb-d2163922c725}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{ffcc53e6-2655-47fc-a89b-54e8d7f305d1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplylive.oneclickctrl.9
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplylive.oneclickprocesslaunchermachine
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplylive.oneclickprocesslaunchermachine.1.0
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplylive.update3webcontrol.3
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.cocreateasync
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.cocreateasync.1.0
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.coreclass
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.coreclass.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.coremachineclass
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.coremachineclass.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.credentialdialogmachine
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.credentialdialogmachine.1.0
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.ondemandcomclassmachine
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.ondemandcomclassmachine.1.0
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.ondemandcomclassmachinefallback
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.ondemandcomclassmachinefallback.1.0
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.ondemandcomclasssvc
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.ondemandcomclasssvc.1.0
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.processlauncher
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.processlauncher.1.0
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3comclassservice
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3comclassservice.1.0
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3webmachine
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3webmachine.1.0
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3webmachinefallback
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3webmachinefallback.1.0
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3websvc
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3websvc.1.0
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{66eef543-a9ac-4a9d-aa3c-1ed148ac8eee}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mime\database\content type\application/x-vnd.dpliveupdate.oneclickctrl.9
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mime\database\content type\application/x-vnd.dpliveupdate.update3webcontrol.3
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{11549fe4-7c5a-4c17-9fc3-56fc5162a994}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dealply
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dealply
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dealplylive
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dealplylive
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\startsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\yourfiledownloader
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetup.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\oneclick
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\oneclickmg
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\internet explorer\low rights\elevationpolicy\{7f1796b2-bec6-427b-b734-f9c75ed94a80}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\internet explorer\low rights\elevationpolicy\{8c338ddb-19fc-4c1f-b74d-6931ee55f7a1}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilivid_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilivid_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilividsetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilividsetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\privitizevpn_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\privitizevpn_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\windows nt\currentversion\image file execution options\dealplylive.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0033426.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0033426.BHO.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0033426.Sandbox
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0033426.Sandbox.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110311341126}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322342226}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550355345526}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366346626}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11111111-1111-1111-1111-110311341126}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220322342226}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550355345526}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660366346626}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0033426.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0033426.BHO.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0033426.Sandbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0033426.Sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355345526}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366346626}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550355345526}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660366346626}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311341126}



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\dealplylive"
Successfully deleted: [Folder] "C:\Users\Dominik\AppData\Roaming\dealply"
Successfully deleted: [Folder] "C:\Users\Dominik\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Dominik\AppData\Roaming\yourfiledownloader"
Successfully deleted: [Folder] "C:\Users\Dominik\appdata\local\dealplylive"
Successfully deleted: [Folder] "C:\Users\Dominik\appdata\local\downtango"
Successfully deleted: [Folder] "C:\Program Files (x86)\dealply"
Successfully deleted: [Folder] "C:\Program Files (x86)\dealplylive"
Successfully deleted: [Folder] "C:\Users\Dominik\AppData\Roaming\microsoft\windows\start menu\programs\dealply"
Successfully deleted: [Empty Folder] C:\Users\Dominik\appdata\local\{27928880-D536-4630-997B-8308B4D6D9F3}
Successfully deleted: [Empty Folder] C:\Users\Dominik\appdata\local\{41418565-78C3-4A1C-BC86-0979077CADE3}



~~~ FireFox

Successfully deleted: [File] C:\Users\Dominik\AppData\Roaming\mozilla\firefox\profiles\v4fwmwdp.default\user.js
Successfully deleted: [Folder] C:\Users\Dominik\AppData\Roaming\mozilla\firefox\profiles\v4fwmwdp.default\jetpack
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{acaa314b-eeba-48e4-ad47-84e31c44796c}
Successfully deleted the following from C:\Users\Dominik\AppData\Roaming\mozilla\firefox\profiles\v4fwmwdp.default\prefs.js

user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.backgroundjs", "\n\n/****************************************************
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.internaldb.cache/530e52021dc20843b1aa62957edeb9f8.value", "%22var%20adsDe
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.internaldb.cache/5cdf8a7ef2ec84abac286c67587b78d9.value", "%22function%20
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.internaldb.cache/d5baae4ef839769f8eb7e9f9d82d8a40_DE.value", "%22var%20ca
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.internaldb.cache/d9fe5d2850f1ed167451b193e8bd0e0c_DE.value", "%22var%20ca
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.js", "\n\n  /************************************************************
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_102.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_104.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_119.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_120.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_123.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_13.name", "CrossriderAppUtils");
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_138.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_14.name", "CrossriderUtils");
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBack
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQu
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],regi
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){va
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.res
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_78.name", "CrossriderInfo");
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_87.code", "var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jqu
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_91.code", "(function(h){var o=(function(){var Q=0;var Y=\"
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_92.code", "if(typeof appAPI.internal.monetization===\"unde
user_pref("extensions.crossrider.bic", "13fecd4a553b0ee61395921eb919cb25");
user_pref("extensions.swPlugin.statusbarelements-blekkohostrank.state", false);
user_pref("google.toolbar.button_option.cached.gtbSearchBlogs", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchBlogs\" t
user_pref("google.toolbar.button_option.cached.gtbSearchPhotos", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchPhotos\"
user_pref("google.toolbar.button_option.cached.gtbSearchScholar", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchScholar
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_CTK0Y7F4MTG6NKYH03WT-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.search-icon", "data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/
Emptied folder: C:\Users\Dominik\AppData\Roaming\mozilla\firefox\profiles\v4fwmwdp.default\minidumps [618 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\hphibigbodkkohoglgfkddblldpfohjl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.07.2013 at 16:43:06,84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Hier die AdwCleaner.txt:
Code:
ATTFilter
# AdwCleaner v2.306 - Datei am 24/07/2013 um 16:47:16 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Dominik - PANDORUM
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Dominik\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Windows\tasks\Plus-HD-2.3-chromeinstaller.job
Datei Gelöscht : C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job
Datei Gelöscht : C:\Windows\Tasks\Plus-HD-2.3-enabler.job
Datei Gelöscht : C:\Windows\Tasks\Plus-HD-2.3-firefoxinstaller.job
Datei Gelöscht : C:\Windows\Tasks\Plus-HD-2.3-updater.job
Ordner Gelöscht : C:\Program Files (x86)\Plus-HD-2.3
Ordner Gelöscht : C:\Program Files (x86)\Red Sky
Ordner Gelöscht : C:\Program Files (x86)\TornTV.com
Ordner Gelöscht : C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec
Ordner Gelöscht : C:\Users\Dominik\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Dominik\AppData\LocalLow\softonic-de3
Ordner Gelöscht : C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Alexa Internet
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\v4fwmwdp.default\prefs.js

Gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]
Gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]
Gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]
Gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]

-\\ Google Chrome v28.0.1500.72

Datei : C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [14005 octets] - [19/07/2013 21:03:51]
AdwCleaner[S1].txt - [333 octets] - [19/07/2013 21:05:42]
AdwCleaner[S2].txt - [4393 octets] - [24/07/2013 16:47:16]

########## EOF - C:\AdwCleaner[S2].txt - [4453 octets] ##########
         
So, und hier der Rest:

Code:
ATTFilter
OTL logfile created on: 24.07.2013 16:54:31 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dominik\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 58,37% Memory free
7,99 Gb Paging File | 6,30 Gb Available in Paging File | 78,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698,63 Gb Total Space | 494,50 Gb Free Space | 70,78% Space Free | Partition Type: NTFS
Drive D: | 612,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PANDORUM | User Name: Dominik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Dominik\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Dominik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Users\Dominik\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - C:\Windows\SysWOW64\XSrvSetup.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (JMB36X) -- C:\Windows\SysWOW64\XSrvSetup.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (V0540Dev) -- C:\Windows\SysNative\drivers\V0540Vid.sys (Creative Technology Ltd.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (fwlanusbn) -- C:\Windows\SysNative\drivers\fwlanusbn.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV - (SSPORT) -- C:\Windows\SysWOW64\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3958744611-970375325-1774594619-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.zona-de-galgos.de/
IE - HKU\S-1-5-21-3958744611-970375325-1774594619-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3958744611-970375325-1774594619-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3958744611-970375325-1774594619-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 40 87 5F 30 9D CB 01  [binary data]
IE - HKU\S-1-5-21-3958744611-970375325-1774594619-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKU\S-1-5-21-3958744611-970375325-1774594619-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3958744611-970375325-1774594619-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3958744611-970375325-1774594619-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3958744611-970375325-1774594619-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
IE - HKU\S-1-5-21-3958744611-970375325-1774594619-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0
 
IE - HKU\S-1-5-21-3958744611-970375325-1774594619-1005\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: 7125a285-7e68-47aa-9d72-e81874f4d47e%40d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com:0.91.17
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..extensions.enabledItems: jl@leimbach-it.de:2.5
FF - prefs.js..extensions.enabledItems: seostatus@rubyweb:1.5.7
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dominik\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dominik\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.08.19 12:19:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.07.19 10:16:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.19 10:16:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.07.19 10:16:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.07.19 10:16:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.19 10:16:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.07.19 10:16:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.04.07 15:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominik\AppData\Roaming\mozilla\Extensions
[2010.11.28 22:41:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominik\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.04.07 15:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominik\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.07.23 16:06:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominik\AppData\Roaming\mozilla\Firefox\Profiles\v4fwmwdp.default\extensions
[2013.07.23 16:06:42 | 000,000,000 | ---D | M] ("Plus-HD-2.3") -- C:\Users\Dominik\AppData\Roaming\mozilla\Firefox\Profiles\v4fwmwdp.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com
[2013.07.23 16:06:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominik\AppData\Roaming\mozilla\Firefox\Profiles\v4fwmwdp.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\extensionCode
[2013.07.03 13:00:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.07.03 13:00:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.mediterrane-landschildkroeten.de/
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Mail = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2010.12.09 07:50:14 | 000,001,254 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-5.adobe.com
O1 - Hosts: 127.0.0.1 hh-software.com
O1 - Hosts: 17 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3958744611-970375325-1774594619-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-3958744611-970375325-1774594619-1000..\Run: [Akamai NetSession Interface] C:\Users\Dominik\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-3958744611-970375325-1774594619-1000..\Run: [Spotify Web Helper] C:\Users\Dominik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-3958744611-970375325-1774594619-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3958744611-970375325-1774594619-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3958744611-970375325-1774594619-1000\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///D:/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///D:/components/A9.ocx (A9Helper.A9)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///D:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {B07F54E6-0806-47DB-B5D8-398F240776F2} file:///D:/viewer/ORDcmViewCD.ocx (ORDcmViewCD Control)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AA4DFE5-4739-4284-B348-A6BE29955389}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90F920DD-70BE-4100-8C05-B91CDBBCF7C5}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97ADAE99-991E-4E1E-B751-402DF2A569F6}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.08.23 15:07:39 | 000,778,240 | R--- | M] (Funatics Studio alpha Ltd. & Co. KG) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006.07.17 15:52:00 | 000,000,068 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{17452ba4-0498-11e0-b381-bc054301286b}\Shell - "" = AutoRun
O33 - MountPoints2\{17452ba4-0498-11e0-b381-bc054301286b}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{3bbc047a-fb02-11df-9f79-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3bbc047a-fb02-11df-9f79-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2006.08.23 15:07:39 | 000,778,240 | R--- | M] (Funatics Studio alpha Ltd. & Co. KG)
O33 - MountPoints2\{6e59b409-531f-11e2-bd6a-00241d74b654}\Shell - "" = AutoRun
O33 - MountPoints2\{6e59b409-531f-11e2-bd6a-00241d74b654}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6e59b41b-531f-11e2-bd6a-00241d74b654}\Shell - "" = AutoRun
O33 - MountPoints2\{6e59b41b-531f-11e2-bd6a-00241d74b654}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d4e4449f-fb02-11df-a917-00241d74b654}\Shell - "" = AutoRun
O33 - MountPoints2\{d4e4449f-fb02-11df-a917-00241d74b654}\Shell\AutoRun\command - "" = E:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.24 16:40:01 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.07.24 16:38:44 | 000,560,934 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Dominik\Desktop\JRT.exe
[2013.07.24 09:34:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.07.24 09:33:08 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Desktop\mbar-1.06.0.1004
[2013.07.20 00:10:30 | 000,000,000 | ---D | C] -- C:\FRST
[2013.07.20 00:09:59 | 001,779,345 | ---- | C] (Farbar) -- C:\Users\Dominik\Desktop\FRST64.exe
[2013.07.20 00:00:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dominik\Desktop\OTL.exe
[2013.07.19 20:16:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.07.19 20:15:32 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\Programs
[2013.07.19 20:10:59 | 036,271,144 | ---- | C] (Safer-Networking Ltd.                                       ) -- C:\Users\Dominik\Desktop\spybot-2.1.exe
[2013.07.19 14:52:47 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\S2
[2013.07.19 14:52:42 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Documents\S2
[2013.07.19 14:52:30 | 000,000,000 | RH-D | C] -- C:\Users\Dominik\AppData\Roaming\SecuROM
[2013.07.19 12:48:22 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2013.07.19 12:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2013.07.19 12:47:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2013.07.19 10:17:46 | 000,312,232 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.07.19 10:17:42 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.07.19 10:17:42 | 000,188,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.07.19 10:17:42 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.07.19 10:17:38 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.07.19 10:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.07.19 10:16:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013.07.19 10:15:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013.07.19 10:15:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013.07.17 15:01:28 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Desktop\herpedia
[2013.07.17 15:00:43 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\IT-Service Christian Hau (www.a-bit-more.de)
[2013.07.17 14:58:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freeware Faktura
[2013.07.13 10:27:58 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Desktop\Schulunterricht
[2013.07.10 17:54:40 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.07.10 17:54:40 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.07.10 17:54:39 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.07.10 17:54:39 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.07.10 17:54:39 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.07.10 17:54:39 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.07.10 17:54:39 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.07.10 17:54:39 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.07.10 17:54:39 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.07.10 17:54:39 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.07.10 17:54:39 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.07.10 17:54:38 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.07.10 17:54:38 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.07.10 17:54:38 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.07.10 17:54:37 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.07.10 10:53:48 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013.07.10 10:53:48 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013.07.10 10:53:47 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013.07.10 10:53:47 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013.07.10 10:53:09 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.07.03 13:00:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.07.02 15:50:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.07.02 15:48:17 | 027,781,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.07.02 15:48:17 | 025,256,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.07.02 15:48:17 | 021,102,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.07.02 15:48:17 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.07.02 15:48:17 | 015,144,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.07.02 15:48:17 | 013,411,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.07.02 15:48:17 | 009,239,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.07.02 15:48:17 | 007,687,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.07.02 15:48:17 | 007,641,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.07.02 15:48:17 | 006,324,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.07.02 15:48:17 | 002,953,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.07.02 15:48:17 | 002,777,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.07.02 15:48:17 | 002,363,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.07.02 15:48:17 | 002,002,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.07.02 15:48:17 | 001,832,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6432049.dll
[2013.07.02 15:48:17 | 001,511,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6432049.dll
[2013.07.02 15:48:17 | 000,572,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2013.07.02 15:48:17 | 000,570,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2013.07.02 15:48:17 | 000,467,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2013.07.02 15:48:17 | 000,465,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2013.07.02 14:56:20 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\NVIDIA
[2013.06.27 13:44:47 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Desktop\Werbung
[2013.06.26 14:26:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.24 17:08:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3958744611-970375325-1774594619-1000UA.job
[2013.07.24 16:57:37 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.24 16:57:37 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.24 16:50:51 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\DealPlyLiveUpdateTaskMachineCore.job
[2013.07.24 16:50:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.24 16:50:18 | 3219,251,200 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.24 16:46:10 | 000,666,633 | ---- | M] () -- C:\Users\Dominik\Desktop\adwcleaner.exe
[2013.07.24 16:38:51 | 000,560,934 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Dominik\Desktop\JRT.exe
[2013.07.24 15:27:18 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\DealPlyLiveUpdateTaskMachineUA.job
[2013.07.24 15:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.24 11:48:35 | 000,025,572 | ---- | M] () -- C:\Users\Dominik\Desktop\1001202_518585404889955_1363221817_n.jpg
[2013.07.24 09:32:58 | 013,399,154 | ---- | M] () -- C:\Users\Dominik\Desktop\mbar-1.06.0.1004.zip
[2013.07.24 09:10:31 | 000,377,856 | ---- | M] () -- C:\Users\Dominik\Desktop\gmer_2.1.19163.exe
[2013.07.20 00:10:11 | 001,779,345 | ---- | M] (Farbar) -- C:\Users\Dominik\Desktop\FRST64.exe
[2013.07.20 00:00:44 | 000,000,020 | ---- | M] () -- C:\Users\Dominik\defogger_reenable
[2013.07.20 00:00:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dominik\Desktop\OTL.exe
[2013.07.19 23:59:59 | 000,050,477 | ---- | M] () -- C:\Users\Dominik\Desktop\Defogger.exe
[2013.07.19 23:43:44 | 000,040,897 | ---- | M] () -- C:\Users\Dominik\Desktop\51KFkdjqc7L.jpg
[2013.07.19 23:41:04 | 000,341,780 | ---- | M] () -- C:\Users\Dominik\Desktop\91RWt02P77L._SL1500_.jpg
[2013.07.19 23:39:18 | 000,123,234 | ---- | M] () -- C:\Users\Dominik\Desktop\71svFn3Cg-L._SL1000_.jpg
[2013.07.19 23:21:05 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini
[2013.07.19 21:06:13 | 000,009,216 | ---- | M] () -- C:\Users\Dominik\Desktop\cc_20130719_210610.reg
[2013.07.19 20:15:42 | 036,271,144 | ---- | M] (Safer-Networking Ltd.                                       ) -- C:\Users\Dominik\Desktop\spybot-2.1.exe
[2013.07.19 12:48:23 | 000,002,548 | ---- | M] () -- C:\Users\Dominik\Desktop\Die Siedler II - Die nächste Generation - Karteneditor.lnk
[2013.07.19 12:48:23 | 000,002,502 | ---- | M] () -- C:\Users\Dominik\Desktop\Die Siedler II - Die nächste Generation.lnk
[2013.07.19 10:28:48 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.07.19 10:28:48 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.07.19 10:17:40 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.07.19 10:17:39 | 001,093,032 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013.07.19 10:17:39 | 000,972,712 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013.07.19 10:17:39 | 000,312,232 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.07.19 10:17:39 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.07.19 10:17:39 | 000,188,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.07.18 09:56:08 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2013.07.17 15:46:26 | 000,011,492 | ---- | M] () -- C:\Users\Dominik\Desktop\cc_20130717_154623.reg
[2013.07.17 15:33:02 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.07.13 15:11:04 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.13 15:11:03 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.13 07:08:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3958744611-970375325-1774594619-1000Core.job
[2013.07.12 21:47:19 | 000,340,067 | ---- | M] () -- C:\Users\Dominik\Desktop\dpg_logo_pepsi.png
[2013.07.10 19:52:09 | 005,086,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.07.10 18:01:39 | 001,789,904 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.10 18:01:39 | 000,756,778 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.10 18:01:39 | 000,700,498 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.10 18:01:39 | 000,173,252 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.10 18:01:39 | 000,140,106 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.06 11:08:38 | 001,853,805 | ---- | M] () -- C:\Users\Dominik\Desktop\SCAN0604.JPG
[2013.07.06 11:07:24 | 002,963,656 | ---- | M] () -- C:\Users\Dominik\Desktop\SCAN0603.JPG
[2013.07.02 17:32:04 | 000,001,960 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.24 11:48:35 | 000,025,572 | ---- | C] () -- C:\Users\Dominik\Desktop\1001202_518585404889955_1363221817_n.jpg
[2013.07.24 09:32:05 | 013,399,154 | ---- | C] () -- C:\Users\Dominik\Desktop\mbar-1.06.0.1004.zip
[2013.07.24 09:10:30 | 000,377,856 | ---- | C] () -- C:\Users\Dominik\Desktop\gmer_2.1.19163.exe
[2013.07.20 00:00:44 | 000,000,020 | ---- | C] () -- C:\Users\Dominik\defogger_reenable
[2013.07.19 23:59:59 | 000,050,477 | ---- | C] () -- C:\Users\Dominik\Desktop\Defogger.exe
[2013.07.19 23:43:44 | 000,040,897 | ---- | C] () -- C:\Users\Dominik\Desktop\51KFkdjqc7L.jpg
[2013.07.19 23:41:03 | 000,341,780 | ---- | C] () -- C:\Users\Dominik\Desktop\91RWt02P77L._SL1500_.jpg
[2013.07.19 23:39:18 | 000,123,234 | ---- | C] () -- C:\Users\Dominik\Desktop\71svFn3Cg-L._SL1000_.jpg
[2013.07.19 23:21:02 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2013.07.19 21:06:12 | 000,009,216 | ---- | C] () -- C:\Users\Dominik\Desktop\cc_20130719_210610.reg
[2013.07.19 21:02:27 | 000,666,633 | ---- | C] () -- C:\Users\Dominik\Desktop\adwcleaner.exe
[2013.07.19 12:48:23 | 000,002,548 | ---- | C] () -- C:\Users\Dominik\Desktop\Die Siedler II - Die nächste Generation - Karteneditor.lnk
[2013.07.19 12:48:23 | 000,002,502 | ---- | C] () -- C:\Users\Dominik\Desktop\Die Siedler II - Die nächste Generation.lnk
[2013.07.19 10:15:35 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013.07.18 09:56:08 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2013.07.17 15:46:25 | 000,011,492 | ---- | C] () -- C:\Users\Dominik\Desktop\cc_20130717_154623.reg
[2013.07.17 15:22:48 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\DealPlyLiveUpdateTaskMachineUA.job
[2013.07.17 15:22:48 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\DealPlyLiveUpdateTaskMachineCore.job
[2013.07.06 11:08:38 | 001,853,805 | ---- | C] () -- C:\Users\Dominik\Desktop\SCAN0604.JPG
[2013.07.06 11:07:24 | 002,963,656 | ---- | C] () -- C:\Users\Dominik\Desktop\SCAN0603.JPG
[2013.06.10 22:19:11 | 000,001,409 | ---- | C] () -- C:\Users\Dominik\AppData\Local\recently-used.xbel
[2013.05.15 20:23:07 | 000,000,285 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013.03.11 13:54:51 | 000,029,515 | ---- | C] () -- C:\Users\Dominik\USt2012_Dominik_Müller.elfo
[2013.03.08 16:00:56 | 000,049,826 | ---- | C] () -- C:\Users\Dominik\ESt2012_Müller_Dominik.elfo
[2013.03.08 15:56:53 | 000,034,593 | ---- | C] () -- C:\Users\Dominik\EUER2012_Müller_Dominik.elfo
[2012.12.18 11:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.12.18 11:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.12.18 11:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.12.18 11:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.12.18 11:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.11.08 01:30:44 | 000,000,142 | ---- | C] () -- C:\Windows\_delis32.ini
[2012.10.03 14:09:19 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012.09.06 20:57:43 | 000,000,051 | ---- | C] () -- C:\ProgramData\zcbxuurjfzwsbad
[2012.08.08 15:21:03 | 000,031,622 | ---- | C] () -- C:\Users\Dominik\USt2011_Dominik_Müller.elfo
[2012.05.28 21:28:48 | 000,048,398 | ---- | C] () -- C:\Users\Dominik\ESt2011_Müller_Dominik.elfo
[2012.05.28 21:28:26 | 000,034,740 | ---- | C] () -- C:\Users\Dominik\EUER2011_Müller_Dominik.elfo
[2012.02.16 16:35:38 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.12.31 11:44:32 | 000,072,280 | ---- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe
[2011.12.07 14:47:13 | 000,004,608 | ---- | C] () -- C:\Users\Dominik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.05 12:28:09 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.08.19 12:15:43 | 000,234,712 | ---- | C] () -- C:\Windows\hpoins21.dat
[2011.08.19 12:15:43 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2010.12.15 19:35:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 24.07.2013 16:54:31 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dominik\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 58,37% Memory free
7,99 Gb Paging File | 6,30 Gb Available in Paging File | 78,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698,63 Gb Total Space | 494,50 Gb Free Space | 70,78% Space Free | Partition Type: NTFS
Drive D: | 612,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PANDORUM | User Name: Dominik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = jsfile] -- Reg Error: Value error. File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.js [@ = jsfile] -- Reg Error: Value error. File not found
 
[HKEY_USERS\S-1-5-21-3958744611-970375325-1774594619-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E313ADA-8C20-4D48-8CB7-C93A55D1FA09}" = lport=139 | protocol=6 | dir=in | app=system | 
"{120C0F3D-4FC4-4990-A7C2-740C5AD6EB91}" = rport=138 | protocol=17 | dir=out | app=system | 
"{203C77BA-6E9E-405C-BED7-977E2F64FE6B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{249B59D7-213D-48A8-8555-48AB627E0038}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2DE14266-D7CA-4ADA-89DF-1BDD6D67BBB9}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6085C0A7-EC4A-427C-B5BD-E70661E4D94F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{69E9777B-4D1A-42BF-AE8D-B41FC6637AFF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{761E9361-32EC-4EB9-AEDE-3ACC52C20DA4}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7A64FF63-BBD8-4159-853A-7B2EBCC34A38}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{845DAFC4-3CD5-4D33-8BD7-6DD045BE1733}" = lport=49202 | protocol=6 | dir=in | name=akamai netsession interface | 
"{8679158D-EE22-47FB-A2F5-C46AEF71D480}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{86C52F1D-E7B8-48B5-8F57-33051B9D471F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{8C3AE873-9F21-46BC-8F59-E2F682361A03}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{9782A5DB-1E25-417B-9665-053D48FF7601}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9AEFCA38-FA80-435E-AFC5-0612593BE0E2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{9EA1BDA1-357D-44F0-85B8-D30A31EE5E3B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A9A97CBD-B5AA-4534-B794-3CC79E3B14E3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B3EDD19F-ED90-4262-B80A-C250CB958F92}" = lport=137 | protocol=17 | dir=in | app=system | 
"{EFB8E514-A57C-4BE7-96CD-8D3E079EA142}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06F577B2-672B-4ED7-BAD1-2607595E06CD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{0771A265-F309-418E-9473-1B62E25A7B7C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{0CBF5C92-5820-477E-9BF2-B10B9C9EBAEA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{106198E6-6B11-457A-ADC3-DD2D417DFB35}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{109F4824-9D35-457D-A185-49229234535F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{11A67EA4-7C55-4C84-BC0B-049C1DB4D7AF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe | 
"{193B5E6C-C8CB-4595-BC0E-A502B191AA61}" = protocol=17 | dir=in | app=c:\users\dominik\appdata\roaming\dropbox\bin\dropbox.exe | 
"{1BE7E63C-90B6-4DBD-8D81-556BF449F652}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{1BF7A70C-CF6C-4466-A690-F37F9DA1165A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{1F2E736A-111D-4D78-979B-E308CDD1FBB8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{250E4A45-4CC0-465C-A68B-9BAD14200F22}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{284A9827-C921-4721-97CA-1020B252C6CA}" = protocol=17 | dir=in | app=c:\users\dominik\appdata\local\akamai\netsession_win.exe | 
"{2BE6B5B2-06FF-40C7-B4CB-6320172C7CC1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{2E5C11F9-3CCD-4FA1-A6F6-03CEC8BF20F9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{2FF892C1-BFB4-4066-8CC2-3DC9977DC4F8}" = protocol=17 | dir=in | app=c:\games\starcraft ii\starcraft ii.exe | 
"{39421DEC-42D7-45BE-818A-2A851547A624}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{3FF8ED1F-0A8A-4116-9B9F-9D8BDCF715C1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{42419827-7F3E-41E1-984B-F4FF4B44D880}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{4D9153A3-87D6-4481-9EA7-D6652682E101}" = protocol=6 | dir=in | app=c:\games\starcraft ii\starcraft ii.exe | 
"{54E9A363-74C7-4767-871C-8FF144796C0E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{58B6ED4D-0817-4505-A72F-8F405EA8872C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{6B2E862C-2C23-43BD-AE38-BE74C2A7C678}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{710399C3-9955-446F-93F3-F57612F347CF}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{754042EE-B64A-4F09-ADCA-2104E34AEA21}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{755FEAF3-FABF-4E1D-BF3B-249018BB53A3}" = protocol=6 | dir=in | app=c:\users\dominik\appdata\local\akamai\netsession_win.exe | 
"{7686CD15-5C5B-4260-A252-E099A918C53E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{7734A564-0FC7-429D-88A9-ECFF7C73E538}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{7ADE1DD7-9E8B-4A4D-84D1-70C31EB1C35E}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{7BC29232-63E9-43ED-881E-FF398F560ED3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{7F3BCB9A-67FA-450D-9212-FFBD0DA9E49C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | 
"{8FEBB139-9620-450D-A3F0-CA350237E0F6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe | 
"{96452DFA-C6FE-4371-BCCD-617ECDDA4030}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A33F1E66-AAC7-46F0-9025-75AAAF355721}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | 
"{B655B266-B832-4E74-9083-A8AC7BAEA160}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{B9B93832-03AC-408E-971A-E20478098DD0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{BD47BB51-94A5-4465-B8DE-5C3700BD35FF}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{D516922C-02E8-4A06-B829-7264687A15C0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{D6E13802-C9B7-41FD-AB5D-EA38DC8758A9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | 
"{DE46B160-90DA-4D58-A5DE-7D646B54B9E2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{E11AB5D9-3F40-4CCB-B42A-6A3C9EEE0A77}" = protocol=6 | dir=in | app=c:\users\dominik\appdata\roaming\dropbox\bin\dropbox.exe | 
"{E3C3826D-7F00-4D8A-BDB7-E997CA291CFA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | 
"{E3CF088D-105A-46A2-8EE7-BF0AA0C4E3E0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | 
"{E6B9A401-4DA6-4B6D-ACDB-398231EE4570}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{EE52825B-9B58-41DD-97FB-B980E91710F5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{F6BFE451-1D0D-4F3D-A87C-CCE2B11B9C75}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{FC2813FB-AE89-4C38-9837-54A533E2A336}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{FC8AE67D-8458-43AE-84E8-F215680637BB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{FDA9AB3B-BDF7-4D0C-94FF-2842968A17DE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"TCP Query User{2584235F-D8B1-41C9-95C0-0C704CEDC04B}C:\users\dominik\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\dominik\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{41FC19C8-F480-4344-8E7F-33FBEC63E146}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{4E8A82DD-DB0B-44A6-A11A-664B5D5D9A2D}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe | 
"TCP Query User{6721D232-B69C-4DF2-ADDE-2598302E44C4}C:\program files (x86)\tulox\wbuch.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tulox\wbuch.exe | 
"TCP Query User{7B3C4D77-288E-47F5-AB3A-C932FCA6B785}C:\users\dominik\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\dominik\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{822CE10A-3671-4F2D-A033-1486A68C2DA2}C:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{994E2137-DD7B-400E-953C-A0EC877F29EE}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"TCP Query User{C492D058-85F4-4D8D-8165-3FE45F1BD0C2}C:\users\dominik\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\dominik\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{DCD2CF95-5F9A-4B56-B21A-BE8A21A36EC5}C:\program files (x86)\tulox\tulox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tulox\tulox.exe | 
"TCP Query User{EC7F93F5-2179-4696-8B36-F2360563FE05}C:\games\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\versions\base16939\sc2.exe | 
"UDP Query User{03362F6D-2479-461A-BDC8-AAF6B4216DB2}C:\program files (x86)\tulox\tulox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tulox\tulox.exe | 
"UDP Query User{05A998B3-7325-4267-8909-F26C7C603097}C:\games\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\versions\base16939\sc2.exe | 
"UDP Query User{0FDF53C0-4299-47C6-A403-2FD7C236FC81}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{1F6E5A18-65FD-4B88-8E68-877785C37EBD}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{30A09DC4-2D0D-428E-BC34-94321FDA0CDF}C:\users\dominik\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\dominik\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{5D81E69F-923E-44E4-A95F-00CD4B592FE8}C:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{68C22157-F794-4C8D-A606-89AAF1F5155D}C:\users\dominik\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\dominik\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{A0AF5FCF-9BCA-45FB-A5B0-7752CBD75226}C:\users\dominik\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\dominik\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{D217D82D-A8D2-4D26-B879-175EE15ED419}C:\program files (x86)\tulox\wbuch.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tulox\wbuch.exe | 
"UDP Query User{FEE4FB36-63B1-42B7-928F-7926D6F12B72}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer
"{26A24AE4-039D-4CA4-87B4-2F86417025FF}" = Java 7 Update 25 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{988329F4-A1A1-4D51-803C-EF2725A97627}" = HP Photosmart All-In-One Driver Software 13.0 Rel. 2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 320.49
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.13.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 6.4.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C862EC05-1C15-4327-B15D-C7788D6CFF73}" = Image Resizer Powertoy Clone for Windows (64 bit)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Canon LBP3010/LBP3018/LBP3050" = Canon LBP3010/LBP3018/LBP3050
"CCleaner" = CCleaner
"Creative VF0540" = Creative Live! Cam Video IM/Video Chat (VF0540) (1.01.03.00)
"Defraggler" = Defraggler
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Shop for HP Supplies" = Shop for HP Supplies
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{164965E8-4BB0-4EEB-AFBA-75785A2A2A7F}" = Adobe Fireworks CS5
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{237D22A1-D762-41EC-8F8F-5B0B4DF74BB2}" = Litora in fenestris
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}" = NVIDIA PhysX
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3966711E-1F98-4C9F-AE0B-6AD28137FE64}" = Multiple Image Resizer .NET 4
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3C611968-5C43-494A-813E-A0A42CAE7575}" = SlimDrivers
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64BE88A6-798A-075D-80CF-CC970E912C85}" = Biologie heute CD
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{685B0843-6C8D-4E42-B60D-2B86B45526E0}" = PS_AIO_02_Software_Min
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140011-0061-0407-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94F8D42D-BB31-4858-9705-7D756D8D9655}" = PS_AIO_02_Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A51F5414-4A2B-45A0-8EF2-B4D29CFBCAE7}" = Deutsche Post E-Porto
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AC76BA86-7AD7-2447-0000-A00000000003}" = Chinese Simplified Fonts Support For Adobe Reader X
"{AC76D478-1033-0000-3478-000000000004}" = Mathcad PDSi viewable support
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B4B2096B-B13E-408E-8985-BD07463D5487}" = PS_AIO_02_ProductContext
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BA833BEB-5D9C-4CCD-B070-382F24BD624D}" = Chemie heute SII interaktiv
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{c600ab3d-8b64-41df-bf36-b3d87ce0706b}" = C7200_Help
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{D90C9981-0B1C-4836-8275-C173047FCF47}" = EAR 17
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EE5926BD-9590-48A3-AB1E-C1C49575823D}" = C7200
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Akamai" = Akamai NetSession Interface Service
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Arclab Web Form Builder_is1" = Arclab Web Form Builder
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.schroedel.bioheuteeinleger" = Biologie heute CD
"Diablo III" = Diablo III
"Digital Editions" = Adobe Digital Editions
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"ElsterFormular 13.1.1.8479u" = ElsterFormular
"FileZilla Client" = FileZilla Client 3.7.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.2.419
"GSiteCrawler" = GSiteCrawler
"Inkscape" = Inkscape 0.48.3.1
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Mathcad PDSi viewable support" = Mathcad PDSi viewable support
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"Mozilla Thunderbird 17.0.7 (x86 de)" = Mozilla Thunderbird 17.0.7 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Multiple Image Resizer .NET 4" = Multiple Image Resizer .NET 4
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PDF/X-3 Inspector (Freeware)" = PDF/X-3 Inspector (Freeware)
"Picasa 3" = Picasa 3
"Plus-HD-2.3" = Plus-HD-2.3
"Rechnung4" = Softwarenetz Rechnung4
"S2TNG" = Die Siedler II - Die nächste Generation
"Samsung CLP-320 Series" = Wartung Samsung CLP-320 Series
"StarCraft II" = StarCraft II
"Steam App 218" = Source SDK Base 2007
"Steam App 40390" = Risen 2 - Dark Waters
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TeamViewer 8" = TeamViewer 8
"TomTom HOME" = TomTom HOME 2.8.1.2218
"tulox" = tulox
"Vocup_is1" = Vocup 1.4.3
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3958744611-970375325-1774594619-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 24.07.2013 10:50:26 | Computer Name = Pandorum | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 24.07.2013 10:50:26 | Computer Name = Pandorum | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
 
< End of report >
         

Geändert von herpedia (24.07.2013 um 15:53 Uhr)

Alt 25.07.2013, 02:48   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Instant Savings im Browser (bei FB, ebay ...) - Standard

Instant Savings im Browser (bei FB, ebay ...)



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
[2012.10.03 14:09:19 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012.09.06 20:57:43 | 000,000,051 | ---- | C] () -- C:\ProgramData\zcbxuurjfzwsbad
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.07.2013, 08:58   #13
herpedia
 
Instant Savings im Browser (bei FB, ebay ...) - Standard

Instant Savings im Browser (bei FB, ebay ...)



Hätte ich das Antivir auch deaktivieren müssen?! Ich glaube, der Zugriff auf die "Host Files" wurde verweigert...

Code:
ATTFilter
All processes killed
========== OTL ==========
C:\Windows\SysWOW64\shortcut_ex.dat moved successfully.
C:\ProgramData\zcbxuurjfzwsbad moved successfully.
ADS C:\Windows:nlsPreferences deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Dominik\Desktop\cmd.bat deleted successfully.
C:\Users\Dominik\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Dominik
->Temp folder emptied: 8181853 bytes
->Temporary Internet Files folder emptied: 1663237 bytes
->Java cache emptied: 3113812 bytes
->FireFox cache emptied: 221715283 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 179430 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 401408 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 171255 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42310825 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 265,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
 
OTL by OldTimer - Version 3.2.69.0 log created on 07252013_095312

Files\Folders moved on Reboot...
C:\Users\Dominik\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 25.07.2013, 16:46   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Instant Savings im Browser (bei FB, ebay ...) - Standard

Instant Savings im Browser (bei FB, ebay ...)



Sollte schon so ok sein...
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.07.2013, 15:08   #15
herpedia
 
Instant Savings im Browser (bei FB, ebay ...) - Standard

Instant Savings im Browser (bei FB, ebay ...)



Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.26.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Dominik :: PANDORUM [Administrator]

26.07.2013 10:47:12
mbam-log-2013-07-26 (10-47-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 443991
Laufzeit: 1 Stunde(n), 43 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f0432cd26b545c43a0ab9a81fdf33bdc
# engine=14536
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-26 12:57:57
# local_time=2013-07-26 02:57:57 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 16163 240263167 8947 0
# compatibility_mode=5893 16776573 100 94 16178 126473327 0 0
# scanned=415985
# found=2
# cleaned=0
# scan_time=8301
sh=E5E10CDD4AAB404B069D660B4E3CCED225EDB9B7 ft=0 fh=0000000000000000 vn="HTML/Ransom.B trojan" ac=I fn="C:\ProgramData\cslsvnjwjqplcvh\main.html"
sh=E5E10CDD4AAB404B069D660B4E3CCED225EDB9B7 ft=0 fh=0000000000000000 vn="HTML/Ransom.B trojan" ac=I fn="C:\Users\All Users\cslsvnjwjqplcvh\main.html"
         

Antwort

Themen zu Instant Savings im Browser (bei FB, ebay ...)
addons, applaus, browser, ccsetup, deinstalliere, deinstallieren, ebay, facebook, farbar, farbar recovery scan tool, fotogalerie, hallo zusammen, hilfe, hilfe!, instant, instant savings, launch, msiinstaller, nervt, programme, savings, spotify web helper, tagen, tauchen, torntv.com, visual studio, zusammen



Ähnliche Themen: Instant Savings im Browser (bei FB, ebay ...)


  1. Windows 7: ebay.de & ebay.com werden unerwünschte Werbung umgeleitet.
    Plagegeister aller Art und deren Bekämpfung - 29.08.2015 (13)
  2. Win 7 (64): Links im Browser unterstrichen; eDeals, SlamDunk Savings u.v.m.
    Plagegeister aller Art und deren Bekämpfung - 07.11.2014 (26)
  3. Win7: Instant Savings Virus
    Log-Analyse und Auswertung - 24.10.2013 (7)
  4. Instant Savings Werbung und hohe CPU Auslastung
    Plagegeister aller Art und deren Bekämpfung - 30.09.2013 (12)
  5. Instant Savings - überall Werbung
    Plagegeister aller Art und deren Bekämpfung - 01.09.2013 (5)
  6. Instant Savings in Firefox - Flashplayer Plugin
    Log-Analyse und Auswertung - 19.08.2013 (32)
  7. instant savings Trojaner/Virus
    Log-Analyse und Auswertung - 15.08.2013 (17)
  8. Instant Savings in allen Browsern
    Plagegeister aller Art und deren Bekämpfung - 06.08.2013 (17)
  9. Bitte um Hilfe beim entfernen von Instant Savings
    Plagegeister aller Art und deren Bekämpfung - 25.07.2013 (15)
  10. Browser stürzen ab, nur ebay.de klappt nicht
    Plagegeister aller Art und deren Bekämpfung - 23.07.2013 (1)
  11. Instant Savings auf den Internetseiten
    Plagegeister aller Art und deren Bekämpfung - 21.07.2013 (13)
  12. Instant Savings auf Facebook google und co
    Plagegeister aller Art und deren Bekämpfung - 15.07.2013 (13)
  13. Instant Savings auf Facebook, Ebay und CO.
    Plagegeister aller Art und deren Bekämpfung - 03.07.2013 (17)
  14. Click Compare, Instant Savings etc. Probleme bei Firefox
    Plagegeister aller Art und deren Bekämpfung - 19.06.2013 (5)
  15. Browser öffnet immer ebay, Neuer Tag immer Babylon
    Log-Analyse und Auswertung - 26.09.2012 (1)
  16. ebay wird von Geisterhand im Browser geöffnet. Link ruft sich alleine selbständig auf
    Plagegeister aller Art und deren Bekämpfung - 31.12.2009 (7)
  17. Ports der Instant Messager (IM)???
    Netzwerk und Hardware - 09.03.2005 (4)

Zum Thema Instant Savings im Browser (bei FB, ebay ...) - Hallo zusammen, seit ein paar Tagen nervt mich dieses "Instant Savings" auf Facebook, Ebay usw... Überall tauchen die Werbeflächen auf, sogar im Text. Wie kann ich diesen Mist wieder los - Instant Savings im Browser (bei FB, ebay ...)...
Archiv
Du betrachtest: Instant Savings im Browser (bei FB, ebay ...) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.